Security News

The future of automotive cybersecurity: Treating vehicles as endpoints
2024-09-05 04:30

The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some distinct ones. In this...

Sonic Automotive says ransomware-linked CDK software outage cost it $30M
2024-08-06 16:42

One of the US's largest car dealerships says the IT outage caused by CDK Global's June ransomware attack cost it approximately $30 million. Sonic Automotive filed a Form 8-K with the Securities and Exchange Commission on Monday alongside the release of its quarterly financials, confirming that like its rivals, it too was materially affected by the incident at CDK. Of the total $30 million drop in pre-tax GAAP income, $11.6 million of that related to additional compensation paid to staff, and possibly external contractors, who helped to handle the outage, it said.

Why the automotive sector is a target for email-based cyber attacks
2024-04-30 04:00

While every organization across every vertical is at risk of advanced email attacks, certain industries periodically become the go-to target for threat actors. In this Help Net Security video, Mick Leach, Field CISO at Abnormal Security, discusses why the automotive industry is the new most popular target for business email compromise and vendor email compromise attacks.

Steel giant ThyssenKrupp confirms cyberattack on automotive division
2024-02-26 17:03

Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion.

Tesla hacks make big bank at Pwn2Own's first automotive-focused event
2024-01-29 01:29

Five $60,000 bounties - the second-highest monetary awards behind Synacktiv's $100k Tesla hacks - were awarded for attacks on EV chargers manufactured by Emporia, ChargePoint, Ubiquiti, Phoenix and JuiceBox. Three attacks against Automotive Grade Linux were also attempted, with only one succeeding.

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
2024-01-26 12:32

The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.After a zero-day vulnerability is exploited and reported to vendors during Pwn2Own, they have 90 days to release security patches before Trend Micro's Zero Day Initiative discloses it publicly.

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
2024-01-24 13:36

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production
2024-01-09 15:45

Researchers have discovered over two dozen vulnerabilities in "Smart" cordless nutrunners manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. The device supports a number of communication protocols that are used to integrate it with SCADA systems, PLCs, or other production devices.

Eagers Automotive halts trading in response to cyberattack
2023-12-28 20:31

Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. Eagers Automotive is the largest operator of car dealerships in Australia and New Zealand, with over 300 selling points for brands such as Toyota, BMW, Nissan, Mercedes-Benz, Audi, Ford, VW, and Honda.

Supply chain emerges as major vector in escalating automotive cyberattacks
2023-12-20 05:00

In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities.