New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices.
Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.
"MacStealer has the

https://thehackernews.com/2023/03/new-ma...teals.html

Where SSO Falls Short in Protecting SaaS

Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. By

https://thehackernews.com/2023/03/where-...-saas.html

U.S. Treasury to release EV battery sourcing rules

<p>The auto, battery and clean energy industries have been awaiting guidance on complex questions governing eligibility for hundreds of billions of dollars of incentives in the Inflation Reduction Act, signed into law last year.<br />
 </p>

https://www.autonews.com/manufacturing/u...-next-week

Tesla faces new race bias trial from employee who had $137 million verdict cut

<p>A trial kicks off in San Francisco federal court on Monday to determine how much money Tesla Inc TSLA.O must pay to a Black elevator operator who a jury determined was subjected to severe racial harassment while working at the electric auto maker's flagship assembly plant.</p>

https://www.autonews.com/manufacturing/t...bias-trial

The Automotive Threat Modeling Template

Threat mitigation is an important part of the security development lifecycle (SDL) and at NCC Group we have been performing a number of threat modeling workshops focused specifically on the automotive sector.

Considering the increasing research and media attention in relation to connected cars, it is fundamental to understand the threats affecting these new emerging systems and technologies.

In order to assist with the need to secure automotive vehicles, we developed a customized template for automotive threat modeling activities, tailored to the threats affecting the cyber security posture of connected vehicles.

The Automotive Threat Modeling ™ Template was created using the Microsoft (MS) Threat Modeling Tool 2016 and therefore threat models are created using this product.

Background & Motivations: Why the template?

The STRIDE [1] approach has proved to be an effective way to highlight and categorise threats. With the goal to assist with this approach, the MS Threat Modeling Tool 2016 provides a way to use Data Flow Diagrams (DFDs) to identify threats in the design phase of any software/hardware and understand potential attacks based on the identified threats.

A threat modeling workshop for automotive-related technologies requires DFDs with custom elements, tailored threats and specific recommendations. The lack of a specific template for automotive threat modeling brought about the development of the Automotive TM Template, which takes advantage of a new feature in the MS Threat Modeling Tool 2016 that allows the creation of entirely new customised templates.

The Solution and its Features

The template permits the creation of specific automotive threat models with:

• Processes and Data Stores related to the components of connected cars.
  
• External Interactors tailored to an automotive system.
  
• Data Flows that correspond to the messages exchanged over the air or inside the vehicle itself.
  
• Trust Boundaries that take into consideration the environment and the vehicle-to-vehicle (V2V) networks.
  
• Threat Types and Categories that follow the STRIDE classification, based on known and potential threats to the connected cars’ components.
  

• Priority, based on the risk of every threat applied in its context.
  
• Attack Methods to potentially exploit the identified threats and to help further with the creation of Attack Trees.
  
• Recommendations that suggest how to mitigate the threats.
  

Rivian to relocate staff to Illinois plant to accelerate production, report says

<p>The reorganization, expected to be announced soon, would mean those working on manufacturing engineering would be asked to relocate to central Illinois or its headquarters in Irvine, Calif.</p>

https://www.autonews.com/manufacturing/r...nois-plant

Tesla faces new race bias trial from employee who had $137 mln verdict cut

<p>A trial kicks off in San Francisco federal court on Monday to determine how much money Tesla Inc TSLA.O must pay to a Black elevator operator who a jury determined was subjected to severe racial harassment while working at the electric auto maker's flagship assembly plant.</p>

https://www.autonews.com/manufacturing/t...bias-trial

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11.
The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out.
Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS

https://thehackernews.com/2023/03/micros...lypse.html

DEF CON 22 - Charlie Miller & Chris Valasek
A Survey of Remote Automotive Attack Surfaces - Video and Slides

FBI: Business email compromise tactics used to defraud U.S. vendors

The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors. [...]


https://www.bleepingcomputer.com/news/se...s-vendors/