EAI Technology - IT Support for Desktops, Servers, and Networks

New Tesla hack gives thieves their own personal key in under 130 seconds

Mon, 13 Jun 2022 17:02:39 -0700

Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars.

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys—with no authentication required and zero indication given by the in-car display.

Critical Microsoft Office RCE

Wed, 01 Jun 2022 14:15:27 -0700

There is a newly discovered vulnerability in MS Word (and likely other MS Office apps) that could install malware so you should be especially vigilant about opening any attachments. This exploit can be triggered with a hover-preview of a downloaded file that does not require any clicks (post download).

What you need to know:

This vulnerability is triggered by opening malicious Office documents.
Threat actors may deceive victims into opening these documents using email attachments, social media links, file downloads or other creative delivery methods.
You will likely need to update your endpoints once a security patch is available.

Since this is currently a 0-day, there has not yet been a patch released.

Don’t panic over this. Yes, this vulnerability makes it easier for hackers to gain access to your network. However, malicious documents are a familiar attack strategy and vigilant users can turn the tide against these unpredictable threats.

What you can do immediately:

Be extra observant when opening up any attachments, particularly Microsoft Office documents.
Remain vigilant when receiving documents and clicking links because of this new vulnerability.

Crypto Investing Security Tips

Wed, 01 Jun 2022 14:04:16 -0700

Four Quick Security Tips to Keep Your Crypto Safe!

Multifactor Authentication (MFA)

1. Turn on MFA everywhere. All exchanges. Your email. Wherever MFA is available, enable it. Use Google Authenticator or Authy. Don’t use SMS unless there are no other options. Something is better than nothing.

"Official" Support

haveibeenpwned.com, enter your email address or username, and within seconds find out if your account has been compromised. The site tells you whether your information has been stolen, where the hack occurred and which of your personal details were compromised (e.g., user name, password, password hints, etc.).

It may be time to change your password.