As the enabling technologies for connected and autonomous vehicles (CAV) continue to advance and these modes of transportation become more commonplace, there is a reasonable expectation that the systems will increasingly become targets for bad actors. The complexity and inter-connectedness of these devices offer myriad opportunities for security compromise, potentially resulting in unsafe operation or leakage of confidential information about the user. This paper conducts a brief review of the current state of CAVs with regard to security and privacy. We present a taxonomy for classification of these threats and use it to identify and enumerate existing threats in this space.