SecurityWeek
Nissan Data Breach Impacts 53,000 Employees
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
SecurityWeek
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
CyberNews
Google is reminding Waze users to stay centered and try meditative driving with its Headspace feature.
Bleeping Computer
In our increasingly mobile world, you shouldn't be chained to a power port. The 25,000mAh capacity power bank keeps you going for $199.97, $119 off the $319 MSRP.
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
SecurityWeek
UK cybersecurity firm Darktace agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 million in cash.
Cyber Security News
Volkswagen, one of the world's leading automotive manufacturers, has fallen victim to a sophisticated hacking operation in a significant cybersecurity breach.
DarkReading
As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.
SecurityWeek
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.
Cyber Security News
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others. C2A Security’s DevSecOps Platform, ‘EVSec’, has gained widespread traction as the automotive industry strives to meet cybersecurity regulations and industry standards, […]
Latest Hacking News
In 2023 alone, more than 10 customers and partners signed commercial agreements with C2A Security, including a global, long term enterprise agreement with an European Commercial Vehicle Manufacturer C2A Security’s DevSecOps Platform, ‘EVSec’, has been gaining
SecurityWeek
Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024.
SecurityWeek
Participants earned $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.
SecurityWeek
Nissan is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by the Akira cybercrime group.
HACKRead
Jeremiah Fowler identified the data as belonging to Qmerit, a Texas firm specializing in EV charging infrastructure installation and maintenance.
CyberNews
A new White House investigation will determine if Chinese vehicle imports and connected car technologies pose a threat to national security and need to be restricted.
SecurityWeek
The US Government will investigate Chinese-made “smart cars” over security concerns that China could gather sensitive information about American drivers
SecurityWeek
Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers.
Trend Micro
Trend and other private entities recently contributed to INTERPOL’s Operation Synergia, a global operation that successfully took down over 1,000 C&C servers and identified suspects related to phishing, banking malware, and ransomware activity.
CyberNews
A federal judge dismissed an investor lawsuit accusing Apple of overpaying Chief Executive Tim Cook and four other top executives by tens of millions of dollars.
CyberNews
US regulators upgraded a probe into Tesla's EV power steering system after thousands of drivers reported losing the ability to control their vehicle's steering wheel.
Security Affairs
Bug bounty hunters earned more than $1.3 million for hacking Teslas, infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive competition.
HACKRead
Pwn2Own Automotive 2024, a 3-day contest, saw competitors earn $1,323,750 for hacking Tesla and discovering 49 zero-day bugs in EV systems.
Cyber Security News
On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days.
Bleeping Computer
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
SecurityWeek
Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive.
DarkReading
Hacking teams pick apart electrical vehicles (EVs), exposing them for what they are: safety-critical computers without commensurate security.
Cyber Security News
At Pwn2Own Automotive 2024 Day 2, researchers were given over $1 million in rewards for exploiting Tesla info and much more.
Bleeping Computer
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.
HACKRead
Bug Bounty Bonanza: Hackers Rake in Millions as Connected Cars Show Security Cracks at Pwn2Own Automotive 2024.
SecurityWeek
Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks.
Infosecurity News
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
SecurityWeek
On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems.
Cyber Security News
Pwn2Own 2024 Automotive is a unique event aimed at identifying and fixing flaws in connected automotive technologies.
Bleeping Computer
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
The Hacker News
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ev
CyberNews
Musk wants to have 25% voting control at Tesla.
Bleeping Computer
Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users.
Security Affairs
Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner.
Cyber Security News
Trend Micro Managed XDR team has uncovered a malevolent symphony echoing the tactics employed by the infamous Genesis Market.
Trend Micro
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
The Record
More than 100 of the world’s most respected cybersecurity experts have written to European Union lawmakers to warn that a proposed legal reform that may soon become law could fundamentally undermine security online.
DarkReading
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
SecurityWeek
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
The Hacker News
Cybercriminals behind RedLine and Vidar info-stealers have shifted their focus towards ransomware, employing phishing campaigns.
