Cybersecurity Weekly: Uber breach, Tesla Model Y NFC hack, EvilProxy phishing
Details on Uber breach are still hazy, New Tesla Model Y NFC hack, and phishing service bypasses 2FA. All these and more in this week's edition of Cybersecurity Weekly.
1. Uber claims 'No sensitive data exposed' in latest breach, but...
"'No evidence' could mean the attacker did have access, Uber just hasn't found evidence that the attacker *used* that access for 'sensitive' user data," Demirkapi said. "Explicitly saying 'sensitive' user data rather than user data overall is also weird."
2. Real estate phish swallows 1,000s of Microsoft 365 credentials
The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.
3. New EvilProxy phishing service allowing cybercriminals to bypass two-factor security
Researchers have identified a new phishing-as-a-service (PhaaS) called EvilProxy that is being promoted in the dark web as a way for cybercriminals.
4. New attack can unlock and start a Tesla Model Y in seconds, say researchers
Car thieves have found a new way to steal Tesla's using a sophisticated relay attack, and it won't be easy to fix.
5. Passengers exposed to hacking via vulnerabilities in airplane Wi-Fi devices
Vulnerabilities found in Flexlan wireless LAN devices used for airplane Wi-Fi can be exploited by a passenger to hack other passengers.