This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T13:22:11+00:00 www.secnews.physaphae.fr Bleeping Computer - Magazine Américain 2018-09-21T16:26:05+00:00 https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/ www.secnews.physaphae.fr/article.php?IdArticle=819538 False Malware Tesla None Wired Threat Level - Security News 2018-09-20T11:00:00+00:00 https://www.wired.com/story/porsche-taycan-fast-chargers-electric-pit-stops www.secnews.physaphae.fr/article.php?IdArticle=817294 False None Tesla None Wired Threat Level - Security News 2018-09-18T23:15:05+00:00 https://www.wired.com/story/tesla-elon-musk-doj-investigation www.secnews.physaphae.fr/article.php?IdArticle=814760 False None Tesla None Wired Threat Level - Security News 2018-09-18T12:00:00+00:00 https://www.wired.com/story/audi-etron-specs-comparison-electric-cars www.secnews.physaphae.fr/article.php?IdArticle=813839 False None Tesla None Wired Threat Level - Security News 2018-09-18T04:00:00+00:00 https://www.wired.com/story/audi-etron-electric-suv www.secnews.physaphae.fr/article.php?IdArticle=813308 False None Tesla None Wired Threat Level - Security News 2018-09-16T17:12:01+00:00 https://www.wired.com/story/week-future-cars-coming-storm www.secnews.physaphae.fr/article.php?IdArticle=810936 False None Tesla None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC British Airways hack: Infosec experts finger third-party scripts on payment pages | The Register As an affected customer, I accept that companies get breached. But the advice seemed pretty poor. British Airways breached | J4vv4D Boards need to get more technical - NCSC The government is calling on business leaders to take responsibility for their organisations’ cyber security, as the threat from nation state hackers and cyber criminal gangs continues to rise. Ciaran Martin, head of NCSC believes that cybersecurity is a mainstream business risk and that corporate leaders need to understand what threats are out there, and what are the most effective ways of managing the risks. They need to understand cyber risk in the same way they understand financial risk, or health and safety risk. NCSC issues new advice for business leaders as Ciaran Martin admits previous guidance was “unhelpful” | New Statesman Hunting in O365 logs Cloud is great, but sometimes making sense of the logs can be a pain. If you’re struggling with O365 logs, then this document could be really useful. Detailed properties in the Office 365 audit log | Microsoft GCHQ data collection violated human rights, Strasbourg court rules GCHQ’s methods in carrying out bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights has ruled in a test case judgment. But the Strasbourg court found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal. It is the first major challenge to the legality of UK intelligence agencies intercepting private communications in bulk, following Edward Snowden’s whistleblowing revelations. GCHQ data collection violated human rights, Strasbourg court r]]> 2018-09-14T13:00:00+00:00 http://feeds.feedblitz.com/~/569668796/0/alienvault-blogs~Things-I-Hearted-this-Week-th-September www.secnews.physaphae.fr/article.php?IdArticle=807799 False Data Breach,Threat,Guideline Tesla None InformationSecurityBuzzNews - Site de News Securite Tesla’s Remote Fix For Its Model S Key Fob Vulnerability Is A Positive Sign For The Auto Industry]]> 2018-09-13T13:30:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/teslas-remote-fix-for-its-model-s/ www.secnews.physaphae.fr/article.php?IdArticle=807877 False Vulnerability Tesla None CSO - CSO Daily Dashboard Raspberry Pi 3 Model B+, Proxmark3, Yard Stick One, and a USB battery pack, Belgium researchers needed less than two seconds to clone the key fob of a Tesla Model S. The reckless part comes into play if you were to actually steal the Tesla, but if you turn to a life of crime then the researchers believe McLaren, Karma and Triumph are vulnerable to the attack as well since, like Tesla, the keyless entry solutions for those vehicles are designed by Pektron. In case it's not clear that stealing a Model S was a joke, then don't try it cause Tesla would be able to track down the vehicle even if you disabled GPS.]]> 2018-09-12T07:31:00+00:00 https://www.csoonline.com/article/3305737/security/hackers-clone-tesla-model-s-key-fob-in-2-seconds-to-steal-car.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=804714 False None Tesla None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-09-12T06:48:00+00:00 https://thehackernews.com/2018/09/tesla-model-s-remote-hack.html www.secnews.physaphae.fr/article.php?IdArticle=804646 False Hack Tesla None Security Affairs - Blog Secu 2018-09-12T05:02:04+00:00 https://securityaffairs.co/wordpress/76112/hacking/tesla-s-relay-attack.html www.secnews.physaphae.fr/article.php?IdArticle=804214 False None Tesla None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC ransomware was the summer anthem of 2017. At the time, it seemed impossible that the onslaught of global ransomware attacks like WannaCry and NotPetya would ever wane. But, I should have known better. Every summertime anthem eventually gets overplayed. This year, cryptojacking took over the airwaves, fueled by volatile global cryptocurrency markets. In the first half of 2018, detected cryptojacking attacks increased 141%, outpacing ransomware attacks. In this blog post, I’ll address cryptojacking: what it is, how it works, how to detect it, and why you should be tuning into this type of threat. What is Cryptojacking? Crytojacking definition: Cryptojacking is the act of using another’s computational resources without their knowledge or permission for cryptomining activities. By cryptojacking mobile devices, laptops, and servers, attackers effectively steal the CPU of your device to mine for cryptocurrencies like Bitcoin and Monero. Whereas traditional malware attacks target sensitive data that can be exploited for financial gain, like social security numbers and credit card information, cybercriminals that launch cryptojacking campaigns are more interested in your device’s computing power than your own personal data. To understand why, it’s helpful to consider the economics of cryptocurrency mining. Mining for cryptocurrencies like Bitcoin and Monero takes some serious computing resources to solve the complex algorithms used to discover new coins. These resources are not cheap, as anyone who pays their organization’s AWS bill or data center utility bill can attest to. So, in order for cryptocurrency mining to be profitable and worthwhile, the market value of the cryptocurrency must be higher than the cost of mining it – that is, unless you can eliminate the resource costs altogether by stealing others’ resources to do the mining for you. That’s exactly what cryptojacking attacks aim to do, to silently turn millions of devices into cryptomining