Month: January 2024

A GitHub token was found in an open-source repository, granting access to a treasure trove of Mercedes-Benz data.

Mercedes-Benz had a glaring vulnerability in an open-source repository that exposed its source code, a treasure trove of valuable, sensitive information, and put the company at risk of regulatory fines. Whether or not anyone managed to exploit the flaw before it was found and plugged, remains to be seen.

Cybersecurity researchers from RedHunt Labs found a GitHub repository belonging to a Mercedes employee in late September 2023.

This repository contained a GitHub token which granted access to the company’s internal GitHub Enterprise Server.

Human error

“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the Internal GitHub Enterprise Server,” RedHunt Labs’ report claims. “The incident laid bare sensitive repositories housing a wealth of intellectual property, and the compromised information included database connection strings, cloud access keys, blueprints, design documents, SSO passwords, API keys, and other critical internal information.”

The researchers suggest that this was a major mishap that could cost the company dearly. By reverse-engineering the source code, other automakers can uncover the secrets of proprietary tech. Hackers can use the same thing to find flaws, both in the vehicles and in the company itself which, consequently, could lead to cyberattacks such as ransomware. 

Finally, if the repositories held sensitive customer data, data protection watchdogs will have their field day, as well.

However, in a statement given to BleepingComputer, Mercedes says that won’t be the case. 

“We can confirm that source code containing an internal access token was published on a public GitHub repository by human error,” the company said. “This token gave access to a certain number of repositories, but not to the entire source code hosted at the Internal GitHub Enterprise Server. We have revoked the respective token and removed the public repository immediately. Customer data was not affected as our current analysis shows.”

More from TechRadar Pro

This devious new ransomware encrypts itself to avoid your antivirusHere’s a list of the best firewalls around todayThese are the best endpoint security tools right now

Read More 

If you loved Sofia Vergara’s true crime drama, Griselda, then Netflix has plenty more guilty pleasures for you to stream.

Griselda, in which Sofia Vergara plays real life Miami drug lord Griselda Blanco, is another big narcotic-themed hit for Netflix. The series only debuted on the streamer on January 25 and it has already become the number most watched show, with 20.6 million views and 113.8 million viewing hours in just one week. 

Viewers clearly can’t get enough of what Netflix is supplying, and with the streamer vying against Apple TV Plus for crime show dominance, there are plenty more crime shows to watch once you’ve finished Griselda. If you’re looking for your next criminal hit, we have rounded up three equally addictive alternatives for you below. 

Narcos / Narcos Mexico

Based on another real life drug lord, Pablo Escobar, and the memoir of a US agent who tried to bring him down, Narcos brought an incredible cast that included Pedro Pascal and Diego Luna as well as the astonishing Wagner Moura, who doesn’t so much play Escobar as inhabit him. You won’t love or even like him – this really isn’t that kind of show, and it’s almost unbearably violent and vicious in places – but in this telling he’s much more than a one-dimensional villain in a series that isn’t afraid to show the drug wars in all their complexity. 

There’s also a spinoff series called Narcos Mexico, which goes back in time from the 90s to the 80s and moves its focus from Colombia to the Guadalajara cartel in Mexico. It features a truly incredible performance from Diego Luna, who takes centre stage as the charismatic and conflicted Miguel Angel. All three seasons are superb, and the third and final season has a well deserved 100% from the critics on Rotten Tomatoes.

Who is Erin Carter?

It’s not as accomplished or as realistic as Narcos but Who Is Erin Carter? features a superb performance by Evin Ahmad as the titular character, a hot mess who needs to clear her name with some serious ass-kicking in modern day Barcelona. Part action thriller and part comedy, the show has had fairly mixed reviews, but the people who like it love it. 

TIME magazine’s Judy Berman loves Ahmad, who “is mesmerizing as an antihero whose experiences make her ideally suited for crime, but who wants to help troubled kids avoid the traps that still ensnare her… Who is Erin Carter? A haunted woman whose dreams and regrets make her a bracing outlier within a genre dominated by interchangeable superheroes and super spies”. 

