Ping of Death, 500 Year Old Ciphers, Pwn The Dev, & Chatbot’s Order 66 – PSW #766
In the Security News: ping of death returns, remembering when the Internet disconnected if your Mom picked up the phone, a 500-year-old cipher is cracked, VLC is always up-to-date, SIM swapper goes to prison, Rust is more secure but your supply chain is not, if you pwn the developer you win, you have too many security tools, Chrome zero days are not news, Log4Shell what changed?, Hive social again, ChatGPT, there's a vulnerability in your SDK, and it takes 3 exploits to pwn Linux, All that, and more, on this episode of Paul’s Security Weekly!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. ChatGPT: Optimizing Language Models for Dialogue
- 2. Arduino Brings PLC Features To Their IDE
- 3. DEF CON 30 RF Talks: Biohacking, Designing Antennas, Tracking Military Ghost Helicopters and More
- 4. Stalkers’ “chilling” use of AirTags spurs class-action suit against Apple
- 5. Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network
- 6. Anker’s Eufy lied to us about the security of its security cameras
- 7. Vulnerable SDK components lead to supply chain risks in IoT and OT environments – Microsoft Security Blog
- 1. Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says
The Chengdu-based hacking group known as APT41 stole at least $20 million in U.S. Covid relief benefits. “I’ve never seen them target government money before,” said John Hultquist, the head of intelligence analysis at the cybersecurity firm Mandiant. “That would be an escalation.” 20-40% of pandemic benefits were paid improperly.
- 2. Apple Expands End-to-End Encryption to iCloud Backups
Expanded end-to-end encryption would protect a user’s data even if Apple itself were breached. The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.
- 3. Restaurants hacked, targeting Facebook
The thieves hacked into their Facebook site. Once there, they were able to tap into bank accounts associated with Arnold's Facebook. The thieves bought ads, turning money from bank accounts into Facebook advertising currency to be used in other countries. To ensure Arnold's couldn’t get back into their social media accounts, the hackers posted severely inappropriate material that got Arnold’s account banned for life.
- 4. Grandmother sues cop who wrongly targeted her home using “Find My” app
Colorado police used a "Find My" app as evidence to obtain a search warrant, without disclosing its limitations. They then sent a SWAT team to raid a 77-year-old grandmother, looking for a stolen truck which was not there.