bots, enabling cybercriminals to turn a profit without all the effort and uncertainty of collecting a ransom. Often, cryptojacking attacks are designed to evade detection by traditional antivirus tools so that they can quietly run in the background of the machine. Does this mean that all cryptomining activity is malicious? Well, it depends on who you ask. Cryptomining vs. Cryptojacking As the cryptocurrency markets have gained value and become more mainstream in recent years, we’ve seen a digital gold rush to cryptomine for new Bitcoin, and more recently, Monero. What began with early adopters and hobbyists building home rigs to mine for new coins has now given way to an entire economy of mining as a service, cryptoming server farms, and even cryptomining cafes. In this sense, cryptomining is, more or less, considered a legal and legitimate activity, one that could be further legitimized by a rumored $12 Billion Bitman IPO. Yet, the lines between cryptomining and cryptojacking are blurry. For example, the cryptomining “startup” Coinhive has positioned its technology as an alternative way to monetize a website, instead of by serving ads or charging a subscription. According to the website, the folks behind Coinhive, “dream about it as an alternative to micropayments, artificial wait time in online games, intrusive ads and dubious marketing tactics.” Yet at the same time, Coinhive has been one of the most common culprits found]]> 2018-09-11T13:00:00+00:00 http://feeds.feedblitz.com/~/569069766/0/alienvault-blogs~Explain-Cryptojacking-to-Me www.secnews.physaphae.fr/article.php?IdArticle=803093 False Malware,Threat Tesla,NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2018-09-11T11:30:03+00:00 http://www.itsecurityguru.org/2018/09/11/group-researchers-showed-tesla-model-s-can-hacked-stolen-seconds-using-600-worth-equipment/ www.secnews.physaphae.fr/article.php?IdArticle=802909 False Vulnerability Tesla None ZD Net - Magazine Info 2018-09-11T09:28:00+00:00 https://www.zdnet.com/article/how-to-steal-a-tesla-model-s-in-seconds/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=802741 False Threat Tesla None Errata Security - Errata Security an IoT security bill, awaiting the government's signature/veto. It's a typically bad bill based on a superficial understanding of cybersecurity/hacking that will do little improve security, while doing a lot to impose costs and harm innovation.It's based on the misconception of adding security features. It's like dieting, where people insist you should eat more kale, which does little to address the problem you are pigging out on potato chips. The key to dieting is not eating more but eating less. The same is true of cybersecurity, where the point is not to add “security features” but to remove “insecure features”. For IoT devices, that means removing listening ports and cross-site/injection issues in web management. Adding features is typical “magic pill” or “silver bullet” thinking that we spend much of our time in infosec fighting against.We don't want arbitrary features like firewall and anti-virus added to these products. It'll just increase the attack surface making things worse. The one possible exception to this is “patchability”: some IoT devices can't be patched, and that is a problem. But even here, it's complicated. Even if IoT devices are patchable in theory there is no guarantee vendors will supply such patches, or worse, that users will apply them. Users overwhelmingly forget about devices once they are installed. These devices aren't like phones/laptops which notify users about patching.You might think a good solution to this is automated patching, but only if you ignore history. Many rate “NotPetya” as the worst, most costly, cyberattack ever. That was launched by subverting an automated patch. Most IoT devices exist behind firewalls, and are thus very difficult to hack. Automated patching gets beyond firewalls; it makes it much more likely mass infections will result from hackers targeting the vendor. The Mirai worm infected fewer than 200,000 devices. A hack of a tiny IoT vendor can gain control of more devices than that in one fell swoop.The bill does target one insecure feature that should be removed: hardcoded passwords. But they get the language wrong. A device doesn't have a single password, but many things that may or may not be called passwords. A typical IoT device has one system for creating accounts on the web management interface, a wholly separate authentication system for services like Telnet (based on /etc/passwd), and yet a wholly separate system for things like debugging interfaces. Just because a device does the proscribed thing of using a unique or user generated password in the user interface doesn't mean it doesn't also have a bug in Telnet.That was the problem with devices infected by Mirai. The description that these were hardcoded passwords is only a superficial understanding of the problem. The real problem was that there were different authentication systems in the web interface and in other services like Telnet. Most of the devices vulnerable to Mirai did the right thing on the web interfaces (meeting the language of this law) requiring the user to create new passwords before operating. They just did the wrong thing elsewhere.People aren't really paying attention to what happened with Mirai. They look at the 20 billion new IoT devices that are going to be connected to the Internet by 2020 and believe Mirai is just the tip of the iceberg. But it isn't. The IPv4 Internet has only 4 billion addresses, which are pretty much already used up. This means those 20 billion won't be exposed to the public Internet like Mirai devices, but hidden behind firewalls that translate addresses. Thus, rather than Mirai presaging the future, it represents the last gasp of the past that is unlikely to come again.This law is backwards looking rather than forward looking. Forward looking, by far the most important t]]> 2018-09-10T17:33:17+00:00 https://blog.erratasec.com/2018/09/californias-bad-iot-law.html www.secnews.physaphae.fr/article.php?IdArticle=802142 False Hack,Threat,Patching,Guideline Tesla,NotPetya None Wired Threat Level - Security News 2018-09-10T17:00:00+00:00 https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob www.secnews.physaphae.fr/article.php?IdArticle=801834 False None Tesla None Malwarebytes Labs - MalwarebytesLabs A roundup of the security news from September 3 – 9, including spyware going mainstream, Mac App Store apps stealing and abusing customer data, and Fortnite install concerns. Categories: Security world Week in security Tags: a week in securityAndroidBrighton PolicefakeFire Eyefive eyesfortniteMac App StoremastercardMega.nzprotonmailsecurity camerasspywareTalosTechCrunchteslaWannaCry (Read more...) ]]> 2018-09-10T16:44:05+00:00 