<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

Next-Gen CASB Blog

Saturday Security Spotlight: Tesla, FedEx, & the White House

By Jacob Serpa | March 3, 2018 at 5:26 AM
Businessman holding a newspaper while having breakfast in his kitchen.jpeg

Here are the top cybersecurity stories of recent weeks:

  • Tesla hacked and used to mine cryptocurrency
  • FedEx exposes customer data in AWS misconfiguration
  • White House releases cybersecurity report
  • SEC categorizes knowledge of unannounced breaches as insider information
  • More Equifax data stolen than initially believed

Tesla hacked and used to mine cryptocurrency

By targeting a Tesla instance of Kubernetes, Google's open-source administrative console for cloud apps, hackers were able to infiltrate the company. The malicious parties then obtained credentials to Tesla's AWS environment, gained access to proprietary information, and began running scripts to mine cryptocurrency using Tesla's computing power. 

FedEx exposes customer data in AWS misconfiguration

FedEx is one of the latest companies to suffer from an AWS misconfiguration. Bongo, acquired by FedEx in 2014 and subsequently renamed CrossBorder, is reported to have left its S3 instance completely unsecured, exposing the data of nearly 120,000 customers. While it is believed that no data theft occurred, the company still left sensitive information (like customer passport details) exposed for an extended period. 

White House releases cybersecurity report

In light of the escalating costs of cyberattacks in the United States, the White House released a report scrutinizing the current state of cybersecurity. In particular, the report recognized the critical link between cybersecurity and the economy at large. Should other countries execute cyberattacks against organizations responsible for US infrastructure, the repercussions could be severe. 

SEC categorizes knowledge of unannounced breaches as insider information

The Securities and Exchange Commission recently announced that knowledge of unannounced breaches is insider information that should not be used to inform the purchase or sale of stock. This comes largely in response to Intel and Equifax executives selling stock before their companies announced breaches. 

More Equifax data stolen than initially believed

In September of 2017, Equifax announced a massive breach that leaked names, home addresses, Social Security Numbers, and more. Interestingly (and frighteningly), it now appears that even more data was leaked than the company originally reported

To defend against leaks, breaches, and other threats, organizations should adopt next-gen security solutions like cloud access security brokers. To learn more, download the Top CASB Use Cases.

Download Now