Tag: Million | Page 4

Ethical Hackers Hack into $1.323 Million Worth of Vulnerabilities at Automotive World

February 6, 2024/in Internet Security

VicOne, a leading provider of automotive cybersecurity solutions, hosted “Pwn2Own Automotive 2024”, its first ethical hacking event exclusively for the automotive sector, at Automotive World in Tokyo (January 24-26, 2024) to explore and address cybersecurity challenges in the automotive industry.

The event was dedicated to discovering and fixing digital security vulnerabilities of connected cars to protect the cybersecurity of vehicles. Specifically, 17 white hat hacker team and individuals from nine countries participated in a total of over 50 entries both remotely and on-site in four categories:

Tesla
In-Vehicle Infotainment (IVI)
EV Chargers
Operating System

The participants competed for cash and prizes worth US $1,323,750. A total of 49 unknown security vulnerabilities (zero-day vulnerabilities) were discovered by the participants over the three days. To win, participants had to take advantage of newly discovered vulnerabilities to attack target systems and devices and execute arbitrary instructions. The event was not only about prestige and competition between the best white hat hackers on the scene, but also about collaboration within the automotive industry and with external IT cybersecurity experts to make the entire industry safer.

VicOne’s parent company, global cybersecurity leader Trend Micro™, co-hosted the event through the Zero Day initiative™ (ZDI), the world’s largest vendor-agnostic bug bounty program. Electric vehicle manufacturer Tesla, as the main sponsor of the event, put its own products to the test including a modem, infotainment system, and Model Y vehicle. Individual hackers and hacking teams from countries including the USA, Vietnam, Japan, the UK, Hungary, the Netherlands, France, and Germany took part.

The winning team Synacktiv from France came away with a total profit of US $450,000, and now holds the title of “Master of Pwn.” With a total profit of US $177,500, the German fuzzware.io team took second place. The hackers from fuzzware.io targeted the Sony XAV-AX5500 and the Alpine Halo9 iLX-F509 in the In-Vehicle Infotainment (IVI) category, as well as the ChargePoint Home Flex, the Autel MaxiCharger AC Wallbox Commercial,…

Source…

Ransomware gang demands €10 million after attacking Spanish council

January 16, 2024/in Internet Security

The mayor of Calvià, a municipality on the Spanish island of Majorca, has said the city council will not be paying an approximately €10 million extortion fee demanded by criminals following a ransomware attack.

Calvià, a region on the southwestern part of the resort island, has around 50,000 residents who have been informed that the council is working to “recover normality as soon as possible.”

In a statement on the council’s website, it confirmed that a crisis cabinet had been formed to evaluate the scope of the cyberattack, which was discovered on Saturday morning.

“The IT Service, accompanied by a team of specialists, is working on the mandatory forensic analyses, as well as on the recovery processes of our affected services,” the statement said.

Mayor Juan Antonio Amengual has said he will not consider paying the extortion fee, as reported by the Majorca Daily Bulletin. He also released a video statement on social media.

Spain was among the Counter Ransomware Initiative signatories that last year pledged “relevant institutions under the authority of our national government should not pay ransomware extortion demands.”

As a result of the attack on Calvià, the council has had to temporarily suspend all administrative deadlines — for instance the submission of civil claims and requests — until the end of January.

The city council said it had contacted the cybercrime department of the Civil Guard and shared its preliminary forensic analysis.

“The city council deeply regrets the inconvenience that this situation may cause and reiterates its firm commitment to resolve the current situation in the most orderly, rapid and effective manner possible,” the website said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

Source…

This hacker used over a million virtual servers to create an incredibly powerful network – but then wasted it on mining crypto

January 15, 2024/in Computer Security

Ukrainian police have arrested a hacker who allegedly used compromised servers belonging to an American company to secretly mine cryptocurrencies.

The Ukrainian cyberpolice revealed the individual was able to create a million virtual servers on which he proceeded to install cryptojackers – cryptocurrency miners that try to operate in the background and without the knowledge or consent of the endpoint’s owners.

The individual, an unnamed 29-year-old man, had been allegedly active since 2021. He first brute-forced his way into 1,500 accounts of a subsidiary of “one of the world’s largest ecommerce companies” – although the name of the affected company was not disclosed.

Causing damage

After brute-forcing his way into the devices, the criminal created a million virtual computers and installed the cryptocurrency miners. Everything he managed to mine, he moved using the TON wallet. The police claim the volume of the transactions amounted to approximately $2 million.

The hacker was arrested on January 9, during which the police confiscated computer equipment, bank and SIM Cards, electronic media, and other evidence. He is now facing criminal charges.

To successfully mine cryptocurrencies, a person would need a high-end computer and an internet connection. Mining the tokens is a compute-heavy operation, which makes the computer practically useless for anything else. Furthermore, the operation uses a lot of electricity, too, racking up the energy bill quickly.

That’s why hackers often try to compromise corporate servers – they’re powerful devices that can mine plenty of coins, while leaving the headache of the electricity bill to someone else.

Furthermore, while the servers are too occupied mining the coins, they are too slow to be used for their original purpose, which increases the expenses for the victim company even further. Those are just some of the reasons why some analysts claim that for every $1 of cryptocurrency mined, the victim suffers roughly $53 in damages.

Hackers usually use cryptojackers to mine Monero (XMR), a privacy-oriented coin which, allegedly, is practically untraceable. XMRig is one of the most popular cryptominers out there.

Via:

Source…

1.3 Million FNF Customers’ Data Potentially Exposed in Ransomware Atta

January 11, 2024/in Internet Security

Fidelity National Financial (FNF) has revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack it suffered in 2023.

The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated filing on January 9, 2024.

The incident was first disclosed in November 2023, and forced FNF to take down certain systems, resulting in disruption to its business operations.

The ALPHV/BlackCat ransomware group subsequently claimed responsibility for the attack, announcing FNF’s inclusion on their leak site.

New Details About the FNF Ransomware Attack

The updated filing appeared to confirm the incident was a ransomware attack.

The firm stated that following the completion of a forensic investigation on December 13, “we determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data.”

FNF said it has notified approximately 1.3 million potentially impacted consumers, and is providing them with credit monitoring, web monitoring and identity theft restoration services.

It is also continuing to coordinate with law enforcement, regulators and other stakeholders.

There is no evidence any customer-owned system was directly impacted in the incident, nor has it received any customer reports that this has occurred, the company said.

FNF successfully contained the incident on November 26, 2023, and full services have been restored. The last confirmed date of unauthorized third-party activity in its network was November 20, 2023.

“At this time, we do not believe that the incident will have a material impact on the Company,” read the filing.

Details relating to how the attackers gained initial access into the firm’s systems and the nature of the personal data that was exposed were not provided.

FNF acknowledged that it is subject to several lawsuits related to the incident and will “rigorously defend itself” against such claims.

Earlier this week (January 9), retail mortgage lender LoanDepot revealed it had…

Source…

Tag Archive for: Million

New Details About the FNF Ransomware Attack