https://blog.malwarebytes.com/security-world/2018/09/a-week-in-security-september-3-september-9/ www.secnews.physaphae.fr/article.php?IdArticle=801898 False None Tesla,Wannacry None Wired Threat Level - Security News 2018-09-09T13:00:00+00:00 https://www.wired.com/story/future-of-cars-lets-be-blunt www.secnews.physaphae.fr/article.php?IdArticle=800192 False None Tesla,Uber None Wired Threat Level - Security News 2018-09-07T20:21:01+00:00 https://www.wired.com/story/elon-musk-weed-toke-tesla www.secnews.physaphae.fr/article.php?IdArticle=798085 False None Tesla None Wired Threat Level - Security News 2018-09-07T07:12:03+00:00 https://www.wired.com/story/elon-musk-tesla-ceo-joe-rogan-podcast www.secnews.physaphae.fr/article.php?IdArticle=796766 False None Tesla None ZD Net - Magazine Info 2018-09-06T17:32:02+00:00 https://www.zdnet.com/article/tesla-modifies-product-policy-to-accommodate-good-faith-security-research/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=795757 False None Tesla None Bleeping Computer - Magazine Américain 2018-09-06T11:49:00+00:00 https://www.bleepingcomputer.com/news/security/tesla-will-restore-car-firmware-os-when-hacking-goes-wrong/ www.secnews.physaphae.fr/article.php?IdArticle=795511 False None Tesla None Wired Threat Level - Security News 2018-09-04T18:19:00+00:00 https://www.wired.com/story/mercedes-benz-eqc-electric-suv www.secnews.physaphae.fr/article.php?IdArticle=792439 False None Tesla None Wired Threat Level - Security News 2018-09-02T11:00:00+00:00 https://www.wired.com/story/this-week-future-cars-pieces www.secnews.physaphae.fr/article.php?IdArticle=789404 False None Tesla,Uber 3.0000000000000000 Wired Threat Level - Security News 2018-08-31T16:00:00+00:00 https://www.wired.com/gallery/wired-top-stories-in-august-2018-elon-musk www.secnews.physaphae.fr/article.php?IdArticle=787405 False None Tesla None Wired Threat Level - Security News 2018-08-31T11:00:00+00:00 https://www.wired.com/story/heres-how-fast-that-jumping-tesla-was-traveling www.secnews.physaphae.fr/article.php?IdArticle=786941 False None Tesla None Wired Threat Level - Security News 2018-08-29T21:31:05+00:00 https://www.wired.com/story/elon-musk-twitter-stock-tweets-libel-suit www.secnews.physaphae.fr/article.php?IdArticle=785075 False None Tesla None Wired Threat Level - Security News 2018-08-28T10:00:00+00:00 https://www.wired.com/story/elon-musk-tesla-private-public-sec www.secnews.physaphae.fr/article.php?IdArticle=782963 False None Tesla 5.0000000000000000 Wired Threat Level - Security News 2018-08-27T19:27:00+00:00 https://www.wired.com/story/tesla-autopilot-why-crash-radar www.secnews.physaphae.fr/article.php?IdArticle=782964 False None Tesla 3.0000000000000000 Wired Threat Level - Security News 2018-08-26T13:00:00+00:00 https://www.wired.com/story/this-week-future-cars-make-it-work www.secnews.physaphae.fr/article.php?IdArticle=782974 False None Tesla None InformationSecurityBuzzNews - Site de News Securite Elon Musk Announces Tesla Will Share Security Software With Other Car Makers As Open Source]]> 2018-08-20T18:27:03+00:00 https://www.informationsecuritybuzz.com/expert-comments/elon-musk-announces-tesla/ www.secnews.physaphae.fr/article.php?IdArticle=782582 False None Tesla None Wired Threat Level - Security News 2018-08-19T13:00:00+00:00 https://www.wired.com/story/elon-musk-tesla-sec-news-roundup www.secnews.physaphae.fr/article.php?IdArticle=780867 False None Tesla None Wired Threat Level - Security News 2018-08-17T19:41:00+00:00 https://www.wired.com/2018/08/gadget-lab-podcast-372 www.secnews.physaphae.fr/article.php?IdArticle=779724 False None Tesla 5.0000000000000000 Wired Threat Level - Security News 2018-08-12T13:00:00+00:00 https://www.wired.com/story/this-week-future-cars-tesla-private www.secnews.physaphae.fr/article.php?IdArticle=778550 False None Tesla,Uber None Wired Threat Level - Security News 2018-08-11T11:00:00+00:00 https://www.wired.com/story/tesla-going-private www.secnews.physaphae.fr/article.php?IdArticle=776881 False None Tesla None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/563363548/0/thesecurityledger -->»]]> 2018-08-10T00:04:00+00:00 https://feeds.feedblitz.com/~/563363548/0/thesecurityledger~Can-Self-Driving-Cars-Be-Secured-Car-Hacking-Duo-Isnt-Sure/ www.secnews.physaphae.fr/article.php?IdArticle=774187 False None Tesla None Wired Threat Level - Security News 2018-08-08T11:00:00+00:00 https://www.wired.com/story/semi-autonomous-cars-safety-tests www.secnews.physaphae.fr/article.php?IdArticle=770901 False None Tesla None Wired Threat Level - Security News 2018-08-07T20:34:01+00:00 https://www.wired.com/story/can-elon-musk-really-take-tesla-private www.secnews.physaphae.fr/article.php?IdArticle=770177 False None Tesla None TechRepublic - Security News US 2018-08-06T19:23:01+00:00 https://www.techrepublic.com/article/google-cloud-adds-support-for-nvidias-tesla-p4-gpu/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=768418 False None Tesla 5.0000000000000000 SecurityWeek - Security News ]]> 2018-08-06T17:14:01+00:00 https://www.securityweek.com/ex-tesla-worker-accused-hacking-seeks-1m-counterclaim www.secnews.physaphae.fr/article.php?IdArticle=770276 False None Tesla 5.0000000000000000 Wired Threat Level - Security News 2018-08-05T13:00:00+00:00 https://www.wired.com/story/this-week-future-cars-tesla-apology-nvidia www.secnews.physaphae.fr/article.php?IdArticle=766939 False None Tesla None Wired Threat Level - Security News 2018-08-04T11:00:00+00:00 https://www.wired.com/story/tesla-self-driving-car-computer-chip-nvidia www.secnews.physaphae.fr/article.php?IdArticle=766072 False None Tesla None Wired Threat Level - Security News 2018-08-03T13:00:00+00:00 https://www.wired.com/story/replay-games-in-teslas www.secnews.physaphae.fr/article.php?IdArticle=765036 False None Tesla None Wired Threat Level - Security News 2018-08-01T23:51:03+00:00 https://www.wired.com/story/tesla-q2-2018-earnings-call www.secnews.physaphae.fr/article.php?IdArticle=762678 False None Tesla None TechRepublic - Security News US 2018-08-01T16:23:00+00:00 https://www.techrepublic.com/article/teslas-autopilot-cheat-sheet/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=762064 False None Tesla None TechRepublic - Security News US 2018-07-31T18:17:04+00:00 https://www.techrepublic.com/article/uber-quits-self-driving-trucks-but-the-driverless-semis-are-still-coming/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=760826 False None Tesla,Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Google: Security Keys Neutralized Employee Phishing | Krebs on Security While we’re on the topic of phishing, attackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss. Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M | Krebs on Security We’re probably going to see more of this kind of back and forth as companies that have taken out cyber insurance and suffered a breach fight with their insurers over liability and who will cover the cost. Somewhat related: Scam of the week, another new CEO fraud phishing wrinkle | KnowBe4 Breaking the Chain Supply chain and third party risks are getting better understood, but understanding a risk doesn’t necessarily mean it will reduce the risk. Tesla, VW, and dozens of other car manufacturers had their sensitive information exposed due to a weak security link in their supply chains. Tesla, VW data was left exposed by supply chain vendor Level One Robotics | SC Magazine SIM Swap - A Victim’s Perspective This is a really good write-up by AntiSocial engineer taking a look at how SIM swap fraud can impact victims, and why mobile phone operators need to do more to prevent this kind of fraud. “It’s an all too common story, the signal bars disappear from your mobile phone, you ring the phone number – it rings, but it’s not your phone ringing. Chaos ensues. You’re now getting password reset emails from Facebook and Google. You try to login to your bank but your password fails.  Soon enough the emails stop coming as attackers reset your account passwords. You have just become the newest victim of SIM Swap Fraud and your phone number is now at the control of an unknown person.” SIM Swap Fraud - a victim’s perspective | AntiSocial Engineer EU Fails to Regulate IoT Security In this week’s head-scratching moment of “what were they thinking?”, the European Commission has rejected consumer groups' calls for mandatory security for consumer internet-connected devices because they believe voluntar]]> 2018-07-27T13:00:00+00:00 http://feeds.feedblitz.com/~/561082430/0/alienvault-blogs~Things-I-Hearted-this-Week-th-July www.secnews.physaphae.fr/article.php?IdArticle=756750 False Data Breach,Hack Tesla None InformationSecurityBuzzNews - Site de News Securite Sensitive Data Exposed Belonging To Tesla, Toyota, VW And More]]> 2018-07-25T11:33:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/sensitive-data-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=752848 False None Tesla None Graham Cluley - Blog Security There's bad news if your name really is “Elon Musk”. You're going to have to jump over some additional hurdles to convince Twitter that you should be allowed to change your display name to the one you share with the boss of Tesla and SpaceX. Read more in my article on the Hot for Security blog. ]]> 2018-07-25T10:34:04+00:00 https://hotforsecurity.bitdefender.com/blog/heres-why-twitter-will-lock-your-account-if-you-change-your-display-name-to-elon-musk-20138.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=752735 False None Tesla None Wired Threat Level - Security News 2018-07-22T12:00:00+00:00 https://www.wired.com/story/car-news-roundup-tesla-zoox-bmw-reachnow-uber www.secnews.physaphae.fr/article.php?IdArticle=748248 False None Tesla,Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC InfoSec Recruiting – Is the Industry Creating its own Drought? | Liquid Matrix GDPR Did you think that discussions around GDPR were over? You thought wrong. Want to avoid GDPR fines? Adjust your IT Procurement methods | HelpNetSecurity SEXTORTION SCAMS A clever new twist on an on extortion email scam includes a password the recipient previously used at a hacked website, to lend credence to claims that the sender has hacked the recipients computer / webcam and recorded embarrassing videos. Sextortion Scam Uses Recipient’s Hacked Passwords | Krebs on Security TESLA Elon Musk continues to make the headlines, sometimes for the right, and other times for the wrong reasons. But it's worth taking a look at the companies security. While there was the infamous emaila few weeks back where Musk pointed the finger of blame to a rogue employee, it's not the first case of cybersecurity gone wrong in the company. Tesla sued an oil-industry executive for impersonating Musk in an email. The tricksters goal was to undermine tesla's energy-efficient transportation. Here’s why Tesla has been sabotaged twice in two years — lax network security | Last Watchdog ]]> 2018-07-20T13:00:00+00:00 http://feeds.feedblitz.com/~/559727188/0/alienvault-blogs~Things-I-Hearted-this-Week-th-July www.secnews.physaphae.fr/article.php?IdArticle=747573 False None Tesla,APT 1 None Wired Threat Level - Security News 2018-07-20T12:00:00+00:00 https://www.wired.com/story/tesla-range-record-munro-profitability-model-3 www.secnews.physaphae.fr/article.php?IdArticle=747670 False None Tesla None Graham Cluley - Blog Security Tesla chief Elon Musk retracts his unfounded allegations against man who helped boys escape from a Thai cave, but scammers are given another opportunity to strike. ]]> 2018-07-18T11:49:03+00:00 https://www.grahamcluley.com/elon-musk-retracts-vile-twitter-accusation-against-cave-rescuer/ www.secnews.physaphae.fr/article.php?IdArticle=747630 False None Tesla None Wired Threat Level - Security News 2018-07-12T20:41:05+00:00 https://www.wired.com/story/terrible-timing-teslas-expiring-tax-credit www.secnews.physaphae.fr/article.php?IdArticle=742597 False None Tesla None Wired Threat Level - Security News 2018-07-11T22:20:03+00:00 https://www.wired.com/story/elon-musk-thailand-cave-boys-rescue-engineering www.secnews.physaphae.fr/article.php?IdArticle=740960 False None Tesla,Tesla None Wired Threat Level - Security News 2018-07-07T13:00:00+00:00 https://www.wired.com/story/car-news-roundup-tesla-production-polaris-sllingshot www.secnews.physaphae.fr/article.php?IdArticle=734521 False None Tesla,Tesla None Wired Threat Level - Security News 2018-06-23T00:33:00+00:00 https://www.wired.com/story/tesla-fremont-factory-model-3-production-tent-parking-lot-structure www.secnews.physaphae.fr/article.php?IdArticle=718516 False None Tesla,Tesla None SecurityWeek - Security News Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties." ]]> 2018-06-22T17:29:01+00:00 https://www.securityweek.com/tesla-breach-malicious-insider-revenge-or-whistleblowing www.secnews.physaphae.fr/article.php?IdArticle=719792 False None Tesla,Tesla None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The Tesla Insider Elon Musk sent out an email stating an employee had stabbed the company in the back like Brutus, changing production code, and leaking inside information. I'll admit that like many people who have talked about or written about insider threats in the past, I instinctively punched the air and yelled, "YES! I warned you but you didn't listen." The incident is also notable for the impact it had on the company's  share price which dropped more than 6% in trading. "I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations, this included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties." Insider threats defined | AlienVault Tesla hit by insider saboteur who changed code, exfiltrated data | SC Magazine Tesla sinks after Elon Musk says an employee conducted 'sabotage' and Trump ramps up fears of a trade war (TSLA) | Business Insider Can't Fix Won't Fix, Don't Fix Organisations cannot afford to view penetration testing as a tick box exercise. How should they mitigate the fact some vulnerabilities can’t be fixed, won’t be fixed, and in some instances, actually shouldn’t be fixed? Can’t fix, won’t fix, don’t fix: Is it time for businesses to rethink how they action pen test results?