Including a thumb drive you put in your leg and using AI to impersonate a CEO
The world is filled with oddball cybersecurity news, with fresh headlines every day of ransomware and data breaches, Internet of Things incidents and scam apps. The bar for sheer weirdness is high. Here are a dozen stories that managed to clear it.
A new device about the size of a pack of gum, called PegLeg is meant to be surgically inserted into your leg. Any Wi-Fi enabled device can access it, and the device can store hundreds of gigabytes of data. This would allow the embedded user to bootleg data into another country.
After paying his ransomware attacker 670 euros (about $747), Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key.
The FBI’s cybercrime report found that the second-costliest category of crime, behind only compromised business email, was confidence and romance fraud, with a 2018 cost of $363 million. The scams happened 18,493 times last year, the FBI reports – an average of more than 50 times a day.
The band Radiohead has released 18 hours of previously unheard music after thieves threatened to release tracks unless the band paid them $150,000. The majority of the material, according to the band, is “only tangentially interesting. And very, very long.”
Facebook turned 15, celebrating the milestone with total monthly users of around 2.32 billion. The birthday and user base provided little protection from controversy. The social media giant announced its own digital currency, Libra, and experienced major pushback within hours as policymakers around the world voiced concerns it could heavily disrupt the global financial system.
Germany fined a police officer $1,500 for looking up a driver’s mobile number using their license plate information and calling them for personal reasons.
For the last four fiscal years, the Department of Homeland Security continued to use unsupported systems, such as Windows XP and Windows Server 2003. Then-DHS Chief Information Officer Richard Staropoli summed up issues related to his cybersecurity management job by saying, “You can write this down and quote me: The problem is piss-poor management.”
The U.S. government’s $10 million voting machine was supposed to be available for hackers to find security flaws at DefCon. An unexpected bug stopped the experiment from starting until the conference's last day. More from CNET here.
A UK-based energy firm was scammed out of $243,000 when criminals targeted the company with an effective "vishing" campaign. Vishing is short for “voice phishing,” the tactic of tricking targets over the phone. This incident marked the first time AI-based voice fraud netted such a high payload, according to The Next Web.
Remember FaceApp – the hot new app that turned out to be a big security risk? If that’s how you remember it, that’s understandable. It just isn’t true. Pop stars used it to look like senior citizens. Professional athletes made themselves unrecognizable. The “FaceApp challenge” became a thing in 2019 – until U.S. Sen. Chuck Schumer of New York, posted an alarming warning about the app message. Turns out, FaceApp had been around for two years – and had no new security issues.
University of Michigan researchers demonstrated how to hack smart speakers via laser. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away.
Amazon call scams are on the rise. Fortunately, you can protect yourself by learning how to recognize these scams and keep your personal and financial information safe.
Adobe offers a cloud service to sign documents online called Acrobat Sign that allows registered users to send a document signature request to anyone. Here's how cybercriminals are taking advantage of this tool.