U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers compromised a Tesla Internal Servers with a Cryptocurrency miner

Cloud security firm RedLock discovered that hackers have compromised the Tesla cloud computing platform to mine cryptocurrency. Tesla has confirmed that hackers have compromised its cloud computing platform to mine cryptocurrency, after the incident was discovered by cloud security firm RedLock. The hackers have breached the Tesla cloud servers and have installed a crypto currency […]

Tesla security breach

Cloud security firm RedLock discovered that hackers have compromised the Tesla cloud computing platform to mine cryptocurrency.

Tesla has confirmed that hackers have compromised its cloud computing platform to mine cryptocurrency, after the incident was discovered by cloud security firm RedLock.

The hackers have breached the Tesla cloud servers and have installed a crypto currency miner, the company fixed the issue exploited by the hackers “within hours.”

The attackers gained access to the Tesla’s Amazon Web Services environment on a Kubernetes console that was reportedly not password-protected. The console is used by companies to manage the infrastructure deployed on the cloud hosting providers.

“According to RedLock, the hackers discovered log-in details to Tesla’s Amazon Web Services environment on a Kubernetes console – a system originally designed by Google to manage applications. The console was reportedly not password-protected.” states the BBC.

RedLock experts discovered a “pod” inside the Kubernetes console that stored login credentials for one of Tesla’s AWS cloud infrastructure.

The security breach happened in 2017, according to the company no customer data had been stolen.

“Our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way,” said a Tesla spokesman.

According to RedLock, the exposed AWS buckets contained sensitive information, including telemetry data.

“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.” reads a blog post published by RedLock.

Tesla security breach

Tesla promptly fixed the problem once RedLock notified its discovery.

RedLock added that the security breach was caused by Tesla engineers that forgot to implement an authentication mechanism to the Kubernetes console.

Because they used a custom mining pool, it is unclear how much money this hacker group made.

RedLock confirmed that other companies left their bucket exposed online last year, including Aviva and Gemalto.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Tesla, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]