Spot the would-be car thief: Researchers cloned a Tesla key fob, in part by lingering near a victim, as dramatized in this video still (Source: KU Leuven)

Gone in 120 Seconds: Flaws Enable Theft of Tesla Model X

Jeremy Kirk • November 26, 2020

Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X. The electric vehicle manufacturer is issuing over-the-air updates to fix the flaws, which allegedly center on a failure to validate firmware updates and a faulty Bluetooth pairing protocol.

Cybercrime

The Dark Side of AI: Previewing Criminal Uses

Latest

Anti-Phishing, DMARC

Interpol Busts Massive Nigerian BEC Gang

Akshaya Asokan • November 26, 2020

Interpol, along with Nigerian law enforcement agencies and security firm Group-IB, has uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries.

Cybercrime as-a-service

Ransomware Attack Will Costs French IT Services $60 Million

Prajeet Nair • November 26, 2020

French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, is estimating that the attack will cost the company around $60 million in recovery costs.

3rd Party Risk Management

Automated Monitoring in the Cloud

Anna Delaney • November 26, 2020

Glen Hymers, CISO and head of data protection at the U.K.-based charity Save the Children International, says adapting to a cloud-first environment requires extensive security measures, including automated monitoring.

Application Security

Keeping the Software Supply Chain Secure

Jeremy Kirk • November 26, 2020

IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.

Business Continuity Management / Disaster Recovery

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Prajeet Nair • November 25, 2020

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.

Governance & Risk Management

Hackers Exploit MobileIron Flaw

Akshaya Asokan • November 25, 2020

The U.K. National Cyber Security Center is warning that nation-state hackers and cybercriminals are exploiting a remote vulnerability in MobileIron's mobile device management tool to target organizations in the country.

Governance & Risk Management

Linux Botnet Disguises Itself as Apache Server

Prajeet Nair • November 25, 2020

The latest Linux version of the Stantinko botnet is designed to disguise the malware as an Apache server to help better avoid security tools and remain hidden, according to Intezer Labs.

Application Security

Google Removes 2 Android Apps That Collected User Data

Akshaya Asokan • November 25, 2020

Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.

Cybercrime

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Doug Olenick • November 24, 2020

The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.

Cybercrime

Updated Trickbot Malware Is More Resilient

Doug Olenick • November 24, 2020

The gang operating Trickbot is continuing its activities despite recent takedown efforts, rolling out two updates that make the malware more difficult to kill, according to the security firm Bitdefender.

Fraud Management & Cybercrime

Instagram Leaked Minors' PII Again, But Now It's Fixed

Jeremy Kirk • November 24, 2020

For at least a month, Instagram leaked the email addresses of minors, which occurred as Ireland's Data Protection Commission probed whether its parent company, Facebook, failed to protect children's personal data. Facebook has fixed the issue. But how carefully is the company protecting personal data?

Cyberwarfare / Nation-State Attacks

Biden Reveals Picks to Head DHS, Intelligence

Scott Ferguson , Doug Olenick • November 23, 2020

President-elect Joe Biden on Monday announced that two former Obama-era officials are his nominees to head the U.S. Department of Homeland Security and the Office of Director of National Intelligence.