DarkReading
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
Trend Micro
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
SecurityWeek
Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate.
Cyber Security News
Critical flaws, exploits, and recent techniques for attacking have all been highlighted. We also offer the most latest software upgrades to keep your devices safe.
Ars Technica
What's the point of locks when hackers can easily get the keys to unlock them?
Cyber Security News
Recently, Tesla reported a data breach that exposed more than 75,000 users' information. It's the result of an "insider wrongdoing."
Cyber Security News
The protocols SSL (Secure Sockets Layer) and TLS (Transport Layer Security), are used to create connections between networked computers.
Bleeping Computer
Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy loophole.
Cyber Security News
Reports indicate that there are over 130,000 PV monitoring and diagnostic systems exposed over the internet, which is a wide attacking surface for threat actors.
Security Affairs
Resecurity identified one of the largest investment fraud networks, tracked as Digital Smoke, by size and volume of operations. Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, […]
Cyber Security News
Recently, two new security weaknesses have been discovered in several electric vehicle (EV) charging systems. These weaknesses have raised concerns as they could be exploited by malicious actors to remotely shut down charging stations.
The Hacker News
Attention all electric vehicle owners! Your charging station could be at risk of data theft and remote shutdown due to two newly disclosed security vu
DataBreaches
In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to...
Cyber Security News
The digital certificates are an electronic credential that binds the identity to the owner of the certificate which can also pair the electronic encryption keys that can be public and private.
Cyber Security News
SSL Stats: SSL certificates are no longer considered a necessity only for large companies. Every website across industries need it.
ZDNet
Attackers abused Microsoft's Windows Hardware Developer Program to get malware signed off.
Cyber Security News
Following a series of cyberattacks, including ransomware attacks, Microsoft recently revoked several Microsoft hardware developer accounts.
Bleeping Computer
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.
Ars Technica
Code-signing is supposed to make people safer. In this case, it made them less so.
The Hacker News
Researchers have discovered a security vulnerability in SiriusXM services that allows remote hacking of connected cars from Honda, Nissan, Infiniti an
CSO
The spear phishing group has revised its tactics and is employing more sophisticated techniques and tactics based on what appears to be extensive research into Facebook business and ads management accounts.
SecurityWeek
The Ducktail information stealer has been updated with new capabilities and has adopted new spear-phishing avenues for distribution, such as WhatsApp.
DataBreaches
In December 2020, DataBreaches reported on a hacking incident involving Dental Care Alliance, a business associate to hundreds of dental practices. ...
Ars Technica
EV chargers are on the spectrum of the Internet of Things, and that means risk.
Ars Technica
Despite a significant Achilles' heel, mixers are seeing unprecedented demand.
ZDNet
Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer. This week: What's the downside of disk encryption? Plus: Do you really need an expensive charger for your electric vehicle, and what's the best way to archive email?
SecurityWeek
Infrastructure access management firm Teleport has raised $110 million in a Series C funding round led by Bessemer Venture Partners, which brings the total raised to $169.2 million and values the firm at $1.1 billion.
Ars Technica
An extra $200,000 on a new Hummer or $20,000 on an EV6—these are terrible deals.
Infosecurity News
Screens on charge points in Isle of Wight council car parks hacked to show explicit content
ThreatPost
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
CSO
Researchers have already found example of malicious files signed with the stolen certificates.
Cyber Security News
The Singaporean security firm CloudSEK has recently identified a large-scale campaign, involving over 200 phishing and scam sites. The operators of these sites have tricked users to steal their personal information.
Infosecurity News
US SMB owners expand fleets with electric vehicles despite security misgivings
Bleeping Computer
A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.
CSO
Some in the cybersecurity community say actions on behalf of Ukraine help even the odds, while others warn that unauthorized hacking could interfere with government cyber operations.
Trend Micro
In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
Bleeping Computer
Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers.