Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
The best of us can be swindled, but one banker’s particular enthrallment to an overseas cryptocurrency crime network was so dire that it almost devastated his entire community. Read this New York Times report about Shan Hanes embezzling more than $31 million into a suspicious crypto investment before the money disappeared.
“I’ll forever struggle understanding how I was duped,” Hanes said. “I should have caught it, but I didn’t.”
The encrypted messaging app has already pushed out an update for a vulnerability that Russian hackers have been using to target Ukrainian soldiers. The attacks, discovered by Google, used malicious QR codes to link targets’ devices to the hackers’, allowing them to receive all their future messages. Signal’s update prompts users to confirm they want to create the link, but WhatsApp and Telegram may be vulnerable too.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a memo freezing its election security efforts to review all work and positions “related to election security and countering mis- and- disinformation” at the state and local level since 2017, reports Wired. The review is reportedly set to conclude on March 6th.
The outlet writes that the memo also confirms an earlier Politico report that CISA employees associated with the work were placed on administrative leave on February 7th.
A clever and since-fixed exploit allowed a security researcher to find the email address belonging to any YouTube account through a roundabout series of steps. Strangely enough, the Pixel Recorder app played an important role in spilling the Google account details.
Google’s security panel initially awarded the researcher $3,133 before upping the total to $10,000 — a sum that many on Hacker News still find rather low considering the exploit.
[brutecat.com]
Two zero-day holes being fixed on this Patch Tuesday could potentially allow attackers to delete your files and gain unmitigated system-level privileges, Bleeping Computer reports, so update ASAP.
In lighter news, the KB5051987 update continues rolling out a feature that improves taskbar previews. Plus, a new system tray icon will appear when using apps that support Windows Studio Effects on computers with a neural processing unit, like new Copilot Plus PCs.
This recent video from YouTuber Chuppl highlights a 2023 pre-print estimating people have wasted as many as 819 million hours solving reCAPTCHA since Google acquired it in 2009, as spotted earlier by Boing Boing. Dr. Andrew Searles, the researcher who submitted the study, told Chuppl that Google collects a trove of data through reCAPTCHA, including keystrokes, clicks, IP addresses, and more.
Please don’t buy used phones with TikTok installed. I know it’s hard to pass the time without the FYP, but it’s a massive security and privacy risk. Just scroll on your browser instead.
It’s not clear whether any of the examples in this New York Times story have actually sold, but eBay is full of listings that apparently have been purchased.
[The New York Times]
TechCrunch says that the US edtech giant declined to answer outstanding questions about the hack it reported this month, and several schools that were impacted have yet to receive an incident report.
Both the scale of the breach and who was behind it are still unknown. PowerSchool did notify customers that “sensitive personal information” on students and teachers was stolen, however.
