SecurityWeek
Nissan Data Breach Impacts 53,000 Employees
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
CyberNews
Google's Waze calling for calm while driving
Google is reminding Waze users to stay centered and try meditative driving with its Headspace feature.
Bleeping Computer
Charge up to six devices anywhere with $119 off the Flash Pro Plus
In our increasingly mobile world, you shouldn't be chained to a power port. The 25,000mAh capacity power bank keeps you going for $199.97, $119 off the $319 MSRP.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
SecurityWeek
Darktrace to be Taken Private in $5.3 Billion Sale to Thoma Bravo
UK cybersecurity firm Darktace agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 million in cash.
Cyber Security News
Volkswagen Hacked - Hackers Stolen 19,000 Documents From VW Server
Volkswagen, one of the world's leading automotive manufacturers, has fallen victim to a sophisticated hacking operation in a significant cybersecurity breach.
DarkReading
EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities
As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.
SecurityWeek
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.
.png)
Cyber Security News
C2A Security's EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others. C2A Security’s DevSecOps Platform, ‘EVSec’, has gained widespread traction as the automotive industry strives to meet cybersecurity regulations and industry standards, […]
Latest Hacking News
C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements
In 2023 alone, more than 10 customers and partners signed commercial agreements with C2A Security, including a global, long term enterprise agreement with an European Commercial Vehicle Manufacturer C2A Security’s DevSecOps Platform, ‘EVSec’, has been gaining
SecurityWeek
Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024
Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024.
SecurityWeek
$200,000 Awarded at Pwn2Own 2024 for Tesla Hack
Participants earned $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.
SecurityWeek
Nissan Data Breach Affects 100,000 Individuals
Nissan is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by the Akira cybercrime group.
HACKRead
Leading EV Charging Firm Spills Trove of Customer Info in Server Leak
Jeremiah Fowler identified the data as belonging to Qmerit, a Texas firm specializing in EV charging infrastructure installation and maintenance.
CyberNews
Chinese-made cars may pose national security risk, US launches probe
A new White House investigation will determine if Chinese vehicle imports and connected car technologies pose a threat to national security and need to be restricted.
SecurityWeek
Biden Administration Will Investigate National Security Risks Posed by Chinese-Made ‘Smart Cars’
The US Government will investigate Chinese-made “smart cars” over security concerns that China could gather sensitive information about American drivers
SecurityWeek
Researchers Devise 'VoltSchemer' Attacks Targeting Wireless Chargers
Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers.
Trend Micro
Trend Micro and INTERPOL Join Forces Again for Operation Synergia
Trend and other private entities recently contributed to INTERPOL’s Operation Synergia, a global operation that successfully took down over 1,000 C&C servers and identified suspects related to phishing, banking malware, and ransomware activity.
CyberNews
Apple CEO Tim Cook was not overpaid, judge rules
A federal judge dismissed an investor lawsuit accusing Apple of overpaying Chief Executive Tim Cook and four other top executives by tens of millions of dollars.
CyberNews
Another recall for Tesla could be in the works
US regulators upgraded a probe into Tesla's EV power steering system after thousands of drivers reported losing the ability to control their vehicle's steering wheel.
Security Affairs
Participants earned +$1.3M at Pwn2Own Automotive competition
Bug bounty hunters earned more than $1.3 million for hacking Teslas, infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive competition.
HACKRead
Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive
Pwn2Own Automotive 2024, a 3-day contest, saw competitors earn $1,323,750 for hacking Tesla and discovering 49 zero-day bugs in EV systems.
Cyber Security News
49 Unique Zero-days Uncovered in Pwn2Own Automotive
On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days.
Bleeping Computer
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
SecurityWeek
Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive.
DarkReading
Pwn2Own 2024: Tesla Hacks, Dozens of Zero-Days in Electrical Vehicles
Hacking teams pick apart electrical vehicles (EVs), exposing them for what they are: safety-critical computers without commensurate security.
Cyber Security News
Researchers Awarded Over $1 Million in Pwn2Own Hacking Competition
At Pwn2Own Automotive 2024 Day 2, researchers were given over $1 million in rewards for exploiting Tesla info and much more.
Bleeping Computer
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.
HACKRead
Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One
Bug Bounty Bonanza: Hackers Rake in Millions as Connected Cars Show Security Cracks at Pwn2Own Automotive 2024.
SecurityWeek
Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive
Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks.
Infosecurity News
Pwn2Own Competition Unearths Dozens of Zero-Day Vulnerabilities
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
SecurityWeek
Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits
On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems.
Cyber Security News
Researchers Exploited Tesla Modem, Sony & Alpine Players in Pwn2Own Automotive
Pwn2Own 2024 Automotive is a unique event aimed at identifying and fixing flaws in connected automotive technologies.
Bleeping Computer
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
The Hacker News
Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ev
CyberNews
Musk wants 25% voting control at Tesla before fulfilling AI goal
Musk wants to have 25% voting control at Tesla.
Bleeping Computer
EasyPark discloses data breach that may impact millions of users
Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users.
Security Affairs
Experts analyzed attacks against poorly managed Linux SSH servers
Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner.
Cyber Security News
Genesis Market Technique: Hackers Exploited Node.js and EV Certificates
Trend Micro Managed XDR team has uncovered a malevolent symphony echoing the tactics employed by the infamous Genesis Market.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
The Record
EU urged to drop new law that could allow member states to intercept and decrypt global web traffic
More than 100 of the world’s most respected cybersecurity experts have written to European Union lawmakers to warn that a proposed legal reform that may soon become law could fundamentally undermine security online.
