Security News

A CCTV camera biz which left an admin account username and password exposed on the World Wide Web has, you guessed it, been targeted by hacktivists. Those cameras belonged to a whole host of organisations, according to the Bloomberg financial newswire, including: Tesla; Cloudflare; hospitals; police stations; prisons and, allegedly, more.

Hackers claim to have breached Silicon Valley startup Verkada to gain unauthorized access to live feeds of 150,000 security cameras. The breach represents a broad vision of the privacy and security violations that can occur if video surveillance footage falls into the wrong hands.

A US hacker collective on Tuesday claimed to have tapped into footage from 150,000 security cameras at banks, jails, schools, carmaker Tesla and other sites to expose "The surveillance state." Images captured from hacked surveillance video were posted on Twitter with an #OperationPanopticon hashtag.

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ. According to Tillie Kottmann, a reverse engineer for the group of hackers, they gained access to these surveillance systems using a super admin account for Verkada, a surveillance company who works with all of these organizations.

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan to get around defense barriers and monitor its victims. Cybersecurity firm Sophos, which observed two versions of Agent Tesla - version 2 and version 3 - currently in the wild, said the changes are yet another sign of Agent Tesla's constant evolution designed to make a sandbox and static analysis more difficult.

Researchers have identified new versions of the Agent Tesla remote access trojan that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.

Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. "Threat actors who transition to this version of Agent Tesla gain the capability to target a wider range of stored credentials, including those for web browser, email, VPN and other services," said Aaron Riley, cyber threat intelligence analyst with Cofense in a Tuesday analysis.

Researchers have demonstrated for the third time how hacking into the key fob of a Tesla can allow someone to access and steal the car in minutes. Researchers from the Computer Security and Industrial Cryptography, an Imec research group at the University of Leuven in Belgium, have "Discovered major security flaws" in the key fob of the Tesla Model X, the small device that allows someone to automatically unlock the car by approaching the vehicle or pressing a button.

Researchers from the Computer Security and Industrial Cryptography group at the KU Leuven university in Belgium have demonstrated that a Tesla Model X can be stolen in minutes by exploiting vulnerabilities in the car's keyless entry system. The attack method identified by the COSIC researchers targets the Tesla Model X key fob, which uses Bluetooth Low Energy to communicate with the vehicle.

Researchers at the University of Leuven in Belgium found vulnerabilities in the keyless entry system of the Tesla Model X that would have allowed attackers to steal the $100,000 car within just a few minutes. The security bugs allowed taking full control of the key fob and of the car by remotely updating the Tesla Model X's BLE chip with specially crafted firmware.