| IT Pro Portal On the topic of pen tests, check out Adrian Sanabria's presentation slides from RSA earlier this year on killing the pen test. It's time to kill the pen test (PDF) | RSAconference To add balance, and to convince you pen testers out there that I'm not a bad person who hates all pen testers, here's an awesome collection of penetration testing resources that include tools, online resources, books, courses, conferences, magazine... Awesome Penetration Testing | Kinimiwar, GitHub A Case Study In Bad Disclosure Imagine you're a researcher and have found a vulnerability, you then disclose it responsibly to a vendor, then that vendor fixes the issue - but instead of sending the chopper over to you with a care package, they pretend like you didn't exist. Akin to Tom Cruise getting disavowed in every single Mission Impossible movie. Then imagine that vendor submitted the vulnerability details to Google and received a bug bounty award to the tune of $5,000. Then to top it off, they sat back in a massive reclining chair, threw their head back and laughed as they donated the full $5,000 to a good cause. ]]> 2018-06-22T13:00:00+00:00 http://feeds.feedblitz.com/~/557751908/0/alienvault-blogs~Things-I-Hearted-this-Week-nd-June www.secnews.physaphae.fr/article.php?IdArticle=740333 False Hack,Vulnerability,Guideline Tesla,Tesla,Bithumb None Graham Cluley - Blog Security Tesla claims former employee has admitted writing software that hacked company systems, and leaked data to external third parties. ]]> 2018-06-21T10:33:02+00:00 https://www.grahamcluley.com/ex-tesla-employee-sued-for-hacking-and-stealing-company-data/ www.secnews.physaphae.fr/article.php?IdArticle=715273 False None Tesla None The Last Watchdog - Blog Sécurité de Byron V Acohido 2018-06-21T09:05:02+00:00 https://www.lastwatchdog.com/guest-essay-heres-why-tesla-has-been-sabotaged-twice-in-two-years-lax-network-security/ www.secnews.physaphae.fr/article.php?IdArticle=715213 False None Tesla None InformationSecurityBuzzNews - Site de News Securite Tesla Hit By ‘Damaging Sabotage’ By Employee]]> 2018-06-20T13:40:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/tesla-hit-by-damaging-sabotage-by-employee/ www.secnews.physaphae.fr/article.php?IdArticle=713740 False None Tesla None TechRepublic - Security News US 2018-06-19T13:31:05+00:00 https://www.techrepublic.com/article/tesla-employee-sabotage-illustrates-critical-importance-of-user-permissions/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=712307 False None Tesla None Graham Cluley - Blog Security Tesla CEO Elon Musk believes that the company is the victim of deliberate sabotage perpetrated by an employee. Read more in my article on the Hot for Security blog. ]]> 2018-06-19T11:44:03+00:00 https://hotforsecurity.bitdefender.com/blog/tesla-saboteur-caused-extensive-damage-and-leaked-highly-sensitive-data-claims-elon-musk-20043.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=712191 False None Tesla None Wired Threat Level - Security News 2018-06-17T13:00:00+00:00 https://www.wired.com/story/car-news-roundup-boring-chicago-byton-concept www.secnews.physaphae.fr/article.php?IdArticle=709078 False None Tesla None Errata Security - Errata Security Musk has a point. Journalists do suck, and many suck consistently. I see this in my own industry, cybersecurity, and I frequently criticize them for their suckage.But what he's doing here is not correcting them when they make mistakes (or what Musk sees as mistakes), but questioning their legitimacy. This legitimacy isn't measured by whether they follow established journalism ethics, but whether their "core truths" agree with Musk's "core truths".An example of the problem is how the press fixates on Tesla car crashes due to its "autopilot" feature. Pretty much every autopilot crash makes national headlines, while the press ignores the other 40,000 car crashes that happen in the United States each year. Musk spies on Tesla drivers (hello, classic Bond villain everyone) so he can see the dip in autopilot usage every time such a news story breaks. He's got good reason to be concerned about this.He argues that autopilot is safer than humans driving, and he's got the statistics and government studies to back this up. Therefore, the press's fixation on Tesla crashes is illegitimate "fake news", titillating the audience with distorted truth.But here's the thing: that's still only Musk's version of the truth. Yes, on a mile-per-mile basis, autopilot is safer, but there's nuance here. Autopilot is used primarily on freeways, which already have a low mile-per-mile accident rate. People choose autopilot only when conditions are incredibly safe and drivers are unlikely to have an accident anyway. Musk is therefore being intentionally deceptive comparing apples to oranges. Autopilot may still be safer, it's just that the numbers Musk uses don't demonstrate this.And then there is the truth calling it "autopilot" to begin with, because it isn't. The public is overrating the capabilities of the feature. It's little different than "lane keeping" and "adaptive cruise control" you can now find in other cars. In many ways, the technology is behind -- my Tesla doesn't beep at me when a pedestrian walks behind my car while backing up, but virtually every new car on the market does.Yes, the press unduly covers Tesla autopilot crashes, but Musk has only himself to blame by unduly exaggerating his car's capabilities by calling it "autopilot".What's "core truth" is thus rather difficult to obtain. What the press satisfies itself with instead is smaller truths, what they can document. The facts are in such cases that the accident happened, and they try to get Tesla or Musk to comment on it.What you can criticize a journalist for is therefore not "core truth" but whether they did journalism correctly. When such stories criticize "autopilot", but don't do their diligence in getting Tesla's side of the story, then that's a violation of journalistic practice. When I criticize journalists for their poor handling of stories in my industry, I try to focus on which journalistic principles they get wrong. For example, the NYTimes reporters do a lot of stories quoting anonymous government sources in clear violation of journalistic principles.If "credibility" is the concern, then it's the classic Bond villain h]]> 2018-05-23T18:45:27+00:00 https://blog.erratasec.com/2018/05/the-devil-wears-pravda.html www.secnews.physaphae.fr/article.php?IdArticle=668560 False None Tesla