Security News

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023
2023-03-22 23:53

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The STAR Labs team demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Russian crook made $90M exploiting stolen info on Tesla, Roku, Avnet, Snap, more
2023-02-15 00:58

A US federal jury in Boston on Tuesday found Vladislav Klyushin - who owned an IT biz based in Moscow called M-13 - guilty of wire and securities fraud and conspiracy after two weeks of testimony and ten hours of deliberations. Prosecutors in the case argued that Klyushin and four others broke into the networks of Donnelley Financial Solutions and Toppan Merrill, through which publicly traded entities electronically file their quarterly earnings reports with America's financial watchdog, the Securities and Exchange Commission.

Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware
2022-09-28 12:36

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan. Sold on the dark web for €189 a month, Quantum Builder is a customizable tool for generating malicious shortcut files as well as HTA, ISO, and PowerShell payloads to deliver next-stage malware on the targeted machines, in this case Agent Tesla.

Relay Attack against Teslas
2022-09-15 15:28

Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you're in the grocery store, intercepting your key's transmitted signal with a radio transceiver.

Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware
2022-09-14 08:51

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan known as Agent Tesla. A.NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted systems and beacon sensitive information to an actor-controlled domain.

Hacking Tesla’s Remote Key Cards
2022-06-14 12:19

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. "The authorization given in the 130-second interval is too general [it's] not only for drive," Herfurt said in an online interview.

Pentester pops open Tesla Model 3 using low-cost Bluetooth module
2022-05-17 16:30

Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack. Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC's to relay the Bluetooth Low Energy signal from a smartphone that has been paired with a Tesla back to the vehicle.

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack
2022-05-17 14:30

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y. Pushing out fixes for this security problem is complicated, and even if the response is immediate and coordinated, it would still take a long time for the updates to trickle to impacted products.

David Colombo on Tesla Hacks and Growing into Hacking
2022-04-26 14:00

Cybellum had the pleasure of interviewing David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. So how did David Colombo, at the tender age of 19, hack into ultra-high tech Tesla cars?

Taiwanese Apple and Tesla contractor hit by Conti ransomware
2022-01-27 19:28

Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning. While Delta's statement did not say who was behind the attack, an undisclosed information security company found a Conti ransomware sample deployed on the company's network, as CTWANT first reported.