Spot the would-be car thief: Researchers cloned a Tesla key fob, in part by lingering near a victim, as dramatized in this video still (Source: KU Leuven)

Gone in 120 Seconds: Flaws Enable Theft of Tesla Model X

Jeremy Kirk • November 26, 2020

Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X. The electric vehicle manufacturer is issuing over-the-air updates to fix the flaws, which allegedly center on a failure to validate firmware updates and a faulty Bluetooth pairing protocol.

►

Application Security

How an IoT Door Lock Actually Provided a Way In

Latest

Cyberwarfare / Nation-State Attacks

Fired CISA Director Refutes Election Fraud Allegations

Jeremy Kirk • November 30, 2020

Ex-CISA Director Christopher Krebs revealed in a "60 Minutes" interview what made officials confident that the election results were accurate: paper ballots. Krebs didn't mention President Trump by name, but refuted claims by his administration and personal lawyer, Rudy Giuliani, that the election was fraudulent.

Business Continuity Management / Disaster Recovery

Hot Cybercrime Trend: Enterprise-Scale Ransomware Hits

Anna Delaney • November 27, 2020

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favor of ransomware attacks. Also featured: Defending against deep fakes; supporting a dispersed workforce.

Application Security

Productivity Tools May Be Monitoring Workers' Productivity

Mathew J. Schwartz • November 27, 2020

Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it. But as more workplace surveillance capabilities appear, legal experts warn that organizations must ensure their tools do not violate employees' privacy rights.

Cloud Security

AWS Flaw Allows Attackers to Find Users' Access Codes

Chinmay Rautmare • November 20, 2020

A recently uncovered vulnerability in a class of Amazon Web Service APIs can be exploited to leak AWS identity and access management user and arbitrary accounts, according to Palo Alto Networks' Unit 42.

Business Continuity Management / Disaster Recovery

Christopher Krebs Describes Accomplishments

Anna Delaney • November 20, 2020

This edition of the ISMG Security Report features a discussion with Christopher Krebs, the recently fired director of the Cybersecurity Infrastructure Security Agency, on his accomplishments at the agency. Also featured are updates on ransomware gangs recruiting affiliates and healthcare supply chain risks.

Artificial Intelligence & Machine Learning

The Dark Side of AI: Previewing Criminal Uses

Mathew J. Schwartz • November 20, 2020

"Has anyone witnessed any examples of criminals abusing artificial intelligence?" That's a question security firms have been raising. A new report has identified likely ways in which such attacks might occur and offers examples of threats already emerging

Governance & Risk Management

Brace for DNS Spoofing: Cache Poisoning Flaws Discovered

Mathew J. Schwartz • November 18, 2020

Researchers are warning that many domain name system server implementations are vulnerable to a spoofing attack that allows attackers to redirect, intercept and manipulate traffic. Thankfully, fixes are already arriving for this so-called SAD DNS flaw.

Breach Notification

Gaming Company Confirms Ragnar Locker Ransomware Attack

Chinmay Rautmare • November 18, 2020

Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records, including sales and shareholder data, potentially being compromised.

Fraud Management & Cybercrime

Twitter Hires Famed Hacker 'Mudge' as Security Head

Scott Ferguson • November 17, 2020

Twitter has hired network security expert Peiter Zatko to serve in the newly created position of head of security following a series of high-profile cyber incidents. Zatko, known as "Mudge," gained fame as a member of the ethical hacking group "Cult of the Dead Cow" and worked for the government and Google.

Endpoint Security

Privacy Group Files Complaint Over iOS Tracking

Tony Morbin • November 17, 2020

NOYB, a privacy group run by Austrian Max Schrems, has filed complaints against Apple with Spanish and German data protection regulators alleging the company's Identifier for Advertisers breaks EU privacy laws by allowing Apple and all apps on the iPhone to track a user without consent.

Business Continuity Management / Disaster Recovery

Analysts Warn: DDoS Attacks Likely to Surge

Doug Olenick • November 16, 2020

Distributed denial-of-service attacks have not garnered much attention this year. But analysts say such attacks could surge, and they have the potential to be just as damaging as ransomware and other types of cyberthreats.

Application Security

Commerce Department Lets TikTok US Operations Continue

Scott Ferguson • November 13, 2020

Despite a Thursday deadline that would have forced China-based ByteDance to shut down its TikTok video-sharing app in the U.S., the Commerce Department will allow the company to continue its American operations for now as various court cases continue.