Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
From Politico:
Federal officials say they’re worried about sharing documents via email with Donald Trump’s transition team because the incoming officials are eschewing government devices, email addresses and cybersecurity support, raising fears that they could potentially expose sensitive government data.
Anyway, here’s a secret link to buy our EMAILS shirt, which we first issued after the 2016 election. The connection is left as an exercise for the reader.
The new feature allows users to pin the feeds of Roku indoor and outdoor wired cameras to the TV screen while watching other content. This is supported on most 4K Roku Players and TVs, and is rolling out alongside a motion-activated rotating security camera carousel feature that was teased in October.
The Irish Data Protection Commission announced the fine following an investigation into a data breach that affected 29 million Facebook users. The incident stemmed from an exploit of Facebook’s video upload feature, allowing hackers to obtain users’ names, email addresses, phone numbers, and more.
Meta, which has already faced several fines from the DPC, plans to appeal the decision, according to the Associated Press.
[Data Protection Commission]
Update your systems ASAP, as Bleeping Computer points out that today’s Patch Tuesday updates include one for a zero-day flaw already exploited by attackers.
CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
[msrc.microsoft.com]
You can already see parts of the rebrand live on Mozilla’s website, including its new flag logo that doubles as a dino.
The FBI is investigating, Reuters reports. Hackers allegedly targeted US nonprofits and activists who have spoken out against ExxonMobil. Lawyers for ExxonMobil wielded hacked documents to fight lawsuits filed against the company, according to Reuters.
T-Mobile has confirmed last week’s report that it actually stopped a cyberattack in progress before sensitive customer data was exposed — something the company doesn’t have the best track record for.
T-Mobile didn’t identify the attackers, but the breach resembles the recent Salt Typhoon attacks — which sounds increasingly nefarious as more details arrive.
The Register points out an advisory from D-Link for a series of business routers asking owners to “Please Retire and Replace” these models: DSR-150 / DSR-150N / DSR-250 / DSR-250N.
The problem? A “stack buffer overflow vulnerability, which allows unauthenticated users to execute remote code execution,” published after their EOL, so D-Link isn’t fixing it and will instead offer owners a discounted upgrade.
The folks at 404 Media are reporting on leaked documents revealing the capabilities of Graykey, a tool that law enforcement uses to hack into seized phones. From the looks of it, Graykey can only retrieve some data from the iPhone 12 and newer, whereas it’s possible to recover “full” info from an iPhone 11. The cat and mouse game continues.
The former congressman selected as Trump’s attorney general has come up in connection to a defamation lawsuit filed by one of his friends, as the New York Times reports a hacker has obtained evidence shared among lawyers on the case:
The file of 24 exhibits is said to include sworn testimony by a woman who said that she had sex with Mr. Gaetz in 2017 when she was 17, as well as corroborating testimony by a second woman who said that she witnessed the encounter.
[The New York Times]
As spotted by TechCrunch, researcher Jiska Classen posted a video showing that iOS 18 will reboot your iPhone after three days of inactivity. The security feature, which 404 Media originally reported on, is apparently making it more difficult for police to break into suspects’ phones.
The search giant has released two new blogs that examine recent scam trends that people online should be wary of, and share policy recommendations Google is urging governments and tech industries to take to better fend against them.
“Preventing user harm from malicious scams requires effective cooperation across the online ecosystem,” says Google’s Trust and Safety head Laurie Richardson. “Bad actors are constantly evolving their tactics and techniques.”
