Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Saturday Security Spotlight: Tesla, FedEx, & the White House

Published 03/08/2018

Saturday Security Spotlight: Tesla, FedEx, & the White House

By Jacob Serpa, Product Marketing Manager, Bitglass

Here are the top cybersecurity stories of recent weeks:

—Tesla hacked and used to mine cryptocurrency

—FedEx exposes customer data in AWS misconfiguration

—White House releases cybersecurity report

—SEC categorizes knowledge of unannounced breaches as insider information

—More Equifax data stolen than initially believed

Tesla hacked and used to mine cryptocurrency By targeting a Tesla instance of Kubernetes, Google's open-source administrative console for cloud apps, hackers were able to infiltrate the company. The malicious parties then obtained credentials to Tesla's AWS environment, gained access to proprietary information, and began running scripts to mine cryptocurrency using Tesla's computing power. FedEx exposes customer data in AWS misconfiguration FedEx is one of the latest companies to suffer from an AWS misconfiguration. Bongo, acquired by FedEx in 2014 and subsequently renamed CrossBorder, is reported to have left its S3 instance completely unsecured, exposing the data of nearly 120,000 customers. While it is believed that no data theft occurred, the company still left sensitive information (like customer passport details) exposed for an extended period. White House releases cybersecurity report In light of the escalating costs of cyberattacks in the United States, the White House released a report scrutinizing the current state of cybersecurity. In particular, the report recognized the critical link between cybersecurity and the economy at large. Should other countries execute cyberattacks against organizations responsible for US infrastructure, the repercussions could be severe. SEC categorizes knowledge of unannounced breaches as insider information The Securities and Exchange Commission recently announced that knowledge of unannounced breaches is insider information that should not be used to inform the purchase or sale of stock. This comes largely in response to Intel and Equifax executives selling stock before their companies announced breaches. More Equifax data stolen than initially believed In September of 2017, Equifax announced a massive breach that leaked names, home addresses, Social Security Numbers, and more. Interestingly (and frighteningly), it now appears that even more data was leaked than the company originally reported.

Share this content on your favorite social network today!