Security News for the Week Ending January 14, 2022
Hackers Sending Malware Filled USB Sticks in the Mail
Old, tried and true techniques continue to work as hackers have been sending malware-filled USB sticks in the mail and UPS to defense, transportation and insurance companies, hoping someone did not do their security awareness training and plugs the drive into their computer. It just shows that hackers do not need to keep inventing new tricks; the old ones continue to work. Credit: Gizmodo
Norton Installs Cryptomining Software on Users’ Computers
Norton and its sister company Avira, both owned by the same parent, are installing cryptomining software as part of the default install. Norton turns it on automatically since they get 15% of anything you earn, Avira has it off by default. If Norton was still on your approved list (it went off our list years ago), you should probably remove it. Credit: Brian Krebs
White House Hosts Open Source Security Summit
In the wake of the Log4j and other open source software attacks, the White House hosted a summit this week with the likes of Akamai, Amazon, Apache, Apple, Cloudflare, Facebook, Google, IBM and others to discuss how to improve open source security. While no “results” have been announced yet, the fact that the summit was called and led by Anne Neuberger is an acknowledgement that “Houston, we have a problem”. With open source used throughout the IT world including critical infrastructure and many times that software is either not maintained at all or maintained by volunteers – there is no easy solution as there are millions of open source packages. Stay tuned; we might be able to do something for a few of the larger, more important packages. Ultimately, it is both the responsibility and liability for the companies that use open source and that should not be much comfort to anyone. Credit: Data Breach Today
Canon’s Printer DRM Comes Back to Haunt Them
Consumer printer makers make most of their money selling you toner and ink, so years ago they came up with the idea of putting chips in the cartridges to try and stop you from using low cost supplies. But now they can’t get chips so they are making cartridges without the chips, causing their customers’ printers to alarm. As a result, Canon is telling their customers how to break their own DRM. Not to worry though, Canon says they will go back to trying to hurt their competitors when the chip market eases up. Credit: Gizmodo
Car Makers Say Giving Owners Data From Their Cars Will Embolden Sexual Predators
Car owners have been trying for years to force car makers to give them the tools they need to repair their own cars. One of those tools is the data that their cars generate. If car owners could repair their own cars, car makers would lose billions of dollars in revenue. Massachusetts voters overwhelmingly voted in a right to repair law in 2020, even though car makers spent $26 million explaining why letting people repair their own cars was bad, even claiming it would embolden sexual predators. Now they are saying the law is unconstitutional. Anything to try and stop the revenue drain. Credit: Vice