A savvy car thief could drive off with a Tesla Model S by using just a few, relatively inexpensive pieces of computing hardware and some radios — at least, the thief could have until recently, when Tesla fixed an overlooked vulnerability in its cars’ security systems.
The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse. The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.
A concentrated spam campaign pushing ransomware is targeting businesses in Europe, encrypting files and demanding victims pay a ransom in order to retrieve them.
British Airways disclosed a data breach impacting customer information from roughly 380,000 booking transactions made between August 21 and September 5 of this year. The company said that names, addresses, email addresses, and sensitive payment card details were all compromised. Now, researchers from the threat detection firm RiskIQ have shed new light on how the attackers pulled off the heist.
Researchers have uncovered vulnerabilities in popular virtual private network (VPN) software, ProtonVPN and NordVPN, which can lead to the execution of arbitrary code by attackers.