Security News Update for March 24th, 2023
Senators Ask CISA to Investigate DJI Drones
A bipartisan group of Senators is asking CISA to examine drones made by companies with deep ties to the Chinese government. DJI is the 800 pound gorilla in the high end consumer drone market, drones also used by businesses and government. While this makes sense, if they do ban DJI, there really isn’t a good replacement that has similar functionality and cost. Credit: https://therecord.media/senate-drone-cisa-china-warner-blackburn
Hard-coded Secrets up 67% Threatens Software Supply Chain
The number of DETECTED hard-coded secrets, like passwords and API keys, increased 67% last year compared to 2021, with 10 million new secrets detected in public GitHub repositories. It is likely that the numbers are similar in code that is stored elsewhere has similar metrics. Are you checking your code for hard-coded secrets? Credit: CSO Online
Maybe Putin Understands Apple Better than We Do
Putin has told his staff and advisors to ditch their iPhones by the end of the month. They can throw them away or give them to their kids. They can replace the with Android phones, Chinese phones or phones with the Russian “Aurora” operating system. They say the iPhone ban is “purely for security reasons”, not politics. After all, certainly the Chinese would not snoop on the Russians, right? Credit: The Register
I Would Side With the Justice Department in this Case
Google released an early beta of its AI chatbot, Bard, and it is off to a rousing start. When asked who it would side with in the lawsuit against Google for monopolizing digital advertising, Bard said it would side with the Justice Department. Google did warn that Bard can get some things wrong. Credit: Vice
Windows 11, Tesla, Ubuntu and macOS Hacked at Pwn2Own 2023
On the first day of Pwn2Own, researchers demoed hacks of a Tesla Model 3, Windows 11 and macOS zero-days. In addition, hacks of Adobe Reader, Sharepoint, Oracle Virtualbox and others. The good news is that these are the good guys. The “prize kitty” is $1.08 million. Part of the deal is that they have to disclose the hacks to the vendor in order to get the money. Fair trade. Learn more at the link. Credit: Bleeping Computer
Chinese Suspected of Signal Jamming Passenger Jets
Qantas is warning its pilots about ongoing signal interference on their VHF radios and also on the GPS systems around China. The International Federation of Airline Pilots Association also said that military warships located in the South China Sea and nearby were placing VHF calls to some passenger and military planes. They also think that they are interfering with other radio navigation aids as well. For pilots that rely too much on these systems, the interference could be fatal. Credit: Dark Reading