Any publicity seems to attract the hacker
piranhas.
Note: as Catalin Cimpanu
points out on Twitter, “Neither RedLock nor Tesla confirmed that
“confidential data” was stolen. Tesla said the opposite in their
statement. The reporter is going out on a limb on this one.”
Duncan Riley reports:
Elon Musk may be able to send a Tesla Inc. vehicle into space, but apparently his staff can’t secure data online so easily. A shocking report released this morning details the theft of data from the electric car company, blaming it on gross staff incompetency.
According to researchers at cloud security firm RedLock Ltd., hackers infiltrated Tesla’s Kubernotes console after the company failed to secure it with a password. Within one of the Kubernetes pods, a group of software containers deployed on the same host, sat the access credentials to Telsa’s Amazon Web Service Inc. account.
Read more on SiliconAngle.
[From
the article:
Because it’s the fashion in 2018, the hackers
then installed cryptomining software, including sophisticated evasion
measures to hide the installation.
A “How To” article that allows us to consider
“How To Avoid!”
Phishing
schemes net hackers millions of dollars from Fortune 500
On Wednesday, researchers from IBM's X-Force
Incident Response and Intelligence Services (IRIS) team said the
Business Email Compromise (BEC) scheme is currently active and is
successfully targeting Accounts Payable (AP) teams at Fortune 500
companies.
In
a blog post, the researchers said that after discovering evidence
of the threat in Fall 2017, their analysis of the campaign led them
to Nigeria, where the threat actors appear to be operating.
The BEC uses social engineering attacks and
phishing emails in order to obtain legitimate credentials for
enterprise networks and email accounts.
In many cases, publicly available information is
used to craft messages which appeared legitimate and entice phishing
victims to visit malicious domains.
… This BEC is of special note as no malware
was used and as legitimate employees were conducting transactions,
traditional security products and protocols would not be able to
detect any compromise.
From the White House! So you know it can’t be
“fake news.”
CEA Report:
The Cost of Malicious Cyber Activity to US Economy
[February 16, 2018] “the Council of Economic
Advisers (CEA) released a report detailing the economic costs of
malicious cyber activity on the U.S. economy. Please see below for
the executive summary and read the full report here.
This report examines the substantial economic costs that malicious
cyber activity imposes on the U.S. economy. Cyber threats are
ever-evolving and may come from sophisticated adversaries.
-
We estimate that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.
-
Cybersecurity experts like to say that in an act of war or retaliation, the first moves will be made in cyberspace. A cyber adversary can utilize numerous attack vectors simultaneously. The backdoors that were previously established may be used to concurrently attack the compromised firms for the purpose of simultaneous business destruction.
For our discussion of Law & Regulation.
The Laws
and Ethics of Employee Monitoring
… Federal and most state privacy laws give
discretion to employers as to how far they can go with their employee
monitoring. In some cases, employers do not have to inform employees
of the monitoring, but this depends on state and local laws. Some
locations require employee consent to monitor.
"As a general rule, employees have little
expectation of privacy while on company grounds or using company
equipment, including company computers or vehicles," said Matt
C. Pinsker, adjunct professor of homeland security and criminal
justice at Virginia Commonwealth University.
Monitoring must be within reason. For example,
video surveillance can be conducted in common areas and entrances;
however, it should be obvious that surveillance in bathrooms or
locker rooms is prohibited and can open a company up to legal
repercussions.
No comments:
Post a Comment