For discussion of current events in security and cybersecurity
- 33 Topics
- 95 Replies
Did anyone watch this video the Wall Street Journal published? Cybersecurity experts warn that EVs will be ripe targets for hackers unless more attention is paid to the risk. I think I'm like most people following the trend of wanting a more eco-friendly environment, but I can't help but worry that electric vehicles are especially vulnerable to cyberattacks. Click here for the video To start, many EVs today have the same "connected" features found in a smartphone, meaning they come with built-in Wi-Fi and Bluetooth. This means hackers could potentially access the car's systems remotely to control its functions or retrieve data from it. Hackers could also use a car's navigation system to track its movements, or even disable the vehicle completely.Ultimately, there's no way to guarantee an EV won't be hacked, but automakers and security experts can work together to protect against cyber threats and make sure EVs are as safe as possible. As more people switch over to electric vehicles,
Change your passwords because this time they got into the vault:https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/US Marshalls and Dish also got hit:https://abcnews.go.com/amp/US/us-marshals-service-hit-ransomware-attack/story?id=97505610https://techcrunch.com/2023/02/27/dish-outage-reported-cyberattack/I don’t know what’s going on lately, but the ransomware attacks are coming fast and strong. Stay safe out there and make sure you have write-only backups!
https://www.darkreading.com/risk/1-in-4-cisos-will-leave-cybersecurity-by-2025Looks like the shortage of talent is just going to get worse as the ones currently working get burned out and move to another career. What’s your level of burnout and how seriously have you considered switching careers?
Researchers from the Polish CERT team published this fascinating blog on their attempts to narrow the search space and brute force Phobos ransomware using GPUs for parallel processing:https://cert.pl/en/posts/2023/02/breaking-phobos/Discussion from Hacker News: https://news.ycombinator.com/item?id=34923842My favorite part is their estimate of how a network the size of Bitcoin could make short work of the search space:2**67 sha256 invocations is still a lot, but it's getting manageable. For example, this is coincidentally almost exactly the current BTC hash rate. This means, if the whole BTC network was repurposed to decrypting Phobos victims instead of pointlessly burning electricity, it would decrypt one victim per second
https://www.bleepingcomputer.com/news/security/fbi-is-investigating-a-cybersecurity-incident-on-its-network/From the article:The U.S. Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency’s network.The federal law enforcement agency says it already contained the "isolated incident" and is working to uncover its scope and overall impact."The FBI is aware of the incident and is working to gain additional information," the U.S. domestic intelligence and security service told BleepingComputer."This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time."--In other news, there’s an iOS zero day out, so make sure you update your iDevices:https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html
https://www.afcea.org/signal-media/cyber-edge/europe-tackle-cyber-new-lawIt looks like they’re planning a two-tiered system of requirements, and tightening up reporting requirements.It’s going to be a messy time for cybersecurity, although on the plus side we’re getting (hopefully) better regulation, and there’s going to be a ton of work to go around for those of us in the field. This will be the first update to the cybersecurity regulations since 2016.What would you hope to see in the results of this new law? Any predictions of what’s likely to be in there?
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.