Cybersecurity Weekly: Gas pump hidden cameras, insecure smart TVs, ransomware recovery

December 2, 2019 by Sam Fay

Hidden cameras found at gas station pumps in conjunction with card skimmers. The FBI warns consumers about security issues in smart TVs. The State of Louisiana prevents any data loss and pays no ransom in a recent ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. FBI warning: Your smart TV might not be secure

With the rise in TV sales around the holiday season, the FBI issued a warning about new smart TVs that include built-in webcams and microphones. Aside from purchasing a new TV, the bureau advised consumers to put tape over their TV’s webcam and to keep the device up-to-date with the latest patches.
Read more »

2. Kali Linux OS added Windows-like undercover theme

Offensive Security released a new version of Kali Linux that includes a special theme to transform the desktop into a Windows-like desktop. Dubbed “Kali Undercover,” the theme was designed for those who work in public places or office environments and don’t want people noticing them working in Kali Linux.
Read more »

3. Hacking robotic vehicles is easier than you might think

According to research from the University of British Columbia, robotic vehicles like Amazon delivery drones or Mars rovers can be hacked more easily than people may think. In their tests, the attacks required little to no human intervention to succeed on both real and simulated drones and rovers.
Read more »

4. Hidden camera above Bluetooth pump skimmer

Tiny hidden spy cameras are a common sight at tampered ATMs with card skimmers. Now, these hidden cameras are appearing at gas pumps along with Bluetooth-based card skimming devices. Although the PIN pads at gas pumps are encrypted, these cameras can capture video of the person entering the PIN, much like shoulder surfing.
Read more »

5. Magento marketplace suffers data breach exposing users’ account info

Adobe, Magento’s parent company, recently disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers. According to the company, the hacker exploited an undisclosed vulnerability to gain unauthorized access to the database of registered customers and developers.
Read more »

6. Dexphot malware uses fileless techniques to install cryptominer

Last week, Microsoft revealed its discovery of a polymorphic malware that uses fileless techniques to execute a cryptomining program on infected machines. Dubbed Dexphot, the malware was first observed in October 2018 when Microsoft detected a campaign that attempted to deploy files that changed every 30 minutes on thousands of devices.
Read more »

7. Target seeks $74 million in data breach reimbursement from insurance companies

Over the past few years, Target paid $138 million to settle claims made by banks stemming from the retailer’s massive 2013 data breach. Of that total, $74 million has not been reimbursed by the company’s insurers. Now, Target has gone to court to force the insurance companies to pay up.
Read more »

8. NYPD tech vendor accidentally slipped malware into computer system

An IT technician at the NYPD Academy in College Point mistakenly introduced malware into the department’s computer network at some point in 2018. The malware affected 23 machines, including about 12 of the NYPD’s LiveScan machines, which scan fingerprints and check records electronically.
Read more »

9. Chinese smartphone vendor OnePlus discloses a new data breach

OnePlus disclosed a data breach in which an “unauthorized party” accessed some customers’ order information, including names, contact numbers, emails and shipping addresses. The company pointed out that not all customers were affected and that the attackers were not able to access financial information and passwords.
Read more »

10. Cyberattack hit 10% of Louisiana’s state government servers

One in ten of Louisiana’s 5,000 state government servers were damaged by last week’s cyberattack, according to a key technology official. Louisiana’s deputy chief information officer said the ransomware attack wasn’t catastrophic to state government. No data was lost, and no ransom was paid.
Read more »

Posted: December 2, 2019
Sam Fay
View Profile