Toggle Magazine Article
Dr. Tim Proffitt – Insperity
Lengths organizations will go to in order to break into a iPhone
This article goes into some interesting descriptions of a lab in NY that is tasked with breaking into locked/encrypted iPhones.
https://www.fastcompany.com/90453437/inside-the-10-million-cyber-lab-trying-to-break-apples-iphone
Is your TV spying on you?
It turns out that the FBI is advising TV owners to disable cameras and look for privacy settings on any smart TV.
Using technology called automatic content recognition (ACR), TVs watch what you’re watching — no matter whether it’s from streaming, cable, satellite, DVD, whatever. It then sends this data every second to the TV manufacturer, where it can identify what you’re watching, where you’re watching, and who you are.
https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/
New Storage Medium has Potential for Archives
A piece of silica glass measuring 7.5 cm x 7.5 cm x 2 mm was able to hold the entire Superman (1978) movie in the shape of three-dimensional nanoscale gratings and deformations as part of Project Silica led by Microsoft Research, resulting in 75.6 GB of data inside the durable quartz glass that’s no bigger than a drink coaster.
https://www.techspot.com/news/82624-microsoft-successfully-archives-warner-bros-uperman-movie-piece.html
Johannesburg City Held for Ransom
Yet another city hit with crippling randsomware left with a DdoS situation.
Read here. https://www.infosecurity-magazine.com/news/johannesburg-held-to-ransom/
CEO ‘Deep Fake’ Swindles Company Out of $243K
In the first known case of successful financial scamming via audio deep fakes, cybercrooks were able to create a near-perfect impersonation of a chief executive’s voice – and then used the audio to fool his company into transferring $243,000 to their bank account.
This makes a voice call to verify a request very interesting and risky. A stronger authentication method is going to be needed if this tred continues.
You can read the story here https://threatpost.com/deep-fake-of-ceos-voice-swindles-company-out-of-243k/147982/
Ohio School is shuttered because of a malware outbreak
An Ohio school district was forced to send students and some of its staff home on Monday after a malware infection caused major issues to its IT infrastructure. The malware infection was not a ransomware attack, but a banking trojan. The malware brought down the school district’s IT systems and cause enough of a disruption to close the school.
https://www.zdnet.com/article/ohio-school-sends-students-home-because-of-trickbot-malware-infection/
Denial of Service caused Power grid outage
A recent cyber disruption to the U.S. grid involved a “denial of service condition” at a Western utility, according to a Department of Energy official.
On March 5, an unidentified power company fell victim to a “cyber event” that interfered with operations but stopped short of causing blackouts, according to a DOE filing this week. A DOE official confirmed yesterday that the event “did not impact generation, the reliability of the grid or cause any customer outages.” But the denial-of-service attack was significant enough for the utility to file an electric disturbance report with DOE — the same forms reserved for major interruptions like storms, physical attacks or fuel shortages
https://www.eenews.net/stories/1060254751
The city of Greenville SC shut down due to malware attack
The source of the ransomware and the infection is being conjectured upon by the help of the city staff and IT professionals. The IT team is working on getting the operation back online. The only servers that were separate and went unaffected were of the Greenville Utilities Commission and that of the emergency for and police department.
http://www.ehackingnews.com/2019/04/usa-leading-servers-of-greenville-were.html
Aluminum Manufacturer Grinds to a Halt Due to Malware Outbreak
Norwegian metals and energy giant one of the world’s biggest aluminum producers have been hit by a ransomware attack that has impacted operations, forcing the company to resort to manual processes. This incident has caused a global price increase in the product. You can read about it here:
https://www.securityweek.com/aluminum-giant-norsk-hydro-hit-ransomware
The next time you want to charge your USB-C device at an airport or public kiosk, you might want to reconsider.
Current Operating systems don’t sufficiently protect memory, making it possible for a malicious act, according to new research. The weaknesses, collectively called Thunderclap, highlight a new class of threats. This research points out in contrast to regular USB ports, USB-C ports have higher privileges and low-level access to a device. You can read about the research here.
https://www.inforisktoday.com/dongle-danger-operating-systems-dont-defend-memory-a-12057
McAfee Claims 25 million Smart Speakers are at risk
According to a cybersecurity report of McAfee, over 25 million voice assistants which are connected IoT(internet of things ) devices at home globally are at huge risk of hacking.
Raj Samani, McAfee Fellow and Chief Scientist at McAfee said “ Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings”
http://www.ehackingnews.com/2019/02/around-25-million-home-voice-assistants.html
Deep Fake Videos Should Scare you
The technology, which relies on machine learning and artificial intelligence, was once largely relegated to researchers at prestigious universities. But over the past few years, a growing online community has democratized the practice, bringing powerful and easy-to-use tools to the masses. See this article and marvel at the Jennifer Buscemi!
Jennifer Buscemi is the deepfake that should seriously frighten you
Customs officers searching more travelers’ devices
U.S. Customs and Border Protection officers are searching the electronic devices of travelers more often and did not always follow proper protocol, a new watchdog report has found. Officers are allowed under law to look through devices of travelers who are referred for a secondary inspection.
https://apnews.com/54497b1d5f5541efb96dc25d11ee66a3
The State of Phishing Defense 2018: What Healthcare Needs to Know
Phishing is still the #1 entry point for cyber-attacks, your defenses need to focus on the most pressing threats: active phishing campaigns that are probing your healthcare organization. This report breaks down the Top 10 threats, with metrics showing how well users respond to each.
https://www.databreachtoday.com/whitepapers/state-phishing-defense-2018-what-healthcare-needs-to-know-w-4743