Even though this week was a vacation week for my family and I, I couldn’t stay away from these fascinating articles…
Webinars
No webinars this week, vacation!
Articles
- Flipper Zero banned by Amazon for being a ‘card skimming device’ – Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device.
- Almost Half of Former Employees Say Their Passwords Still Work – It’s not hacking if organizations fail to terminate password access after employees leave.
- MSI confirms security breach following ransomware attack claims – Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was breached in a cyberattack.
- TikTok, Other Mobile Apps Violate Privacy Regulations – App developers are ignoring laws and guidelines regulating data protection measures aimed at minors, putting their monetization plans in jeopardy and risking user trust.
- Printers Pose Persistent Yet Overlooked Threat – Vulnerabilities in the device firmware and drivers underscore how printers cannot be set-and-forget technology and need to be managed.
- Cybercriminals ‘CAN’ Steal Your Car, Using Novel IoT Hack – Your family’s SUV could be gone in the night thanks to a headlight crack and hack attack.
- Twitter ‘Shadow Ban’ Bug Gets Official CVE – A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.
- UK criminal records office confirms cyber incident behind portal issues – The UK’s Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a “cyber security incident.”
- ‘BEC 3.0’ Is Here With Tax-Season QuickBooks Cyberattacks – In next-gen, credential-harvesting attacks, phishing emails use cloud services and are free from the typical bad grammar or typos they’ve traditionally used (and which users have learned to spot).
- Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it – According to a blog post by security researcher Sam Sabetan, Nexx not only ignored his warning about serious security holes in its products, but has ignored attempts by the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to get the problems fixed too.
- FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation – A joint international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms.
- Spain’s most dangerous and elusive hacker now in police custody – The police in Spain have arrested José Luis Huertas (aka “Alcaseca”, “Mango”, “chimichuri”), a 19-year-old regarded as the most dangerous hackers in the country.
- Law Firm for Uber Loses Drivers’ Data to Hackers in Yet Another Breach – Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.
- eFile Tax Return Software Found Serving Up Malware – In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.
- Data Breach Strikes Western Digital – The company behind digital storage brand SanDisk says its systems were compromised on March 26.
- WinRAR SFX archives can run PowerShell without being detected – Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
- Fake ransomware gang targets U.S. orgs with empty data leak threats – Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.
Podcasts
- Security Now # 915 – Flying Trojan Horses: Exynos 0-days, TikTok Tick Tock, 90-day TLS cert life, CHESS is safe
Projects
TryHackMe – Still working on SOC Analyst, I’m learning YARA this week.