None IT Security Guru - Blog Sécurité 2018-05-18T09:37:05+00:00 http://www.itsecurityguru.org/2018/05/18/tesla-confirms-autopilot-involved-utah-crash-seeks-blame-driver/ www.secnews.physaphae.fr/article.php?IdArticle=657510 False None Tesla None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/543365614/0/thesecurityledger -->»]]> 2018-05-03T20:00:05+00:00 https://feeds.feedblitz.com/~/543365614/0/thesecurityledger~Next-privacy-trap-for-consumers-Their-cars/ www.secnews.physaphae.fr/article.php?IdArticle=625283 False None Tesla None Security Affairs - Blog Secu 2018-04-08T08:22:03+00:00 https://securityaffairs.co/wordpress/71154/breaking-news/agent-tesla-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=573178 False None Tesla None SecurityWeek - Security News 2018-04-07T16:58:01+00:00 https://www.securityweek.com/new-agent-tesla-spyware-variant-discovered www.secnews.physaphae.fr/article.php?IdArticle=577110 False None Tesla None Tech Worm - Desc 2018-03-25T15:24:01+00:00 https://www.techworm.net/2018/03/elon-musk-deletes-spacex-and-tesla-pages-from-facebook.html www.secnews.physaphae.fr/article.php?IdArticle=540883 False None Tesla None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-03-23T05:45:02+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/AhUdvfIhrw0/facebook-cambridge-analytica.html www.secnews.physaphae.fr/article.php?IdArticle=536748 False None Tesla None TrendLabs Security - Editeur Antivirus JenkinsMiner malware. The difference: this campaign targets Linux servers. It's also a classic case of reused vulnerabilities, as it exploits a rather outdated security flaw whose patch has been available for nearly five years. Feedback from Trend Micro's Smart Protection Network indicates it's an active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India. ]]> 2018-03-21T12:01:00+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dlZbCxyv9nY/ www.secnews.physaphae.fr/article.php?IdArticle=533334 False None Tesla None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/533862288/0/thesecurityledger -->»]]> 2018-03-20T22:47:05+00:00 https://feeds.feedblitz.com/~/533862288/0/thesecurityledger~Autonomous-vehicles-could-save-more-lives-than-they-take-That-might-not-matter/ www.secnews.physaphae.fr/article.php?IdArticle=532476 False None Tesla,Uber None SecurityWeek - Security News acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. The company said malicious actors gained access to Coverity Scan systems sometime in February. “We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys told users. “We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.” Synopsys says the service is now back online and it believes the point of access leveraged by the attackers has been closed. In order to regain access to Coverity Scan, users will need to reset their passwords. “Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk,” users were told. Cybercriminals have become increasingly interested in making a profit by hacking PCs and servers and abusing them to mine cryptocurrencies. Cryptocurrency mining malware can target a wide range of devices, including industrial systems. One recent high-profile victim was the carmaker Tesla, whose Kubernetes pods were compromised and used for cryptocurrency mining. According to RedLock, which discovered the breach, hackers gained access to Tesla's Kubernetes console due to the lack of password protection. Related: Avoid Becoming a Crypto-Mining Bot - Where to Look for Mining Malware and How to Respond Related: Linux Malware Targets Raspberry Pi for Cryptocurrency Mining ]]> 2018-03-20T07:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/pjXWT1DACL4/coverity-scan-hacked-abused-cryptocurrency-mining www.secnews.physaphae.fr/article.php?IdArticle=531122 False None Tesla,Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Man Flu!” But enough about me, let’s jump into the security goodness! Threat modeling Threat models are great, and poorly understood, or used by security professionals as a universal ‘get out of jail card’. “Why don’t you have 2FA on your web app?” “Oh, that’s not in our threat model.” “Why don’t you sandbox this?” “Oh, that’s not in our threat model” “Why don’t you have your threat model documented?” “Oh, that’s not in our threat model” It’s like the security equivalent to the business saying they “accepted the risk”. An interesting piece in CSO magazine takes a look at common threat model mistakes. 7 threat modeling mistakes you’re probably making | CSO What is threat modeling? | Motherboard Two Billion! Two billion (with a B), that’s the number of files apparently leaked in the US during 2017. The most common type of breach after hacking was unintended disclosure such as cloud storage misconfigurations. That means that millions of records could have been kept secure had someone brushed up on their AWS S3 Bucket security skills and not ticked the box to make it public. We’ve found the APT, the APT is us! Two Billion Files Leaked in US Data Breaches in 2017 | Infosecurity Magazine The US witnesses significant number of healthcare breaches in 2017 | Healthcare Global A SWIFT $6m Unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system. Well, that’s a surprise. It’s not like SWIFT has been targeted ever for malicious purposes… Hackers stole $6 million from Russian bank via SWIFT system: central bank | Reuters India's City Union Bank CEO says suffered cyber hack via SWIFT system | Reuters ]]> 2018-02-23T14:00:00+00:00 http://feeds.feedblitz.com/~/528137265/0/alienvault-blogs~Things-I-Hearted-this-Week-rd-Feb www.secnews.physaphae.fr/article.php?IdArticle=489870 False None Tesla None Tech Worm - Desc 2018-02-22T20:03:04+00:00 https://www.techworm.net/2018/02/hackers-exploit-teslas-cloud-systems-mine-cryptocurrency.html www.secnews.physaphae.fr/article.php?IdArticle=489466 False None Tesla None Security Affairs - Blog Secu 2018-02-22T19:06:02+00:00 http://securityaffairs.co/wordpress/69413/data-breach/tesla-servers-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=489470 False None Tesla None InformationSecurityBuzzNews - Site de News Securite Tesla AWS Hack]]> 2018-02-22T10:15:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/tesla-aws-hack/ www.secnews.physaphae.fr/article.php?IdArticle=488598 False None Tesla None BBC - BBC News - Technology 2018-02-21T14:47:01+00:00 http://www.bbc.co.uk/news/technology-43140005 www.secnews.physaphae.fr/article.php?IdArticle=487231 False None Tesla None IT Security Guru - Blog Sécurité 2018-02-21T14:10:04+00:00 http://www.itsecurityguru.org/2018/02/21/confidential-data-stolen-tesla-staff-failed-secure-cloud-server/ www.secnews.physaphae.fr/article.php?IdArticle=487269 False None Tesla,Uber None ZD Net - Magazine Info 2018-02-20T14:00:02+00:00 http://www.zdnet.com/article/tesla-systems-used-by-hackers-to-mine-cryptocurrency/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=486635 