Security News

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
2024-01-24 13:36

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware
2023-12-21 07:22

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel...

New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
2023-11-21 11:57

A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ...

Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper
2023-09-12 10:01

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and OriginBotnet, to gather a wide range of information from compromised Windows machines. "A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into clicking on it," Fortinet FortiGuard Labs researcher Cara Lin said.

Lawsuit claims Tesla corp data security is far less advanced than its cars
2023-09-07 16:30

An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged leakers, two former employees. As a result of Defendant's inadequate data security and inadequate or negligent training of its employees, on or around May 10, 2023, a foreign media outlet, Handelsblatt, informed Tesla that it had obtained Tesla confidential information.

Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
2023-09-06 13:50

The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. "APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability," NSFOCUS Security Labs said in a report published last week.

Leak of 75k employee records was insiders' fault, claims Tesla
2023-08-21 17:35

The incident, Tesla disclosed in a data breach notification with the state of Maine and accompanying letter [PDF] to those affected, was the fault of two Tesla employees whom it alleged stole the info before sharing it with German business news outlet Handelsblatt. The 100GB of data it received from the leakers, which Handelsblatt has dubbed the "Tesla files," includes an "Abundance" of customer data, and PII for more than 100,000 Tesla employees - including Elon Musk.

Tesla infotainment jailbreak unlocks paid features, extracts secrets
2023-08-06 15:06

Researchers from the Technical University of Berlin have developed a method to jailbreak the AMD-based infotainment systems used in all recent Tesla car models and make it run any software they choose. The hack allows the researchers to extract the unique hardware-bound RSA key that Tesla uses for car authentication in its service network, as well as voltage glitching to activate software-locked features such as seat heating and 'Acceleration Boost' that Tesla car owners normally have to pay for.

Gone in 120 seconds: Tesla Model 3 child's play for hackers
2023-03-27 11:32

In brief A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile's entertainment system, and from there opening up the car's core management systems. In the US, the Office of Inspector General of General Services Administration, issued a redacted report [PDF] earlier this month that found the government agency had misled its customers and other government agencies by telling them that Login.

Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
2023-03-23 23:33

Competitors successfully exploited zero-day bugs in multiple products during the second day of Pwn2Own Vancouver 2023, including the Tesla Model 3, Microsoft's Teams communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating system. Team Viettel hacked also Microsoft Teams via a 2-bug chain to earn $78,000 and Oracle's VirtualBox using a Use-After-Free bug and an uninitialized variable for $40,000.