Former Secretary of State Rex Tillerson eliminated the cyber security position at the State Department about one month ago. Tillerson eliminated this position in hopes to form “a bureau focused on economic and business affairs.” This act disappointed many members of the US government, and eventually resulted in President Trump replacing Tillerson with the current CIA director Mike Pompeo. John Sullivan will serve as Secretary of State until the US Senate confirms Pompeo’s approval.
Shortly after President Trump fired Tillerson, the CIA began to put more resources into cyber security. Last Thursday, CIA Director Mike Pompeo said, “I can only say that, every element of government has a piece of its cyber duty. It’s one of the challenges that is so deeply divided, that we don’t have a central place to do cyber work.” Many believe the removal of the cyber security position at the State Department foreshadows the US not engaging in foreign affairs with cyber security. Fortunately, numerous state officials have insisted that cyber security remains a top priority at the state department. Pompeo has not given any information to his decision on the cyber security position.
Source : http://thehill.com/policy/cybersecurity/382882-pompeo-pressed-on-plans-for-cyber-at-state
Tesla’s cloud system was hijacked by attackers last week. The company’s Kubernetes administration console was not password protected, which left the company extremely vulnerable. With this vulnerability, attackers sent Stratum, a cryptocurrency mining software to Tesla’s Amazon Web Services account.
This event was another occurrence of ‘cryptojacking’, which is when an attacker deploys malware to “mine” cryptocurrency. The cryptocurrency mined in this attack was not specified.
RedLock is the security company responsible for protecting the company’s cloud system. Gaurav Kumar, CTO of RedLock, made an announcement about the attack last Tuesday. “The message from this research is loud and clear — the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities.”
A spokesperson for Tesla assured that this attack did not affect the safety of their vehicles, saying “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
– Spencer Fleming