TL; DR: Tesla always vulnerable and massive attacks on Belgium’s COVID-19 vaccine reservation portal (18th week)
A pleasant driving of Tesla can be interrupted by a person who is not even present in the car. Popular electric cars have another vulnerability under the bonnet. Amazon, IT giant, is in a similar situation.
Filipino solicitor-general’s office will probably draw a lesson for the future and will reply to e-mails from the United Kingdom. That concerns the case when there is a sound evidence that someone hacked into their systems and goes through the files from legal cases.
Hackers worked as well
Australian Labour Party has become a target of Avaddon ransomware attack.
Attackers successfully stole critical information such as passport details, contact details, CVs, copies of driving licences, employment contract details and financial details of the party. They demand a ransom in millions of dollars for not publishing the stolen data.
Attackers are threatening to launch DDoS attack if the party does not respond to their demands.
The office did not respond to calls
An unknown person downloaded data from Filipino solicitor-general’s office. The files were publicly available for more than two months and then provably downloaded by an unknown third party.
The UK security firm discovered the breach of around 345,000 files and e-mailed the solicitor-general’s office about the files at the beginning of March. Nobody responded to e-mails about the breach.
Sensitive data included, for example, information on legal cases, internal policies and passwords, audit information and files titled with keywords such as “private, confidential, witness, and password”.
Criminals lost domains
United Nations security experts and the firm Group-IB worked together to take down 134 websites operated by a cybercriminal group known as DarkPath.
These domains were used to impersonate the World Health Organisation. Scammers distributed these websites during the “health awareness day” and encouraged users to fill out a short questionnaire and share it further, for an alleged financial reward of €200. According to Group-IB, millions of users were targeted by this scheme.
A step to sensitive information
A security search engine BeVigil has found that 0.5 % of mobile apps expose Amazon Web Services API keys.
Detection involving more than 100 million users can lead to gaining users’ sensitive information and access to internal networks of application administrators.
Another unwanted driver in the car
Researchers successfully have shown how the infotainment system of a Tesla (and possibly other cars) can be hacked from a drone without any user interaction through wifi.
The vulnerability allows attackers to perform any tasks that a driver could initiate from the infotainment system of the vehicle, such as opening doors, changing seat positions, playing music, controlling the air conditioning, or modifying steering and acceleration modes of the vehicle.
SHORTCUT
- The Babuk ransomware gang is closing down its activity after the attack on the Washington, D.C. Metropolitan Police Department. Babuk will make its malware source code publicly available for other attackers to modify and continue to abuse it.
- The massive DDoS attack hit several Belgium’s government websites. Internal systems and Belgium’s COVID-19 vaccine reservation portal have been down for the entire day due to the DDoS attack.
- Several Israeli companies have become a target of cyberattacks attributed to Iranian APT group Networm.
- A health and community service provider UnitingCare in Australian Queensland confirmed that the attack on their systems was performed by a cybercriminal group
- A Californian healthcare provider Scripps Health has become a target of a ransomware attack.
- A cyber attacker successfully stole the database of Iranian social and business messaging platform io. Records of over 150 million users contained sensitive data, e.g. full names, IP addresses, e-mail addresses, phone numbers, encrypted passwords and so on.
« Späť na zoznam