El Chapo

El Chapo is another true story, this time based on the rise and capture of notorious Mexican drug lord Joaquín “El Chapo” Guzmán. It didn’t get the attention of Narcos when it was released back in 2017, but The Guardian described it well when it called it: “Netflix’s gruesome, gripping answer to The Wire“. It’s very, very violent, often very bleak and like The Wire, isn’t afraid to focus on the politicians who, through incompetence, corruption, malevolence or a mix of those things, help turn criminals into monsters. 

As a bonus fourth recommendation, there’s also the equally thrilling La Reina del Sur, which is based on a novel of the same that was also inspired by real life events. The series tells the story of how Sandra Ávila Beltrán became the leader of a drug cartel across three seasons. 

You might also like

Everything new on Netflix in February 2024Netflix remakes The Wages of Fear into a Fast and Furious spectacleAmerican Nightmare is a Netflix hit – here are 3 more true crime series 

Read More 

Samsung appears to have leaked the incoming Galaxy Fit 3 fitness tracker on one of its own websites.

The Samsung Galaxy Fit 3 has been dropping hints about its arrival since 2022, but a massive new leak (from Samsung itself) suggests that the Fitbit rival is finally close to launching.

A seemingly accidental posting on Samsung’s UAE website (which you can still read in its cached form) was spotted by Samsung Community and Gadgets & Wearables and has revealed pretty much everything about the wearable, which is shaping up to be a big upgrade on its aging predecessor.

The Galaxy Fit 3 will seemingly sit somewhere between a smartwatch and a fitness tracker. One of the biggest upgrades is a larger 1.6-inch AMOLED display (up from 1.1-inch on the Fit 2), measuring 40mm diagonally rather than 27.8mm.

According to the leaked specs, the Fit 3 will also get a more premium aluminum build (rather than polycarbonate), plus other new features including fall detection and a light sensor, which will help adjust the screen according to ambient light. The Fit 3 also promises to have the same IP68 and 5ATM water resistance as before (up to 50m for ten minutes).

The listing also suggests that the Galaxy Fit 3 will inherit a few other features from Samsung’s Galaxy Watch series, including its Sleep Coach and Snore Detection. What you won’t get, compared to the Galaxy Watch 6, is built-in GPS, NFC, a microphone, third-party apps, blood pressure monitoring, or ECG. Like before, it seems the Fit 3 offers exercise tracking from just an optical heart-rate sensor.

One other slight disadvantage of that much-improved screen appears to be a slight reduction in battery life. Samsung’s leaked marketing claims a 13-day battery life for the Fit 3, compared to 15 days for the Fit 2. Still, that’d likely be more than enough for most people, particularly compared to the 40-hour stamina of the Galaxy Watch 6.

Halfway towards the Galaxy Watch 6?

The only things we don’t really know about the Galaxy Fit 3 are its price and release date. Given the extent of these leaks, a February announcement looks likely –although there’s no sign of an official launch yet.

The Galaxy Fit 2 cost only $59 / £39 / AUS$135 when it arrived four years ago, so a price increase is also probably on the cards given the much-improved screen shown in the leaked Samsung listing. 

But if the Fit 3 can land somewhere close to the price of the Fitbit Luxe ($109.95 / £109.99 / AU$199.95), which currently sits top of our guide to the best fitness trackers, it could be a compelling new option for those who find the Samsung Galaxy Watch 6 to be overkill.

In fact, these leaks suggest the Samsung Galaxy Fit 3 could be more of a compact smartwatch than a traditional fitness tracker. The key difference is that you won’t be able to install third-party apps on the Fit 3, but a lot of smartwatch-style features –from GPS to sending texts and playing music – can be overcome by pairing it with your Galaxy smartphone.

If the Fit 3 can overcome the “questionable heart-rate accuracy” we found in its predecessor, it could be a strong new Fitbit rival. Particularly as it’s likely to benefit from the big incoming Samsung Health app update, which was revealed alongside the Samsung Galaxy Ring teaser last month.

You might also like

The best fitness trackers 2024: Get active with these ace wellness devicesI tested the cheapest fitness tracker to see if it could match a top Garmin watchSamsung Galaxy Fit 3: the latest rumors and what we want to see

Read More