Security News
Used Tesla components, sold on eBay, still contain personal information, even after a factory reset. It's a problem with used photocopiers and printers.
Oil and gas organizations have been targeted in r.ecent spearphishing campaigns using. The second campaign appears to have started on or around April 12, attempting to deliver Agent Tesla to shipment companies in the Philippines.
Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. The emails leverage the tumultuous nature of today's oil and gas markets, which have been under tremendous stress in recent weeks, as the global COVID-19 pandemic lowered oil demand.
Hackers could have caused a Tesla Model 3's central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. A researcher who uses the online moniker Nullze discovered that the Tesla Model 3's web interface is affected by a denial-of-service vulnerability.
A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Attackers also tweeted in an account using the name "DoppelPaymer" that more files were on the way, alerting researchers that attackers likely used the DoppelPaymer ransomware in the attack, according to reports.
This is in the Windows GPU Display Driver control panel for the GeForce, Quadro NVS, and Tesla products leading to a corrupt system file and escalation of privileges or denial of service. A second control panel flaw affecting the same products is CVE‑2020‑5958, which might allow the planting of a malicious DLL file with the same results as above along with information disclosure.
DoppelPaymer has set up a public website with files from companies it claims it has compromised but have not paid a ransom, and it now lists Visser on that site, together with excerpts of allegedly stolen data. In an effort to exert even more pressure on victims to pay, in part by trying to name and shame them in public, some ransomware groups are upping the ante by stealing data before they forcibly encrypt everything.
The Mobileye 630 PRO and Tesla's HW 2.5 autopilot system, which comes embedded in the Tesla Model X. On the scale of level 0 to level 5, these two systems are considered "Level 2" automation. In one instance, researchers showed how they were able to cause the Tesla Model X to brake suddenly due to a phantom image, perceived as a person, projected in front of the car.
Trend Micro's Zero Day Initiative on Thursday announced the targets and prizes for the 2020 Pwn2Own competition, which is set to take place on March 18-20 in Vancouver at the CanSecWest conference. Pwn2Own 2019 introduced the automotive category and participants were invited to hack a Tesla Model 3.
From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla...