Brute-force Attacks on Edge Devices Increases
infosecurity-magazine.com - Author: Kacy Zurkus - Date: May 1st, 2019
Edge devices are sometimes left as an afterthought as access points for hackers to exploit. Recently, security experts have found that there has been an increase in brute-force hacking attempts on edge devices. According to the to a new white paper released by the Cyber Threat Alliance the concerning part isn't that the attacks have been increasing its that the amount of protections implemented for these devices has not been keeping pace. “This is often due to a lack of built-in security and a 'set it and forget it' mentality by owners", the blog said.
New, '10KBLAZE', Exploit Targets SAP Platform and Systems
infosecurity-magazine.com - Author: Kacy Zurkus - Date: May 2nd, 2019
New exploits have been compromising SAP's platform and systems. New research done by Onapsis Inc. has discovered that “In exposed systems, the exploits can be executed by a remote, unauthenticated attacker having only network connectivity to the vulnerable systems". The exploit, called 10KBLAZE, can potentially harm customers on the NetWeaver Application Server (AS) and S/4HANA systems.
Less Than Half of US Organizations Ready for California Consumer Privacy Act (CCPA)
infosecurity-magazine.com - Author: Kacy Zurkus - Date: May 3rd, 2019
The California Consumer Privacy Act (CCPA) will be going into effect starting January 1, 2020. The penalty of not complying and with the new law is that if a breach incident were to occur the business would have to pay up to $7,500 per incident. This can get very costly if the breach carries into the thousands. In preparation, security researchers have analyzed US Organizations to see how prepared they are for the new regulations and found that nearly half of the companies they looked at will not be ready for CCPA. According to the research done by the International Association of Privacy Professionals (IAPP) and OneTrust, only 55% of companies report that they will be ready by the January effective date.
Large Surge in Spam Emails Caused by Compromised Office 365 Accounts
infosecurity-magazine.com - Author: Phil Muncaster - Date: April 11th, 2019
There has been a rise in malicious and spam emails due to the increase of account takeovers in cloud-based email accounts. Thousands of Office 365 accounts were compromised in just one month and contributed to a surge of 1.5 million spam emails. The accounts were mainly taken over by personal credentials that were gathered from the user's personal accounts via brute-force attacks or other online application channels. With the rise of using cloud-based email services to host daily communications operations, it is imperative that we implement additional security measures such as Multi-factor Authentication (MFA) to add an extra layer of security to our accounts to prevent hackers from accessing and exploiting them.
Security Researchers Find a Simple Way to "Hack" Tesla’s Autopilot feature
sciencetimes.com - Date: April 21st, 2019
Tencent's Security Research Lab in China was able to push a Tesla Model S to the wrong side of the road by tricking Tesla's autopilot system with a seemingly simple "hack".
The controversy around all of this isn't the fact that the security researchers were able to affect the Tesla, but rather, the fact that they didn't have to touch any code to do so.
They were able to trick the Autopilot system by spray painting white dots in the middle of the road which caused the car to steer off onto the other side. Now, although they are not technically "hacking" the car itself, they are influencing its functionality using external methods. The debate is whether or not this is technically considered hacking the system itself.
Is tricking the AI considered hacking? We would love to hear your opinions in the comments section.
If you want to read more about this story by clicking the link below