Security News

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The STAR Labs team demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

A US federal jury in Boston on Tuesday found Vladislav Klyushin - who owned an IT biz based in Moscow called M-13 - guilty of wire and securities fraud and conspiracy after two weeks of testimony and ten hours of deliberations. Prosecutors in the case argued that Klyushin and four others broke into the networks of Donnelley Financial Solutions and Toppan Merrill, through which publicly traded entities electronically file their quarterly earnings reports with America's financial watchdog, the Securities and Exchange Commission.

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan. Sold on the dark web for €189 a month, Quantum Builder is a customizable tool for generating malicious shortcut files as well as HTA, ISO, and PowerShell payloads to deliver next-stage malware on the targeted machines, in this case Agent Tesla.

Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you're in the grocery store, intercepting your key's transmitted signal with a radio transceiver.

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan known as Agent Tesla. A.NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted systems and beacon sensitive information to an actor-controlled domain.

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. "The authorization given in the 130-second interval is too general [it's] not only for drive," Herfurt said in an online interview.

Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack. Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC's to relay the Bluetooth Low Energy signal from a smartphone that has been paired with a Tesla back to the vehicle.

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y. Pushing out fixes for this security problem is complicated, and even if the response is immediate and coordinated, it would still take a long time for the updates to trickle to impacted products.

Cybellum had the pleasure of interviewing David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. So how did David Colombo, at the tender age of 19, hack into ultra-high tech Tesla cars?

Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning. While Delta's statement did not say who was behind the attack, an undisclosed information security company found a Conti ransomware sample deployed on the company's network, as CTWANT first reported.