Yard Sales, Bitcoin Thief Charged, Mouse Privilege Escalation, & LED Eavesdropping – PSW #708
This week in the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin, & yard sales!
Announcements
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Iran prison abuse exposed by hackers’ CCTV leak
- 2. 4 Steps Organizations Can Take to Increase Diversity in Cybersecurity
- 3. T-mobile hacker: Their security is awful
- 4. Razer Mouse Grants Windows Admin Privileges
- 5. Reversing SMART Health Cards
- 6. Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain – IoT Inspector
- 7. Botnet targets hundreds of thousands of devices using Realtek SDK
- 8. Eavesdropping By LED
- 9. Field Notice: FN – 63697 – Protective Boot on Certain Network Cables Might Push the Mode Button and Cause an Unexpected Reset on the 48-Port Models of Cisco Catalyst 3650 and 3850 Series Switches – Workaround Provided
- 1. Linux turns 30: Linus Torvalds on his “just a hobby” operating systemThank you Gus! In 1991, Unix was an important but secondary x86 operating system. That year, on August 25, a mild-mannered Finnish graduate student named Linus Benedict Torvalds announced on the Usenet group comp.os.minix that he was working on "a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones." No one knew it, not even Torvalds, but the technology was going to change forever.
- 2. Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reportedEarlier this summer, Cloudflare’s autonomous edge DDoS protection systems automatically detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any previous one that they are aware of. For perspective on how large this attack was: Cloudflare serves over 25 million HTTP requests per second on average. This refers to the average rate of legitimate traffic in 2021 Q2. So peaking at 17.2 million rps, this attack reached 68% of their Q2 average rps rate of legitimate HTTP traffic.