False None Tesla None Bleeping Computer - Magazine Américain 2018-02-20T11:58:04+00:00 https://www.bleepingcomputer.com/news/security/tesla-internal-servers-infected-with-cryptocurrency-miner/ www.secnews.physaphae.fr/article.php?IdArticle=486932 False None Tesla None Korben - Bloger francais Suite]]> 2018-02-01T09:21:30+00:00 http://feedproxy.google.com/~r/KorbensBlog-UpgradeYourMind/~3/JQf6K7iadxs/lautopilote-de-la-tesla-en-video.html www.secnews.physaphae.fr/article.php?IdArticle=462948 False None Tesla None Korben - Bloger francais Suite]]> 2018-01-31T14:55:18+00:00 http://feedproxy.google.com/~r/KorbensBlog-UpgradeYourMind/~3/oXqfvb57-BU/une-sequence-radio-identique-permet-douvrir-a-distance-les-trappes-de-toutes-les-voitures-tesla-et-supercharger.html www.secnews.physaphae.fr/article.php?IdArticle=462750 False None Tesla None TrendLabs Security - Editeur Antivirus Angler exploit kit to deliver ransomware. Starting January 2017, it has eschewed exploit kits in favor of “HoeflerText” (a popular font) phishing attacks or  . In a month, we identified 990 compromised websites injected with a malicious script that diverts the would-be victim to a website related to the tech support scam. Of late, though, the campaign has added the Coinhive JS miner into ongoing attacks, turning the victim's computer into a Monero cryptocurrency miner. Analysis also revealed that this JS cryptocurrency miner is the same “Coinhive” JS miner found embedded in The Pirate Bay's website. Post from: Trendlabs Security Intelligence Blog - by Trend Micro EITest Campaign Uses Tech Support Scams to Deliver Coinhive's Monero Miner ]]> 2017-09-22T16:01:52+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/WdEs8vS9Cvw/ www.secnews.physaphae.fr/article.php?IdArticle=411360 False Guideline Tesla None SecurityWeek - Security News 2017-09-22T15:12:13+00:00 http://feedproxy.google.com/~r/Securityweek/~3/gjYMaT_0wP8/nvidia-patches-several-flaws-gpu-display-drivers www.secnews.physaphae.fr/article.php?IdArticle=411384 False None Tesla None InformationSecurityBuzzNews - Site de News Securite Tesla Model X Hacked]]> 2017-08-02T06:00:21+00:00 http://www.informationsecuritybuzz.com/expert-comments/tesla-model-x-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=391716 False None Tesla None SecurityWeek - Security News 2017-07-28T18:45:55+00:00 http://feedproxy.google.com/~r/Securityweek/~3/Y6LL94wPBpE/tesla-model-x-hacked-chinese-experts www.secnews.physaphae.fr/article.php?IdArticle=390356 False None Tesla None Bleeping Computer - Magazine Américain 2017-07-28T05:35:27+00:00 https://www.bleepingcomputer.com/news/security/chinese-researchers-hack-tesla-model-x-in-impressive-video/ www.secnews.physaphae.fr/article.php?IdArticle=390265 False None Tesla None Naked Security - Blog sophos ]]> 2017-07-07T18:03:15+00:00 https://nakedsecurity.sophos.com/2017/07/07/news-in-brief-fears-as-online-bazaar-goes-dark-tesla-to-build-biggest-battery-eu-move-on-right-to-repair/ www.secnews.physaphae.fr/article.php?IdArticle=382298 False None Tesla None Malwarebytes Labs - MalwarebytesLabs As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. As a result of the recent events, Janus released his private key, allowing all the victims of the previous Petya attacks, to get their files back. Categories: Cybercrime Malware Tags: ChimeraChimera ransomwareEternalPetyaGoldeneye ransomwarejanusNotPetyapetyaPetya ransomwareransomwareteslacrypt (Read more...) ]]> 2017-07-06T17:06:15+00:00 https://blog.malwarebytes.com/cybercrime/2017/07/the-key-to-the-old-petya-has-been-published-by-the-malware-author/ www.secnews.physaphae.fr/article.php?IdArticle=381890 False None Tesla,NotPetya None Bleeping Computer - Magazine Américain 2017-06-21T15:23:04+00:00 https://www.bleepingcomputer.com/news/security/teslaware-plays-russian-roulette-with-your-files/ www.secnews.physaphae.fr/article.php?IdArticle=377134 False None Tesla None Errata Security - Errata Security executive order on "cybersecurity". The first draft during his first weeks in power were hilariously ignorant. The current draft, though, is pretty reasonable as such things go. I'm just reading the plain language of the draft as a cybersecurity expert, picking out the bits that interest me. In reality, there's probably all sorts of politics in the background that I'm missing, so I may be wildly off-base.Holding managers accountableThis is a great idea in theory. But government heads are rarely accountable for anything, so it's hard to see if they'll have the nerve to implement this in practice. When the next breech happens, we'll see if anybody gets fired."antiquated and difficult to defend Information Technology"The government uses laughably old computers sometimes. Forces in government wants to upgrade them. This won't work. Instead of replacing old computers, the budget will simply be used to add new computers. The old computers will still stick around."Legacy" is a problem that money can't solve. Programmers know how to build small things, but not big things. Everything starts out small, then becomes big gradually over time through constant small additions. What you have now is big legacy systems. Attempts to replace a big system with a built-from-scratch big system will fail, because engineers don't know how to build big systems. This will suck down any amount of budget you have with failed multi-million dollar projects.It's not the antiquated systems that are usually the problem, but more modern systems. Antiquated systems can usually be protected by simply sticking a firewall or proxy in front of them."address immediate unmet budgetary needs necessary to manage risk"Nobody cares about cybersecurity. Instead, it's a thing people exploit in order to increase their budget. Instead of doing the best security with the budget they have, they insist they can't secure the network without more money.An alternate way to address gaps in cybersecurity is instead to do less. Reduce exposure to the web, provide fewer services, reduce functionality of desktop computers, and so on. Insisting that more money is the only way to address unmet needs is the strategy of the incompetent.Use the NIST frameworkProbably the biggest thing in the EO is that it forces everyone to use the NIST cybersecurity framework.The NIST Framework simply documents all the things that organizations commonly do to secure themselves, such run intrusion-detection systems or impose rules for good passwords.There are two problems with the NIST Framework. The first is that no organization does all the things listed. The second is that many organizations don't do the things well.Password rules are a good example. Organizations typically had bad rules, such as frequent changes and complexity standards. So the NIST Framework documented them. But cybersecurity experts have long opposed those complex rules, so have