Ping of Death, 500 Year Old Ciphers, Pwn The Dev, & Chatbot’s Order 66 – PSW #766
In the Security News: ping of death returns, remembering when the Internet disconnected if your Mom picked up the phone, a 500-year-old cipher is cracked, VLC is always up-to-date, SIM swapper goes to prison, Rust is more secure but your supply chain is not, if you pwn the developer you win, you have too many security tools, Chrome zero days are not news, Log4Shell what changed?, Hive social again, ChatGPT, there's a vulnerability in your SDK, and it takes 3 exploits to pwn Linux, All that, and more, on this episode of Paul’s Security Weekly!
The Chengdu-based hacking group known as APT41 stole at least $20 million in U.S. Covid relief benefits. “I’ve never seen them target government money before,” said John Hultquist, the head of intelligence analysis at the cybersecurity firm Mandiant. “That would be an escalation.” 20-40% of pandemic benefits were paid improperly.
Expanded end-to-end encryption would protect a user’s data even if Apple itself were breached.
The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.
The thieves hacked into their Facebook site. Once there, they were able to tap into bank accounts associated with Arnold's Facebook. The thieves bought ads, turning money from bank accounts into Facebook advertising currency to be used in other countries. To ensure Arnold's couldn’t get back into their social media accounts, the hackers posted severely inappropriate material that got Arnold’s account banned for life.
Colorado police used a "Find My" app as evidence to obtain a search warrant, without disclosing its limitations. They then sent a SWAT team to raid a 77-year-old grandmother, looking for a stolen truck which was not there.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively on investing in cyber startups. In this segment, we'll discuss one of Allegis's recent investments, SixMap, ...
The Security Weekly crew dives into a discussion on the latest hardware hacking techniques, including the hardware/software/firmware used to conduct various tests and create neat projects. You may be trying to hack a specific device. You may be creating a device to accomplish a specific goal. We will discuss various aspects of hardware hacking and ...