On October 7, 2022, Toyota Motor Corporation made an announcement that the personal information of approximately 296,000 consumers had been compromised.
The Toyota T-Connect system enables owners of Toyota automobiles to link their cell phones to their vehicles. By doing so, users can monitor the status of their engines, listen to music, navigate, and track fuel consumption.
Recently, Toyota discovered that a source code section was published on GitHub. Included in the source code were access keys to the T-Connect data server.
Anyone possessing these keys could gain access to the T-Connect data server. The data server stores customers’ email addresses when they register through the T-connect application. Due to this, unauthorized third parties could access the records of customers between December 2017 and September 2022.
The database keys were updated on September 17, 2022, to prevent any other unauthorized access.
The compromised information did not include the consumers’ personal information, such as their names, credit card numbers, or phone numbers.
In addition, Toyota issued an apology for any inconvenience caused by the improper handling of customer information and stated that a subcontractor was responsible for the mistake.
There are no indications that data has been misused. However, the Japanese automobile manufacturer cannot rule out the possibility of the information being accessed and stolen.
T-Connect users enrolled between July 2017 and September 2022 are cautioned to avoid accepting email attachments from unknown senders. Threat actors may attempt to commit phishing attacks by posing as Toyota officials.
On October 18, 2022, Firefox 106 Stable and Firefox 102.4 ESR were released to the public.
New features
A new Colorways theme, Firefox view, PDF editing, text recognition, and extraction on macOS are all included in the most recent Firefox Stable release.
While Firefox 106 introduces several brand-new features, the version also resolves security concerns. Mozilla corrected six unique vulnerabilities in Firefox 106 and four vulnerabilities in Firefox 102.4 ESR.
Firefox view
One of the most notable new features is Firefox view. The accessibility of previously opened tabs in the web browser is improved with Firefox view. However, Firefox view also enables users to access tabs from desktop or Android Firefox browsers. This distinct feature will allow users to switch between devices, making it a more convenient browsing experience. Firefox View has three sections: Tab pickup, Recently closed, and Independent voices. However, if consumers are not interested in Firefox View, it is simple to disable it. Users can right-click the Firefox symbol in the browser’s upper left corner and select “Remove from Toolbar.”
Tab Pickup
A Firefox account is necessary to use the tab pickup function. Mozilla uses Firefox Sync to display recently visited pages on other devices within this section. The title, favicon, URL, time stamp, and name of the device the user used to view the tab are all displayed. Additionally, a context menu is visible by right-clicking on a tab. This capability also imports tabs from previous versions of Firefox on the same device. This unique feature allows users to pick up where they left off reading from their phone, tablet, or computer.
Recently Closed
The recently closed section displays the most recent tabs that have been closed in the current window. Details about the closed tab are shown here, such as its title, URL, favicon, and timestamp. Unfortunately, there is no ability to conceal specific closed tabs. However, the arrow button allows you to collapse the recently closed tabs section.
Users can also recover closed tabs by left-clicking. This functionality is helpful if users mistakenly close a tab. However, because recently closed tabs are not synced between devices, Firefox will only show the tabs that were closed in the current browser. Therefore, when users close a tab and exit the browser, the tab is not recoverable through the recently closed section.
Colorways
Firefox users can alter themes, set intensity, and apply themes with one click by enabling Colorways to provide a customizable browsing experience. There are eighteen new themes currently available through January 16, 2023.
PDF Viewer
Firefox’s built-in PDF viewer supports basic PDF editing with version 106 Stable. In addition, the integrated options allow users to write, draw, and add signatures to PDF documents opened in Firefox.
Features for macOS
Users of macOS 10.15 (Catalina) or later can benefit from text recognition and extraction. Unfortunately, the feature currently only supports English on macOS 10.15. However, macOS 11.0 (Big Sur) or later support a more comprehensive range of languages. Users can right-click the image and select “Copy Text from Image.”
Following the text recognition prompt, a modal box with a loading animation will analyze the text in the image and automatically copy the text. Additionally, VoiceOver is also compatible with text recognition.
Developers
In the 106 release, Mozilla made sure to include improvements for developers.
Developers can expect several new features, including improvements to the WebRTC platform and manifest key properties. In addition, the upgrade improves screen sharing on Windows and Linux Wayland, lowers CPU usage, and increases macOS screen capture FPS.
Update
Most versions of Firefox will update automatically. However, users can see what version of Firefox they are using by going to the menu and selecting Help > About Firefox and manually upgrade. As of right now, the release date for Firefox 107 Stable is November 11, 2022.
