Google Paid Ads for Fake Tesla Websites, (Sun, Aug 10th)

~ townsend.mw ~ Leave a comment

In recent media events, Tesla has demoed progressively more sophisticated versions of its Optimus robots. The sales pitch is pretty simple: "Current AI" is fun, but what we really need is not something to create more funny kitten pictures. We need AI to load and empty dishwashers, fold laundry, and mow lawns. But the robot has not been for sale yet, and there is no firm release date.

screen shot of three different optimus models.

In the past, Tesla has accepted preorders for future products, asking for a deposit, which in some cases was even refundable. But aside from an April Fool's posting announcing such a presale, as far as I can tell, no presale has been offered by Tesla.

However, if you search for "Optimus Tesla preorder" and other similar terms, sites claiming to offer Optimus preorders will be advertised. 

Google Search results with fake Tesla site advertisements

These are sponsored listings. The official Tesla site (without the preorder option) shows below these fake links.

We have often seen sponsored listings like this used to advertise malware. But in this case, I suspect, the goal is simply to steal money from people willing to pay for preorders. The interesting twist is that the theft may remain unnoticed until the customer expects delivery, which may be months or years from now.

So far, I have seen these ads lead to three different websites:

  • offers-tesla.com (currently active)
  • exclusive-tesla.com (now offline)
  • prelaunch-tesla.com (now offline)

Other suspect domains:

  • private-tesla.com (unreachable)
  • corp-tesla.com (redirects to legitimate tesla.com site)
  • www-tesla.com (unreachable)
  • hyper-tesla.com (unreachable)
  • auth.cp-tesla.com (used for account setup by fake site)

The sites display a complete copy of a slightly older design of the Tesla.com website. As far as I can tell, the design does not include a login page. Standard phishing does not appear to be the goal here. Not having a login page may make it easier to hide that no orders are being placed. Customers will not be able to use the fake site to check their order status.

fake tesla site homepage

It asks for a $250 non-refundable deposit, which aligns with what Tesla asked for in prior preorder events.

preorder details

I tried to place an order with a test credit card number, and it was accepted, showing that the credit card was not charged (yet?). Next, I was directed to auth.cp-tesla.com to set up an account. I never received the e-mail confirmation, so I am not sure if my spam filters dropped it or if it is supposed to fail. The original Tesla site uses "auth.tesla.com" for authentication.

Setting up credit card processing for a fake site is likely too complicated, and I assume the site just collects the payment card data to later use the cards on other sites for fraudulent orders or just to resell the payment card data (are there still "Carder" forums? Have not looked at that in a while). So far, the fake sites have only been available for a few days before being shut down. I assume that Tesla monitors these sites and sends takedown requests as they find them.

Preorders are accepted not only for Optimus robots but also for other Tesla products. Interestingly, the data is sent to different sites, not just to the original site. One URL used is https://ift.tt/L5wjOts. There are a few open directory listings on offers-tesla.com (for example,/api and /js). File dates are from March and May 2025, which is likely around the time the Tesla site was copied. The fake site is hosted behind Cloudflare.


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Social Media Links: https://jbu.me

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

from SANS Internet Storm Center, InfoCON: green https://ift.tt/uaWwJbs
via IFTTT

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

~ townsend.mw ~ Leave a comment

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions.
Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable

from The Hacker News https://ift.tt/7NqE6r9
via IFTTT

Research reveals possible privacy gaps in Apple Intelligence’s data handling

~ townsend.mw ~ Leave a comment

LAS VEGAS — One of the big worries during the generative AI boom is where exactly data is traveling when users enter queries or commands into the system. According to new research, those worries may also extend to one of the world’s most popular consumer technology companies. 

Apple’s artificial intelligence ecosystem, known as Apple Intelligence, routinely transmits sensitive user data to company servers beyond what its privacy policies indicate, according to Israeli cybersecurity firm Lumia Security.  

The research, presented Wednesday at the 2025 Black Hat USA conference, detailed how Apple’s Siri assistant sends the content of dictated messages and commands, including WhatsApp communications, to Apple servers even when such transmission isn’t necessary to complete user requests. The data flows occur outside Apple’s heavily promoted Private Cloud Compute system, which the company markets as providing enhanced privacy protections.

The research comes as Apple has long positioned itself as a privacy-focused company, building marketing campaigns around the company’s concentration on privacy for individual users

Which Siri is which? 

The investigation, led by Lumia senior security researcher Yoav Magid, concentrated on several different ways users can interact with Siri. While Siri has been around since 2010, the company announced it was part of Apple Intelligence in 2024. 

Magid showed that when given a prompt, Siri automatically scans users’ devices for installed applications related to voice queries and transmits this information to Apple servers. When a user asks about weather, for example, Siri identifies and reports all weather-related apps on the device. Additionally, location data accompanies every Siri request regardless of whether location information is relevant to the query. 

Further research showed that audio playback metadata, including the names of songs, podcasts, or videos being played, is sent to Apple servers without explicit user visibility into these data flows.

Perhaps most significantly, the research found that messages dictated through Siri to platforms like WhatsApp are transmitted to Apple servers, raising questions about the end-to-end encryption functionality built into WhatsApp. Magid found these messages are sent through Apple’s Private Cloud Compute infrastructure, which is specifically designed to provide additional privacy protections for sensitive AI processing tasks.

