Tag Archive for: Motors

General Motors Announces Data Breach; Zoom Releases Security Patch

/in


Data breaches are not a new occurrence, but if you feel as though they have become much larger in scale over the past couple of years, those feelings are not misguided. According to research conducted by AtlasVPN, around 5.9 billion records were affected by a data breach in 2021, a new record high.

In this week’s BlackCloak Thursday Threat Update, we’ll take a look at a data breach disclosed by General Motors and a security patch recently released by Zoom.

General Motors discloses data breach

What we know: General Motors announced it was the victim of a data breach, as the automotive manufacturer discovered malicious login activity between April 11 and April 29. While details are still unfolding, cybercriminals may have had access to the personal information of GM online and mobile application accounts, including users’ names, home and email addresses, phone numbers, and usernames. General Motors said in its data breach notification letter that cybercriminals were able to login through credentials they gathered from other data breaches not tied to the company.

Recommendation: In order to access an account, GM is requiring all users to reset their passwords. When you do, create a password that is long, complex and is completely unique from all of your other passwords. Since the incident occurred because of compromised credentials from other data breaches, now is a good time to reset the passwords for all of the services you use to ensure they are all completely unique. Be on the lookout for phishing scams as well. While they are commonly conducted via email, cybercriminals can also perform these scams through text messages and phone calls, practices known as “smishing” and “vishing,” respectively.

Zoom releases security patch for ‘zero click’ vulnerability

What we know: Zoom has released a security patch to address a vulnerability affecting Windows, macOS, iOS and Android users. A Google Project Zero security researcher discovered the vulnerability, which can give cybercriminals the ability to compromise a victim’s account through Zoom’s chat functionality without any user interaction. Should a cybercriminal exploit this flaw, they could force the targeted…

Source…

Mitsubishi Motors taps Cyfirma to strengthen cybersecurity posture – Back End News

/in


Japanese automaker Mitsubishi Motors Corp. (Mitsubishi Motors) has tapped the services of Cyfirma, a predictive cyber-threat visibility and intelligence analytics platform company to expand visibility on external threat landscape.

Cyfirma’s cloud-based, AI-powered cybersecurity platform, DeCYFIR, not only offers full visibility on the potential threats but also enables companies’ security officers to prepare against upcoming attacks and prevent the theft of intellectual property.

Mitsubishi is among the automakers in the world that invested in autonomous driving assistance systems, electric vehicles and connected services, which means cyber threats are not far behind.

“Customer safety and their personal information remain our utmost priority at Mitsubishi Motors,” said Yamane, GM of Information Security Management Office, Mitsubishi Motors. “With the rising level of cyberattacks, cybersecurity threat intelligence information becomes paramount as a countermeasure and deterrence to these risks. We are confident that CYFIRMA is the right partner for us to work with,”

Leveraging Cyfirma’s DeCYFIR platform allows Mitsubishi Motors to gain full visibility into the external threat landscape by monitoring the Dark Web and tracking any activity or conversation that poses a threat to its business. This ability, coupled with having established computer security incident response teams to collect and analyze cyber threats across various business units, will strengthen Mitsubishi Motors’ cybersecurity posture and increase business resiliency.

Based on analysis of threat indicators collected from the Deep Web, Dark Web, hacker forums, and other closed communities, as well as Cyfirma’s own research, attacks can be predicted using probability prediction models and analytics engines. By providing threat intelligence from the outside, Cyfirma is able to share early warning information when signs of cyber-attacks are detected, enabling Mitsubishi Motors to take rapid action to thwart attempts at intellectual property theft, and other malicious activities.

“We are confident that our DeCYFIR platform will be instrumental in helping them strengthen their cyber…

Source…

Tesla Motors, Inc. (NASDAQ:TSLA) – Russian Hacker Pleads Guilty To Offering $1M Bitcoin Bribe To Tesla Employee

/in


A Russian national who attempted to hack Tesla Inc. (NASDAQ: TSLA) last year and introduce malware to compromise the company has pleaded guilty in the U.S. and could spend up to ten months in prison, according to a report by The Associated Press.

What Happened: Egor Igorevich Kriuchkov pleaded guilty to conspiracy to intentionally cause damage to a protected computer, as per the report.

A federal lawsuit was filed against Kriuchkov in Nevada last August. The Russian national was accused of offering a $1 million bribe in Bitcoin (CRYPTO: BTC) to an employee at a company in Nevada – identified then only as Company A – to surreptitiously insert malware into the company’s systems.

Tesla CEO Elon Musk later confirmed that the automaker was the subject of a hacking attempt by a Russian national and his co-conspirators.

Kriuckkov said the insider job would be camouflaged with a distributed denial of service attack on plant computers from outside in order to overwhelm the servers with junk traffic, as per the Associated Press, which cited court documents. The hackers then planned to extort Tesla for a ransom payment.

See Also: Why Tesla’s Charging Stations Are A Key Advantage For Its Future

Why It Matters: The data breach shows how companies need to take more effective steps to deal with the threat of cyberattacks that have increased in intensity amid the pandemic. It also shows how hackers could take data from companies, including Tesla, hostage in exchange for ransom funds.

Earlier this month, Tesla was among the several companies that were impacted by a massive security-camera breach, with hackers gaining access to live footage from the electric car maker’s factories and warehouses.

Price Action: Tesla shares closed about 0.3% higher on Friday at $654.87.

Click here to check out Benzinga’s EV Hub for the latest electric vehicles news

© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Source…

Kia Motors America: Ransomware Not Behind Extended Systems Outage

/in


Kia Motors America stated that a ransomware attack was not the apparent cause of an extended systems outage affecting the automobile dealer’s IT systems. It all started with an error message…

According to Bleeping Computer, the outage started on February 13 when the Kia Owners Portal went offline and displayed the following error message:

We are currently experiencing an IT service outage that has impacted some internal networks. Our customers are our top priority, and we are working to resolve the issue quickly.

The Kia Owners Portal is a platform where owners of Kia automobiles can book an appointment with a dealer, store their insurance and/or registration information and more.

Bleeping Computer confirmed in its reporting that the outage affected the phone self-help services operated by Kia Motors America, a subsidiary of Kia Motors Corporation headquartered in Irvine, California. Those services informed callers that unspecified server issues might undermine the company’s ability to provide customer support. 

The outage also affected customers’ ability to use the Kia Access with UVO Link, UVO eServices and Kia Connect mobile apps, the customer self-help website wrote. In a statement provided to Bleeping Computer, the automobile dealer did not provide any details about the cause of the outage:

KMA is aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible.

On February 16, however, a user tweeted out that they had attempted to pick up their car from one of the 800 dealerships operated by Kia Motors when a manager informed them that they couldn’t drive their car off the lot that day because a ransomware attack had knocked some of Kia’s computer systems offline:

kia-blog-screenshot

The following day, Bleeping Computer received what appeared to be a ransom note from the DoppelPaymer ransomware group indicating that the gang had successfully attacked Hyundai Motor America, Kia’s parent company.

In their ransom message, the attackers asserted that they had stolen a “huge amount” of data from Kia…

Source…