Overall, Firefox 106 adds a slew of new features and enhancements for all users. Whether you’re a casual user or a developer, this update has something for everyone. Check out all of the new features that Firefox has to offer.
In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month.
As detailed in the notification addressed to those impacted by the data breach, an attacker infiltrated the city’s network and exfiltrated a large number of sensitive files.
Between May 17 and May 31, the threat actors obtained access to the network and stole essential documents containing the personal information of over 123,000 people.
The data breach notification states, “On May 29, 2022, the City learned of suspicious behavior using a user’s network account credentials.” Additionally, “On August 4, 2022, the City discovered that certain files may have been copied and removed from its network.”
The city disclosed in a separate notice, “On September 12, this review concluded, and the review determined that the information at issue included certain personal information.”
The city began contacting potentially affected individuals on September 23, informing them that the attackers may have gained access to their names and Social Security numbers, among the sensitive personal information exposed during the incident.
The notification letters issued to the affected individuals also stated that, at the moment, there’s no proof of personal data being used for fraudulent activities.
Affected individuals are encouraged to monitor their credit reports for any unusual activities that may point to identity theft or fraud using their personal information.
For those affected, the city is giving free credit monitoring and identity protection services from Experian for an entire year, as well as advice on how to avoid being a victim of identity theft.
The city is committed to protecting residents’ personal information as it continues to review its existing policies and procedures regarding cybersecurity and evaluate additional measures and safeguards to protect against this type of event.
Lyft is now launching autonomous robotaxi trips in Austin, Texas. Argo AI will power Ford’s autonomous driving vehicles.
According to a blog post by the company, Austin users can choose a driverless commute directly from the Lyft app for the same price as a regular Lyft ride. Customers can start the ride, unlock the doors, and get in touch with customer service via the app. At first, that might seem strange, especially considering that two people in the driver’s and passenger’s seats will monitor the journey for safety.
After Miami and Las Vegas, Austin is the third city where Lyft offers autonomous rides. In December 2021, the company started providing rides in Miami. As part of a partnership between the three businesses announced in July 2021, these rides also utilize Argo AI technology on Ford automobiles.
The announcement by Lyft and Argo of a launch in Austin was anticipated; the two companies, along with Ford, had previously announced a plan to introduce at least 1,000 autonomous vehicles on Lyft’s network over the course of five years, beginning in Austin and Miami. However, the launch moved faster since leading rival Cruise announced intentions to introduce its autonomous transportation service in Austin before the year.
Lyft and Argo have generally avoided Cruise’s home city of San Francisco, where rivals like Waymo and Zoox have concentrated their resources, and Cruise debuted a fully autonomous commercial ride-hailing service this summer. Instead, the businesses have focussed on other American cities with less rivalry.
In Las Vegas, Lyft and Motional also unveiled a fleet of fully electric robotaxis. In addition, Argo is conducting live tests in seven locations worldwide, including Hamburg, Germany, Washington, D.C., Pittsburgh, Detroit, and Palo Alto.
During the launch, two people in the driver’s and passenger’s seats will monitor the journey for safety on behalf of the company.
According to Lyft, removing the driver would depend on safety performance statistics, an appropriate amount of public approval, and regulations.
After a source code leak was posted by an unidentified third party on 4chan and GitHub last week, the technology giant Intel has confirmed that confidential source code related to its Alder Lake CPUs has been leaked.
The disclosed information comprises UEFI (Unified Extensible Firmware Interface) code for the company’s 12th-generation CPUs that were released in November 2021.
It is believed that the leaked data also contained multiple references to Lenovo, including code used for integration with Lenovo String Service, Lenovo Cloud Service, and Lenovo Secure Suite.
According to Intel, the source code is genuine and is their “exclusive UEFI code.” Furthermore, the technology giant stated that it doesn’t believe this exposes any new security vulnerabilities as it does not rely on the obfuscation of information as a security measure.
Sources from Hardened Vault noted that attackers can still gain significantly from the breaches even if the disclosed OEM implementation is only partially deployed in production.
According to other sources, a private encryption key called KeyManifest, which is used to protect Intel’s Boot Guard platform, was also exposed in the breach.
It is unknown whether or not the compromised private key is used in production. Still, if it is, it might allow hackers to alter the boot policy of Intel’s firmware and bypass the company’s hardware-level security measures.
Despite the fact that the source of the leak remains unknown, it’s clear that sensitive information about Intel’s Alder Lake CPUs has been exposed. This breach might allow attackers to exploit security measures put in place by Intel. If you have discovered a vulnerability in the source code, you can report it to Intel’s Project Circuit Breaker bug reward program. Depending on the severity of the issue, you could be eligible for a reward of up to $100,000.