CAPTION: A packet decoded by Lumia Security that shows WhatsApp messages sent through Siri are transmitted to Apple servers, potentially breaking end-to-end encryption. (Lumia Security)

The practice raises questions about end-to-end encryption claims made by messaging platforms, since message content leaves the device through Apple’s systems before reaching intended recipients.

Testing revealed that message transmission to Apple servers continues even when users explicitly disable settings that allow Siri to “learn” from specific applications or network communication to Apple servers is blocked. 

“I’m not quite sure why this communication is necessary,” Magid said. 

In the course of conducting the research, he found that Apple sometimes processes the data depending on whether a request is processed through traditional Siri infrastructure or the newer Apple Intelligence system. 

Similar queries can trigger different data- handling practices with different privacy implications. For example, asking “What is the weather today?” sends data to Siri servers under one privacy policy, while “Ask ChatGPT what is the weather today?” routes the request through Apple Intelligence’s Private Cloud Compute under different terms.

“Two similar questions, two different traffic flows, two different privacy policies,” Magid noted in a blog

This dual system means users have no way to predict which privacy framework applies to their interactions, creating uncertainty about how their data will be handled.

Apple’s response and disputed claims

Apple acknowledged some aspects of the research findings after Lumia reported the issues in February. Initially, Magid said Apple indicated it would work toward fixes for identified problems.

However, by July, Magid said that Apple shifted its position, telling researchers that the message transmission behavior was not a privacy issue related to Apple Intelligence, but rather stemmed from third-party services’ use of SiriKit, Apple’s extension system for integrating external apps with Siri.

The company maintained that Siri’s servers operate separately from Apple’s Private Cloud Compute system, though this distinction is not clearly communicated to users.

Apple disputed characterizations that the data collection represented privacy violations, arguing that existing policies adequately disclose the practices. 

The company told CyberScoop that it “respectfully disagrees” with the research, with an Apple spokesperson pointing back to the functionality of SiriKit and the privacy policies regarding Siri. 

The research highlights how traditional privacy frameworks may be inadequate for governing AI systems that require extensive data analysis to function effectively. The complexity of modern AI systems makes it difficult for users to understand when their data is being transmitted to external servers, processed locally, or shared with third parties.

For enterprise users, the findings could raise compliance concerns when sensitive corporate information potentially leaves organizational networks through employee devices running Apple Intelligence. 

“AI capabilities are now all around us. Any typical app these days incorporates AI, whether it’s Grammarly, Canva or Salesforce,” Magid wrote in the blog. “Knowing when a feature is powered by AI or not, is not really trivial anymore.”

The post Research reveals possible privacy gaps in Apple Intelligence’s data handling appeared first on CyberScoop.

from CyberScoop https://ift.tt/LZyCtTJ
via IFTTT

CISA, Microsoft warn organizations of high-severity Microsoft Exchange vulnerability

~ townsend.mw ~ Leave a comment

LAS VEGAS — Federal cyber authorities issued an alert Wednesday evening about a high-severity vulnerability affecting on-premises Microsoft Exchange servers shortly after a researcher presented findings of the defect at Black Hat. 

Microsoft also issued an advisory about the vulnerability — CVE-2025-53786 — and said it’s not aware of exploitation in the wild. 

While the public disclosure and advisories about the defect came late in the day amid one of the largest cybersecurity conferences, Tom Gallagher, VP of engineering at Microsoft Security Response Center, told CyberScoop the timing was coordinated for release following Mollema’s presentation.

Gallagher stressed that exploitation requires an attacker to achieve administrative access to an on-premises Exchange server in a hybrid environment. 

Attackers could escalate privileges in an organization’s connected cloud environment because on-premises and cloud-based versions of Exchange share the same permissions in hybrid configurations, Microsoft said in its advisory. The vulnerability affects Entra ID, Microsoft’s identity and access management service, potentially exposing a path for attackers to move from a compromised on-premises Exchange server to a connected cloud-based counterpart.

Authorities are actively monitoring and assessing the scope and impact of the vulnerability, Chris Butera, acting executive assistant director at the Cybersecurity and Infrastructure Security Agency, said in a statement. 

Microsoft said it already addressed the vulnerability in April when it introduced changes to improve the security of Exchange Server hybrid deployments. The company and CISA urged organizations to apply Microsoft’s April 2025 Exchange Server hot fix updates to on-premises Exchange servers, implement configuration changes and clear certificates from the shared service principals.

Starting later this month, Microsoft said it will temporarily block Exchange Web Services traffic using the shared service principal. That block will be permanent by the end of October, the company said.

The move is part of Microsoft’s strategy to accelerate and eventually force customers to adopt its dedicated Exchange hybrid app. “Even though adoption of server versions that support dedicated hybrid app has been good, the number of customers who have created the dedicated app remains very low,” Microsoft said in a blog post

CISA also advised organizations to disconnect any internet-exposed and end-of-life versions of Exchange Server and SharePoint Server.

The coordinated disclosure of the vulnerability comes less than three weeks after security researchers across the industry sounded the alarm about a mass attack spree linked to a critical zero-day vulnerability affecting on-premises Microsoft SharePoint servers. More than 400 organizations were impacted by those attacks, including multiple government agencies, including the Departments of Energy, Homeland Security and Health and Human Services.

The post CISA, Microsoft warn organizations of high-severity Microsoft Exchange vulnerability appeared first on CyberScoop.

from CyberScoop https://ift.tt/ZeNhx3d
via IFTTT