Emerging Threats to the Automotive Supply Chain From Ransomware Groups
February 22, 2024More automotive manufacturers and suppliers have fallen prey to ransomware groups in January 2024, further highlighting the need for more robust automotive cybersecurity amid a rapidly evolving threat landscape.
CyberThreat Research LabExtending the Lessons From Pwn2Own Automotive
February 15, 2024With the close of the first-ever Pwn2Own Automotive, the challenge now is to make the most out of the discoveries and insights from the event. We summarize here our own impressions of the event, homing in on emergent security gaps and industry trends.
CyberThreat Research Lab44 Unique Zero-Day Vulnerabilities Discovered at Pwn2Own Automotive Are Detectable Only by VicOne Products
February 8, 2024VicOne products are the only automotive cybersecurity products in the market that can detect 44 unique zero-day vulnerabilities that were discovered during the three-day Pwn2Own Automotive event held in January 2024.
VicOneHow to Avoid Source Code Breaches: Lessons From the Mercedes-Benz GitHub Token Leak
February 7, 2024Researchers discovered a GitHub token leaked by a Mercedes-Benz employee, potentially exposing the automaker’s internal coding infrastructure, intellectual property, and other sensitive data. This breach stemmed from a sequence of avoidable errors, highlighting the importance of robust security measures in safeguarding digital assets.
CyberThreat Research LabZero to Hero: Revolutionizing Automotive Cybersecurity With the Best Zero-Day Threat Intelligence
January 29, 2024We discuss the crucial element that should be included in automotive threat intelligence so that organizations can better draw valuable insights to respond promptly and effectively to the constantly evolving landscape of cyberthreats.
VicOnePwn2Own Automotive Day 3: EV Chargers Take the Front Seat and the Contest Crowns Its First Master of Pwn
January 26, 2024The final day of Pwn2Own Automotive saw seven (out of the scheduled nine) attempts targeting EV chargers, and the Synacktiv team cemented its lead to win the title of Master of Pwn. All in all, the three-day event awarded over US$1.3 million for 49 unique zero-day vulnerabilities.
VicOnePwn2Own Automotive Day 2: Multiple Multi-Bug Chains, a Second Tesla Attack, and Other Highlights
January 25, 2024Day 2 of Pwn2Own Automotive saw multiple multi-bug chains, with Synacktiv using a two-bug chain to attack a Tesla infotainment system and adding another US$100,000 to the team's earnings. Two days into the contest, over US$1,000,000 in prizes had already been awarded.
VicOnePwn2Own Automotive Day 1: A 3-Bug Chain Against a Tesla, a Remote Attack Demo, and Other Highlights
January 24, 2024US$722,500 in prizes was awarded for 24 unique exploits during the first day alone of the inaugural edition of Pwn2Own Automotive, the world’s first and only event focusing on vulnerabilities in technologies for connected cars.
VicOneAdvancing Vulnerability Discovery Amid Automotive Innovation: An API Attack From Halfway Across the World
January 22, 2024We examine the impact of vulnerabilities and the security implications of advancing technologies on vehicles in VicOne’s walkthrough of an API attack scenario.
CyberThreat Research LabAdvancing Vulnerability Discovery Amid Automotive Innovation: A Tale of Two EV Charger Vulnerabilities
January 19, 2024We delve into two scenarios that highlight the significance of vulnerability discovery as we detail the work of researchers from Zero Day Initiative, who have identified and examined two distinct flaws in the realm of electric vehicle (EV) chargers.
VicOneWhy Today’s VSOC Platforms Fall Short in Providing Sufficient Protection
January 19, 2024As the automotive cybersecurity landscape expands beyond the confines of the cloud to include in-vehicle components and infrastructure, reliance solely on today’s cloud-based VSOC platforms might prove inadequate for ensuring robust protection. In this article, we dive into a real-world scenario to shed light on why it’s time to rethink VSOC platforms.
VicOneCactus Ransomware Group Claims Responsibility for Cyberattack on CIE Automotive
January 12, 2024A recent ransomware attack on an automotive supplier is a stark reminder of the frequent and varied cyberthreats that industries face, especially those utilizing internet technologies. In this article, we explore typical scenarios in industries reliant on internet technologies and highlight the unique vulnerabilities and challenges that the automotive industry faces amid the rising tide of cyberattacks.
VicOne