Saturday Security Spotlight: Tesla, FedEx, & the White House
Published 03/08/2018
By Jacob Serpa, Product Marketing Manager, Bitglass
Here are the top cybersecurity stories of recent weeks:
—Tesla hacked and used to mine cryptocurrency
—FedEx exposes customer data in AWS misconfiguration
—White House releases cybersecurity report
—SEC categorizes knowledge of unannounced breaches as insider information
—More Equifax data stolen than initially believed
Tesla hacked and used to mine cryptocurrency By targeting a Tesla instance of Kubernetes, Google's open-source administrative console for cloud apps, hackers were able to infiltrate the company. The malicious parties then obtained credentials to Tesla's AWS environment, gained access to proprietary information, and began running scripts to mine cryptocurrency using Tesla's computing power. FedEx exposes customer data in AWS misconfiguration FedEx is one of the latest companies to suffer from an AWS misconfiguration. Bongo, acquired by FedEx in 2014 and subsequently renamed CrossBorder, is reported to have left its S3 instance completely unsecured, exposing the data of nearly 120,000 customers. While it is believed that no data theft occurred, the company still left sensitive information (like customer passport details) exposed for an extended period. White House releases cybersecurity report In light of the escalating costs of cyberattacks in the United States, the White House released a report scrutinizing the current state of cybersecurity. In particular, the report recognized the critical link between cybersecurity and the economy at large. Should other countries execute cyberattacks against organizations responsible for US infrastructure, the repercussions could be severe. SEC categorizes knowledge of unannounced breaches as insider information The Securities and Exchange Commission recently announced that knowledge of unannounced breaches is insider information that should not be used to inform the purchase or sale of stock. This comes largely in response to Intel and Equifax executives selling stock before their companies announced breaches. More Equifax data stolen than initially believed In September of 2017, Equifax announced a massive breach that leaked names, home addresses, Social Security Numbers, and more. Interestingly (and frighteningly), it now appears that even more data was leaked than the company originally reported.