720-891-1663

Security News Update for the Week Ending May 24, 2024

Hackers have figured out that anything that you do on autopilot is fertile ground for using to hack you. Case in point is Docusign. For some people, they sign so many docusign documents that they operate on autopilot when they see one. The hackers have really good templates, so that helps. What is their end game? Business email compromise resulting in some flavor of extortion. Credit: Dark Reading

The owner and operator (alleged) of Incognito Market was arrested at JFK Airport last week. The market is said to have sold more than $100 million of illegal narcotics. The arrestee, Rui-Siang Lin, abruptly shut down the marketplace in March and kept all the money, screwing both customers and vendors. He could face mandatory life in prison. ASSUMING he really was this criminal mastermind, why would he be in New York instead of a country without a US extradition treaty? Either he thought he was smarter than the feds or he was really dumb. I suspect the first, but he is going to have a lot of time in the slammer to think about his life choices. I hope he won’t be granted bail. Credit: Bleeping Computer

This is such a perfect college kids hack. Of course washers and dryers in college dorms have to be connected to the Internet. Using quarters is so last year. A pair of UC Santa Cruz students discovered a vulnerability and responsibly reported it to the company. Who promptly ignored their repeated warnings and did not fix the problem. They even contacted Carnegie Mellon’s CERT, the national clearing house for security issues – located on a major college campus. Maybe CERT liked being able to do their laundry for free? While the company quietly wiped out the million dollar laundry account balances the students gave themselves, they still haven’t fixed the hole. And, of course, there are likely similar holes in all sorts of online pay for use systems. Credit: Tech Crunch

Recall is a new AI feature which will available in June and which is ON BY DEFAULT, that stores frequent screenshots of your PC use (every 5 seconds) and provides a searchable log of historic actions going back three months. The data is stored locally and there is an option to pause Recall. This a dream come true for two groups of people: First, hackers who compromise your computer will have access to everything that you have done, every web site you have visited, every document you have looked at for the last three months and second, every prosecutor in the country will be asking for this data in criminal cases. A slight variant of this is that every divorce lawyer will also be asking for it. What could possibly go wrong. AI is here and I am sure there are no privacy, safety or legal issues with this feature. Enjoy. Credit: Computer World

Sorry. Click bait. Actually is it NOT JUST Teslas, it is all new cars with keyless entry. There has been a problem for years that crooks have targeted cars that can be easily fenced or parted out that use keyless entry systems. While the car will, in theory, only unlock or start if the key is nearby, a class of attacks called relay attacks makes this work even if the key is hundreds of feet away. Tesla announced that it upgraded its keyless entry system to use ultra-wideband radio to try to reduce the attack surface, but Wired has reviewed video from a Chinese automotive cybersecurity firm that shows that even the latest Model 3s can be stolen in just a few seconds. Credit: Wired

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *