Cybersecurity Weekly: Uber breach, Tesla Model Y NFC hack, EvilProxy phishing

September 19, 2022 by Ryan Miner

Details on Uber breach are still hazy, New Tesla Model Y NFC hack, and phishing service bypasses 2FA. All these and more in this week’s edition of Cybersecurity Weekly.

1. Uber claims ‘No sensitive data exposed’ in latest breach, but…

“‘No evidence’ could mean the attacker did have access, Uber just hasn’t found evidence that the attacker *used* that access for ‘sensitive’ user data,” Demirkapi said. “Explicitly saying ‘sensitive’ user data rather than user data overall is also weird.”
Read more »

2. Real estate phish swallows 1,000s of Microsoft 365 credentials

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender’s Safe Links feature for identifying malicious links in emails completely failed in the campaign.
Read more »

3. New EvilProxy phishing service allowing cybercriminals to bypass two-factor security

Researchers have identified a new phishing-as-a-service (PhaaS) called EvilProxy that is being promoted in the dark web as a way for cybercriminals.
Read more »

4. New attack can unlock and start a Tesla Model Y in seconds, say researchers

Car thieves have found a new way to steal Tesla’s using a sophisticated relay attack, and it won’t be easy to fix.
Read more »

5. Passengers exposed to hacking via vulnerabilities in airplane Wi-Fi devices

Vulnerabilities found in Flexlan wireless LAN devices used for airplane Wi-Fi can be exploited by a passenger to hack other passengers.
Read more »

Posted: September 19, 2022
Ryan Miner
View Profile