been fighting NIST on them.Another good example is intrusion-detection. These days, I scan the entire Internet, setting off everyone's intrusion-detection systems. I can see first hand that they are doing intrusion-detection wrong. But the NIST Framework recommends they do it, because many organizations do it, but the NIST Framework doesn't demand they do it well.When this EO forces everyone to follow the NIST Framework, then, it's likely just going to i]]> 2017-05-12T02:51:43+00:00 http://blog.erratasec.com/2017/05/some-notes-on-trumps-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=364556 False Guideline Tesla,Yahoo None Errata Security - Errata Security Car hackingThe most innovative cyber-thing in the movie is the car hacking. In one scene, the hacker takes control of the cars in a parking structure, and makes them rain on to the street. In another scene, the hacker takes control away from drivers, with some jumping out of their moving cars in fear.How real is this?Well, today, few cars have a mechanical link between the computer and the steering wheel. No amount of hacking will fix the fact that this component is missing.With that said, most new cars have features that make hacking possible. I'm not sure, but I'd guess more than half of new cars have internet connections (via the mobile phone network), cameras (for backing up, but also looking forward for lane departure warnings), braking (for emergencies), and acceleration.In other words, we are getting really close.As this Wikipedia article describes, there are levels for autonomous cars. At level 2 or 3, cars get automated steering, either for parking or for staying in the lane. Level 3 autonomy is especially useful, as it means you can sit back and relax while your car is sitting in a traffic jam. Higher levels of autonomy are still decades away, but most new cars, even the cheapest low end cars, will be level 3 within 5 years. That they make traffic jams bearable makes this an incredibly attractive feature.Thus, while this scene is laughable today, it'll be taken seriously in 10 years. People will look back on how smart this movie was at predicting the future.Car hacking, part 2Quite apart from the abilities of cars, let's talk about the abilities of hackers.The recent ShadowBrokers dump of NSA hacking tools show that hackers simply don't have a lot of range. Hacking one car is easy -- hacking all different models, makes, and years of cars is far beyond the ability of any hacking group, even the NSA.I mean, a single hack may span more than one car model, and even across more than one manufacturer, because they buy such components from third-party manufacturers. Most cars that have cameras buy them from MobileEye, which was recently acquired by Intel.  As I blogged before, both my Parrot drone and Tesla car have the same WiFi stack, and both could be potential hacked with the same vulnerability. So hacking many cars at once isn't totally out of the question.It's just that hacking all the different cars in a garage is completely implausible.God's EyeThe plot of the last two movies as been about the "God's Eye", a device that hacks into every camera and satellite to view everything going on in the world.First of all, all hacking is software. The idea of stealing a hardware device in order enable hacking is therefore (almost) always fiction. There's one corner case where a quantum chip fact]]> 2017-04-26T00:40:17+00:00 http://blog.erratasec.com/2017/04/fast-and-furious-8-fate-of-furious.html www.secnews.physaphae.fr/article.php?IdArticle=359161 False None Tesla None Network World - Magazine Info said.Already, cybersecurity  experts are constantly finding new tech products, whether they be cars or smart teddy bears, that are often poorly secured and easy to hack.  To read this article in full or to leave a comment, please click here]]> 2017-03-06T12:06:45+00:00 http://www.networkworld.com/article/3177287/security/consumer-reports-to-grade-tech-products-on-security-privacy.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=328700 False None Tesla None TrendLabs Security - Editeur Antivirus incorporated in a targeted bot delivery, leveraged to deliver ransomware, infect point-of-sale (PoS) systems, and perpetrate click fraud. The key point of the fileless infection for the attacker is to be able to evaluate each compromised system and make a decision whether the infection process should continue or vanish without a trace. The cybercriminal group Lurk was one of the first to effectively employ fileless infection techniques in large-scale attacks-techniques that arguably became staples for other malefactors. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Lurk: Retracing the Group's Five-Year Campaign ]]> 2017-02-06T10:37:34+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kF9o3H2gLlM/ www.secnews.physaphae.fr/article.php?IdArticle=306836 False Guideline Tesla None Network World - Magazine Info 2009, but on Thursday, authorities in the U.S. and Europe announced they had arrested five suspects allegedly involved with it.Avalanche has been found distributing more 20 different malware families including GozNym, a banking Trojan designed to steal user credentials, and Teslacrypt, a notorious ransomware. Europol estimated the network has caused hundreds of millions of dollars in damages across the world.To read this article in full or to leave a comment, please click here]]> 2016-12-01T13:06:11+00:00 http://www.networkworld.com/article/3145681/security/major-cybercrime-network-avalanche-dismantled-in-global-takedown.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=264810 False None Tesla None Malwarebytes Labs - MalwarebytesLabs A compilation of notable security news and blog posts from the 20th of November to the 26th. This week, we talked about PrincessLocker, ransomware decryptors, malvertising on the Mac, and the Windows Firewall.Categories: Security world Week in securityTags: decryptorfirewallmalvertisingPrincessLockerransomwarerecapteslacryptweekly blog roundup(Read more...)]]> 2016-11-28T23:30:21+00:00 https://blog.malwarebytes.com/security-world/2016/11/a-week-in-security-nov-20-nov-26/ www.secnews.physaphae.fr/article.php?IdArticle=261671 False None Tesla None Network World - Magazine Info remotely hacked while it was being driven. The hack demonstrated by Promon, a Norwegian security company, provided “additional functionality” for cyber thugs to control the vehicle, including enabling “keyless driving functionality,” which could allow a crook to drive away with a Tesla without have a key fob present.To read this article in full or to leave a comment, please click here]]> 2016-11-28T09:07:00+00:00 http://www.networkworld.com/article/3144481/security/researchers-showed-how-to-exploit-app-flaw-and-steal-a-tesla-model-s.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=261621 False None Tesla None