CISA has issued a vulnerability alert for alpitronic's Hypercharger EV Charger, which could be exploited if default credentials aren't changed. Alpitronic urges users to update passwords and secure network access to prevent unauthorized control and data breaches.
CISA has just released a new vulnerability alert, this time in regards to all versions of the electric vehicle (EV) charging devices produced by alpitronic.
The alpitronic Hypercharger EV Charger is a high power, high efficiency charging station, and alpitronic has been developing parts for the charger since 2009, and is currently used globally.
The vulnerability stems from a potential misconfiguration, whereby the device can expose a web interface protected by authentication.
If a user hasn’t changed the default credentials, which could a significant amount of users, an attacker can use the publicly available defaults to access the device with administrator privileges.
Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data.
Alpitronic has advised users to change default passwords on all charging devices to enhance security. They recommend connecting the device interface to internal networks with controlled access, avoiding public internet exposure.
Upon discovering security vulnerabilities, alpitronic worked with clients to disable public interfaces and remind them about the risks of using default credentials.
They are also implementing security measures for existing and new devices, including unique passwords. New passwords can be obtained via QR code inside the charger or through a portal.
CISA has recommended minimising network exposure, using firewalls, and securing remote access with VPNs while keeping VPNs updated and ensuring connected devices are secure.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.
We cover the extensive supply chain disruptions affecting logistics, airlines, and transport worldwide. Additionally, we examine the financial impact on CrowdStrike’s stock price and the ensuing reactions from financial markets and analysts.
