09.18.25 Security News Bites
09.18.25 Security News Bites
Google Adds Support to Detect Modified Content in Pixel 10
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of some digital content. C2PA’s Content Credentials are a tamper-evident, cryptographically signed digital manifest providing verifiable provenance for digital content such as images, videos, or audio files. “The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program,” “Assurance Level 2 for a mobile app is currently only possible on the Android platform.” Assuming this expands, this gives you a way to signal to your viewers that your photo has not been altered. Credit: The Hacker News and Bleeping Computer
Congressional UFO Hearing Over Hellfire Missile Video
This may be one of those stories where you need to put on your tin foil hat or take it off. A Congressperson showed a video at a UFO hearing this month of a Reaper drone firing a Hellfire missile at some object flying over Yemen last year. The missile bounced off the flying object and spread debris (probably missile parts) everywhere. There is no known flying technology that can do that. Cue the mystery music. Credit: Cybernews
I Got a $1 Payment From the Park Mobile Class Action Settlement
This is not directly a cybersecurity issue but it annoys me. Park Mobile is an app so you can pay for parking at a parking meter. I did use it once. They had a breach in 2021. The “gross settlement” is $32 million and the attorneys are asking for $7 million. As class member, I get a settlement of $1.00, which is usable as a parking credit, which can only be used $0.25 at a time. That means I would need to use the app 4 times to get my $1.00. Maybe the lawyers should be paid in parking credits too. Credit: Certificate Clearing House
Fakes and Scams on Online Marketplaces
This article talks about Walmart.com specifically, but it applies to all online marketplaces. These marketplaces encourage other vendors to join the marketplace so customers have a bigger selection of products. BUT, customers assume that there is no difference between products being sold by say Walmart and Amazon and those sold by third parties, but, it appears, the platforms, in the quest for money, are not really filtering those third parties. From stealing the names of valid businesses to selling fraudulent products, it is buyer beware. Credit: CNBC
DHS’s ICE Using Spyware to Hack Phones with No Oversight
Immigration and Customs Enforcement has signed a contract with Magnet Forensics, maker of the Graykey phone hacking software. This is different than some hacking software in that it requires that ICE has the physical phone. It is not like a Stingray which intercepts wireless traffic, meaning the cops don’t need the phone to hack it. Likely this will be used to unlock phones the feds have seized under different circumstances, including at airports and borders. Credit: Tech Crunch
Ransomware Can Take a Toll, Even on Big Companies
Jaguar, the British carmaker, is still down and out after a ransomware attack around September 1st. This is the third week that their assembly lines have been off, affecting employees and suppliers. They say they will be down at least until the 24th. While the downtime will cost Jaguar tens of millions, the employees who are not working and the thousands of suppliers who are not generating revenue by shipping parts to factories are the biggest losers. One supplier, Autins, saw its stock price drop by 40 percent. Credit: Bleeping Computer and The Record
by 