DarkReading
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
SecurityWeek
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
The Hacker News
Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads
Cybercriminals behind RedLine and Vidar info-stealers have shifted their focus towards ransomware, employing phishing campaigns.
DarkReading
Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
Trend Micro
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
SecurityWeek
Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap
Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate.
Cyber Security News
Threat and Vulnerability Roundup for the week of August 20th to 26th
Critical flaws, exploits, and recent techniques for attacking have all been highlighted. We also offer the most latest software upgrades to keep your devices safe.
Ars Technica
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors
What's the point of locks when hackers can easily get the keys to unlock them?
Cyber Security News
Tesla Data Breach - 75,000+ Users Information Details Exposed
Recently, Tesla reported a data breach that exposed more than 75,000 users' information. It's the result of an "insider wrongdoing."
Cyber Security News
What is SSL and Why it is Important?
The protocols SSL (Secure Sockets Layer) and TLS (Transport Layer Security), are used to create connections between networked computers.
Bleeping Computer
Hackers exploit Windows policy to load malicious kernel drivers
Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy loophole.
Cyber Security News
Over 130,000 Solar Panel Installations Exposed Online
Reports indicate that there are over 130,000 PV monitoring and diagnostic systems exposed over the internet, which is a wide attacking surface for threat actors.
Security Affairs
Resecurity identified the investment scam network ‘Digital Smoke’
Resecurity identified one of the largest investment fraud networks, tracked as Digital Smoke, by size and volume of operations. Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, […]
Cyber Security News
EV Charge Points Hijack - Multiple Vulnerabilities Uncovered
Recently, two new security weaknesses have been discovered in several electric vehicle (EV) charging systems. These weaknesses have raised concerns as they could be exploited by malicious actors to remotely shut down charging stations.
The Hacker News
Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered
Attention all electric vehicle owners! Your charging station could be at risk of data theft and remote shutdown due to two newly disclosed security vu
DataBreaches
In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem
In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to...
Cyber Security News
What are Digital Certificates?? How It Stops Hackers From Stealing Sensitive Data
The digital certificates are an electronic credential that binds the identity to the owner of the certificate which can also pair the electronic encryption keys that can be public and private.
Cyber Security News
SSL Stats: Why is an SSL Certificate So Important for Your Website?
SSL Stats: SSL certificates are no longer considered a necessity only for large companies. Every website across industries need it.
ZDNet
These hackers used Microsoft-signed malicious drivers to further their ransomware attacks
Attackers abused Microsoft's Windows Hardware Developer Program to get malware signed off.
Cyber Security News
Hackers Using Microsoft-signed Malicious Windows Drivers in Ransomware Attacks
Following a series of cyberattacks, including ransomware attacks, Microsoft recently revoked several Microsoft hardware developer accounts.
Bleeping Computer
Microsoft-signed malicious Windows drivers used in ransomware attacks
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.
Ars Technica
Microsoft digital certificates have once again been abused to sign malware
Code-signing is supposed to make people safer. In this case, it made them less so.
The Hacker News
SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
Researchers have discovered a security vulnerability in SiriusXM services that allows remote hacking of connected cars from Honda, Nissan, Infiniti an
CSO
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back
The spear phishing group has revised its tactics and is employing more sophisticated techniques and tactics based on what appears to be extensive research into Facebook business and ads management accounts.
SecurityWeek
Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding
The Ducktail information stealer has been updated with new capabilities and has adopted new spear-phishing avenues for distribution, such as WhatsApp.
DataBreaches
Dental Care Alliance settles lawsuit stemming from 2020 breach
In December 2020, DataBreaches reported on a hacking incident involving Dental Care Alliance, a business associate to hundreds of dental practices. ...
Ars Technica
How big is the risk that someone will hack an EV charging network?
EV chargers are on the spectrum of the Internet of Things, and that means risk.
Ars Technica
Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why?
Despite a significant Achilles' heel, mixers are seeing unprecedented demand.
ZDNet
Does disk encryption slow down your PC? [Ask ZDNet] | ZDNet
Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer. This week: What's the downside of disk encryption? Plus: Do you really need an expensive charger for your electric vehicle, and what's the best way to archive email?
SecurityWeek
Identity-Based Infrastructure Access Firm Teleport Raises $110 Million
Infrastructure access management firm Teleport has raised $110 million in a Series C funding round led by Bessemer Venture Partners, which brings the total raised to $169.2 million and values the firm at $1.1 billion.
Ars Technica
Dealership markups are getting crazy, so this site is tracking them
An extra $200,000 on a new Hummer or $20,000 on an EV6—these are terrible deals.
Infosecurity News
Electric Vehicle Chargers Hacked to Show Porn
Screens on charge points in Isle of Wight council car parks hacked to show explicit content
ThreatPost
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
CSO
Nvidia hackers release code-signing certificates that malware can abuse
Researchers have already found example of malicious files signed with the stolen certificates.
Cyber Security News
Beware of eBike Phishing Sites that Abuse Google Ads
The Singaporean security firm CloudSEK has recently identified a large-scale campaign, involving over 200 phishing and scam sites. The operators of these sites have tricked users to steal their personal information.
Infosecurity News
HSB Survey Finds EV Security Fears
US SMB owners expand fleets with electric vehicles despite security misgivings
Bleeping Computer
Hundreds of eBike phishing sites abuse Google Ads to push scams
A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.
CSO
Rash of hacktivism incidents accompany Russia’s invasion of Ukraine
Some in the cybersecurity community say actions on behalf of Ukraine help even the odds, while others warn that unauthorized hacking could interfere with government cyber operations.
Trend Micro
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
Bleeping Computer
Windows print nightmare continues with malicious driver packages
Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers.