Java programmers love string interpolation features.
If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as programming jargon where it’s not a very good linguistic fit…
…but the idea is simple, very powerful, and sometimes spectacularly dangerous.
In other programming ecosystems it’s often known simply as string substitution, where string is shorthand for a bunch of characters, usually meant for displaying or printing out, and substitution means exactly what it says.
For example, in the Bash command shell, if you run the command:
Equifax used its own worker surveillance product to spy on workers fired.
Hundreds of thousands of Americans juggled two full-time jobs in September, and nearly 4 million more mixed full-time with part-time work, the Bureau of Labor Statistics reported. This “overemployment” trend has become so popular through the pandemic that Wired reported that some workers described holding down two jobs as the cure to burnout experienced from having just one job. For remote workers, in particular, the ability to generate extra income by doing two jobs at once became so normalized, The Washington Post reported last week, that some remote workers considered it “fair” to hide a second job from their primary employers.
Some remote workers learned the hard way that not all employers consider it fair, though. This week it was reported that the credit-reporting service Equifax proved unwilling to sit idly by as its employees attempted to keep second jobs on the sly. According to Business Insider, Equifax “used one of its own products, The Work Number, to help it suss out who was holding down multiple jobs simultaneously” and then fired 24 out of 25 remote workers that its investigation uncovered. Some Equifax remote workers were juggling as many as three jobs.
For its investigation, Business Insider reviewed company emails, spoke to current and fired Equifax employees, and reviewed internal Equifax documents. Insider found that Equifax used The Work Number to comb through “work histories and activity records for more than 1,000 employees and contractors” and see any overlapping payment periods reported by other companies. This information, Insider reported, is usually only provided to individuals seeking their own reports, while third parties would typically receive a different version that doesn’t provide such granular information. In addition to dozens of workers Equifax then fired, the company reportedly flagged 283 contractors also suspected to be dually employed, but Business Insider was unable to verify if those contractors were also fired.
“Equifax recently conducted an investigation into a number of employees suspected of holding dual, full-time employment that conflicted with their roles at our company,” Equifax spokesperson Kate Walker told Ars in a statement. “As a result, several employees who violated our company code of conduct and outside
Equifax used other employee surveillance methods to determine which workers were violating its employee code of conduct—which Walker told Insider specifies that employees “always need to disclose and discuss outside employment with your supervisor.” Some workers were suspected of calling into interviews with Equifax from their other job sites, and Equifax began noting any employee clocking “abnormally low VPN usage,” below 13 hours weekly, as a red flag.
Equifax employees were informed of terminations in a company-wide email that unsettled some. One fired worker who spoke to Insider said he wasn’t aware of Equifax’s code of conduct when he took his second job. A current employee told Insider that Equifax shouldn’t be using the data it collects for The Work Number to “spy” on its own employees.
The Work Number collects employment records from 2.5 million companies, Insider reported, and when two Insider reporters ran their own reports on the service, payment periods for “almost every job both had ever held was listed in the report.”
Although Equifax’s investigation, which it at one point dubbed “Project Home Alone,” targeted employees with two or more jobs, the company said that this violation wasn’t the only reason that 24 employees were terminated.
“Equifax followed all applicable laws in its handling of this situation,” Walker told Ars. “These employees were terminated because of multiple factors, including in many cases their own admission that they had a secondary full-time position, which prevented them from fulfilling their full-time obligations to Equifax.”
In its story on overemployment, Wired reported that people drawn to the trend found support on Reddit, Discord, and a website called Overemployed.com. In forums, the dual-employed and those aspiring to take on multiple jobs discuss strategies to do it all unnoticed. It seems implied across all forums that employees will need to hide their other jobs from each employer, but Overemployed.com assures visitors that “it’s legal to work multiple remote jobs.” The website compiled a guide that breaks down labor laws in different states.
However, on the very same page, Overemployed.com also foretold of the Equifax terminations by warning any website visitors that employers still seemingly retain all the power: “The truth is, you can get fired at any time whether you work just one or multiple remote jobs.”
Samsung’s new security solution Knox Matrix will work as a user’s own private blockchain system and strengthen security through multi-layered mutual monitoring across connected devices, from smartphones to smart homes.
“Today’s connected world needs a connected security approach too — after all, if just one device is compromised, all others are at risk,” Shin Baik, principal engineer of the security team at the South Korean tech giant said during Samsung Developer Conference Wednesday. “Multi-device protection is the next battlefront for security and privacy.”
To safeguard users’ smart home from malicious access and simplify the login process, Knox Matrix will “share credentials device-to-device” and “protect sensitive information even between trusted devices,” according to a blog post from the company.
“Whether your Samsung devices are based on Android, Tizen, or other OS, Samsung Knox Matrix will be able to provide a unified security SDK,” the post read.
Samsung did not disclose technical details for the blockchain technology or when it plans to release Knox Matrix, besides saying in its post to “stay tuned.”
The adoption of blockchain technology has soared over the past few years within the financial technology industry (fintech), with researchers predicting the global fintech blockchain market to reach $8.7 billion by 2026, according to Research and Markets.
While this modern technology has gained popularity in the fintech industry, Patrick Moorhead, founder and CEO of Moor Insights & Strategy said in a blog post that there are more blockchain-related frauds than there are practical applications and innovative solutions.
“This statement goes without saying, many incredible technologies within fintech and cryptocurrency have yet to change the world,” Moorhead noted. “I believe Samsung does have a real-word use case here with blockchain that does address the need for more security within IoT.”
Samsung has been identified as the most active investor in the blockchain and crypto space, participating in 13 funding rounds within the industry from September 2021 to mid-June 2022, according to Blockdata.
The company announced Friday that Samsung Wallet will expand to 13 new markets this year since it first launched in June 2022. Besides organizing and accessing essential documents and identifications, users can also monitor their cryptocurrency portfolio across various exchanges via the Wallet.
The Wallet is safeguarded by the company’s Samsung Knox security platform. It also stores sensitive documents in an isolated environment to add an extra layer of security protection.
The Department of Health and Human Services breach reporting tool recently added 13 separate filings from anesthesia practices across the U.S., stemming from a “data security incident” at the covered entities’ management company. In total, the compromise involved the protected health information of 380,104 patients.
The HHS tool appears to center on entities tied to New York-based Resource Anesthesiology Associates and Anesthesia Associates, including sites in El Paso, California, Washington, Palm Springs, Lynbrook, Hazleton, Fredericksburg, Bronx, San Joaquin, and Maryland. Upstate Anesthesia Services is also listed.
It’s currently unclear the name of the management company. A dive into how, or whether, these providers are connected found just one breach notice from Anesthesia Associates of El Paso PA, “an anesthesia provider to a local healthcare facility.”
The breach notification shows the incident occurred on July 15, 2022 at “its management company.” No further details are shared as to the entity behind the incident, or the threat behind the compromise.
However the incident occurred, it appears that protected health information stored in the management company’s system was impacted during the event, which included patient names, contact details, health insurance policy numbers, Social Security numbers, payment data, and health information, such as treatments and diagnoses.
The entities involved have since improved security controls to better “secure the system and protect patient information.”
OakBend Medical patients targeted by email schemes after ransomware attack
Three weeks after falling victim to a ransomware attack and data exfiltration incident, OakBend Medical Center reported the recovery team restored its network and clinical systems brought offline in the wake of the attack.
OakBend brought the systems back online on Sept. 30, with some replacement processes being utilized as it finished recovering the impacted systems. One week later, the Texas provider began warning patients that third-party actors were targeting individuals with email schemes, with themes tied to the ransomware incident.
As SC Media previously reported, OakBend Medical took its network offline and launched electronic health record downtime procedures in response to a ransomware incident deployed on Sept. 1. Two weeks later, the systems remained down as the team worked to rebuild the affected systems.
Officials quickly confirmed that the Daixin threat group claimed responsibility for the attack, posting data proofs on the dark web that contained more than 1 million records allegedly stolen from the hospital prior to the ransomware deployment.
But now patients are facing further risks, as an Oct. 7 notice shows patients are receiving emails designed to appear as if sent from OakBend in regards to the data and system impacts. Hospital officials are warning patients that “all verified information regarding system updates, investigative findings, and next steps will continue to come directly from the office through email updates and website postings.”
On Oct. 11, officials added that the forensic investigation is ongoing and has not determined the extent of the data theft, nor who was affected. Patients have been asked to send the hospital the fraudulent emails for analysis. OakBend is offering all patients 18 months of credit monitoring to support fraud prevention.
6 months after data theft, CSI Labs reports another PHI breach
Nearly 245,000 patients with ties to CSI Laboratories were recently notified that their data was compromised after a phishing incident gave a threat actor access to a single employee email account.
The notice comes just six months after the Georgia-based cancer testing and diagnostics laboratory reported falling victim to a February cyberattack that led to IT disruptions and the exfiltration of data tied to 312,000 patients, such as names, patient case numbers, dates of birth, addresses, medical record numbers, and health insurance information.
The latest security incident was discovered on July 8, which led the security team to promptly isolate the affected email account and launch an investigation. The forensic evidence shows the phishing attack appeared designed to commit financial fraud on other entities by redirecting customer payments from health providers to an account controlled by the actors using a fictitious email address.
“The invoices were not directly billed to patients. Thus, we believe that the malicious actor was seeking to divert invoice payments,” rather than to access patient data, according to the notice.
However, the investigation determined on July 15 that the hacker indeed acquired “certain files from the affected employee mailbox, including documents that may have contained patient information.” The discovery prompted a new analysis to determine the scope and impact on patient information.
The exfiltrated data was found to involve invoices sent to CSI healthcare provider customers, which varied by invoice. The information “generally” contained patient names and numbers, as well as dates of birth and health insurance information. No patient financial data was compromised.
CSI stressed that the incident was limited to a single email inbox, and its network and IT systems were not impacted by the event. Employees have since received additional phishing-related awareness and training, as CSI works to improve its enterprise security to prevent a recurrence.
Aesthetic Dermatology hack leads to data access for 34K patients
The personal and protected health information of 33,793 Aesthetic Dermatology Associates patients was accessed during a systems’ hack in August.
It should be noted that an industry advisory shows the BianLian threat group has posted a data listing allegedly tied to Aesthetic Dermatology Associates. However, the provider’s notice purports there’s been no evidence of data misuse.
The official notification shows that suspicious activity was discovered on Aug. 15, which prompted an investigation with support from a computer forensics specialist. The analysis discovered an attacker accessed its network systems, some of which contained personal information.
A review of those files confirmed PHI was accessed during the hack, which included patient names, diagnosis codes, dates of birth, contact details, and health insurance information. SSNs were not involved.
Aesthetic Dermatology has since secured the affected systems and plan to implement additional safeguards to prevent another incident.
Magellan Rx Management recently informed 13,663 TennCare patients, who leverage MRx for pharmacy benefit services, that their data was compromised after the hack of an email account belonging to its former auditing vendor NorthStar. MRx provides healthcare delivery and pharmacy management services to managed care entities, health plans, and and other third-party administrators.
NorthStar previously disclosed its April email hack in early September, where a threat actor gained access to a single employee email account and accessed or stole Medicaid data tied to the Georgia Department of Community Health. About 18,354 members were affected by the incident.
The incident was first detected on April 20, but MRx was not notified by NorthStar until July 25. The investigation determined the attacker had access to the account for more than two months between February 5, 2022 and April 17, 2022. During the dwell time, the actor accessed the account, but the investigators could not verify what, if any, data was accessed or acquired.
For MRx, the account contained the personal data of patients enrolled in health plans serviced by MRx. The notice suggests NorthStar’s investigation is ongoing, which could account for the delay in notifying patients. And “although NorthStar is no longer an MRx vendor, MRx has processes in place to ensure that its vendors safeguard personal information within their possession.”
The incident joins an earlier email compromise reported by MRx’s parent company Magellan Health in the last three years. Several weeks ago, Magellan Health settled a breach lawsuit for $1.43 million with the 270,000 patients whose data was compromised during a months-long hack of an employee email account in the Spring of 2019.
Cardiac Imaging Associates reports email hack from April
An undisclosed number of patients tied to Cardiac Imaging Associates are just now learning that their data was compromised after the hack of an internal email account in April. CIA is a medical imaging services vendor for healthcare providers.
Under the Health Insurance Portability and Accountability Act, breach notices should be sent to patients within 60 days of discovery and not at the close of an investigation. According to its notice, it appears that CIA’s delay was due to its investigation only recently being closed.
Upon discovering the email intrusion, the account was secured. A subsequent investigation determined the threat actor had access to the account for a week between March 30 and April 6. The forensic analysis could not determine whether the actor viewed the emails or attachments within the accounts, which prompted a “thorough and time-intensive review of the contents of the email accounts.”
The compromised data varied by patient and could include names, SSNs, dates of birth, driver’s licenses, financial account and payment card information, medical diagnoses, conditions, lab results, treatments, and prescriptions. It’s possible the data was accessed or acquired.
CIA has since enhanced its security, as it reviews its existing policies and procedures and implements internal training protocols to mitigate possible risks.
But there are ways to prevent it from happening. Here’s how.
Installing an internet-connected security camera in your house won’t necessarily bring a wave of hackers to your Wi-Fi network — but it also has happened before. For example, in 2020, an ADT home security customer noticed an unfamiliar email address connected to her home security account, a professionally monitored system that included cameras and other devices inside her home. That simple discovery, and her report of it to the company, began to topple a long line of dominoes leading back to a technician who had spied, over the course of four and a half years, on hundreds of customers — watching them live their private lives, undress and even have sex.
ADT says it has closed the loopholes that technician exploited, implementing “new safeguards, training and policies to strengthen … account security and customer privacy.” But invasions of privacy are not unique to ADT, and some vulnerabilities are harder to safeguard than others.
Whether you’re using professionally monitored security systems such as ADT, Comcast Xfinity or Vivint, or you just have a few stand-alone cameras from off-the-shelf companies like Ring, Nest or Arlo, here are a few practices that can help protect your device security and data privacy.
Is my home security system at risk for hacking?
Before jumping into solving the problems of device insecurity, it’s helpful to understand how vulnerable your devices really are.
Major professionally monitored security systems — and even individually sold cameras from reputable developers like Google Nest and Wyze — include high-end encryption (which scrambles messages within a system and grants access through keys) almost across the board. That means as long as you stay current with app and device updates, you should have little to fear of being hacked via software or firmware vulnerabilities.
Likewise, many security companies that use professional installers and technicians have strict procedures in place to avoid precisely what happened at ADT. The Security Industry Association — a third-party group of security experts — advises manufacturers such as ADT on matters relating to privacy and security.
“The security industry has been paying attention to [the issue of privacy in the home] since 2010,” said Kathleen Carroll, chair of the SIA’s Data Privacy Advisory Board, “and we continue to work to help our member companies protect their customers.”
Some professionally monitored systems, such as Comcast and now ADT, address the problem by simply strictly limiting the actions technicians can take while assisting customers with their accounts — for instance, disallowing them from adding email addresses to accounts or accessing any recorded clips.
“We have a team at Comcast dedicated specifically to camera security,” a Comcast spokesperson said. “Our technicians and installers have no access to our customers’ video feeds or recorded video, which can only be accessed by a small group of engineers, under monitored conditions, for issues like technical troubleshooting.”
“Only customers can decide who is allowed to access their Vivint system, including their video feeds,” a spokesperson for home security company Vivint said. “As admin users, they can add, remove or edit user settings. And … we regularly conduct a variety of automated and manual audits of our systems.”
With DIY systems, customers set up their own devices, making technician access a moot point. But if customers opt into additional monitoring, which is often offered alongside individual products, that may complicate the issue.
One such company, Frontpoint, said in an email that it tightly constrains personnel access to customer information, disallowing, for instance, agents from watching customer camera feeds — except in particular, time-boxed cases where permissions are obtained from the customer, for the purpose of troubleshooting or other types of assistance.
A representative of SimpliSafe, another developer straddling the line between DIY and professionally installed home security, responded more broadly to questions about its procedures: “Much of our day-to-day work is focused on maintaining our systems so that vulnerabilities are immediately identified and addressed. This relentless focus includes both internal and external security protocols.”
In short, security companies appear to be consciously using multiple levels of security to protect customers from potential abuse by installers and technicians — even if the processes by which they do this aren’t entirely transparent. But even if they’re effective, that doesn’t mean your smart cameras are totally secure.
How could hackers access my home security cameras?
The ADT case didn’t technically require any hacking on the part of the technician, but what if hacking is involved? There are plenty of cases of remote hacks, after all. And even quality devices with high levels of encryption aren’t necessarily safe from hacking, given the right circumstances.
There are two primary ways a hacker can gain control of a video feed, security expert Aamir Lakhani of FortiGuard told CNET: locally and remotely.
To access a camera locally, a hacker needs to be in range of the wireless network the camera is connected to. There, they would need to obtain access to the wireless network using a number of methods, such as guessing the security passphrase with brute force or spoofing the wireless network and jamming the actual one.
Within a local network, some older security cameras aren’t encrypted or password-protected, since the wireless network security itself is often considered enough of a deterrent to keep malicious attacks at bay. So once on the network, a hacker would have to do little else to take control of the cameras and potentially other IoT devices around your house.
Local hacks are unlikely to affect you, though, as they require focused intent on the target. Remote hacks are the far more likely scenario, and examples crop up fairly often in the news cycle. Something as common as a data breach — such as those at Equifax or Delta — could put your login credentials in the wrong hands, and short of changing your password frequently, there’s not much you could do to prevent it from happening.
Even if the security company you use — professionally monitored or otherwise — has strong security and end-to-end encryption, if you use the same passwords for your accounts as you do elsewhere on the internet and those credentials are compromised, your privacy is at risk. (If you don’t already, you should definitely start using a password manager to keep track of all of your strong, unique passwords.)
And if the devices you use are dated, running out-of-date software or simply products from manufacturers that don’t prioritize security, the chances of your privacy being jeopardized rise significantly.
For hackers with a little know-how, finding the next target with an unsecured video feed is only a Google search away. A surprising number of people and businesses set up security camera systems and never change the default username and password. Certain websites, such as Shodan.io, display just how easy it is to access unsecured video feeds such as these by aggregating and displaying them for all to see.
How to know if your cameras have been hacked
It would be almost impossible to know if your security camera — or perhaps more unnervingly, baby monitor — has been hacked. Attacks could go completely unnoticed to an untrained eye and most people wouldn’t know where to begin to look to check.
A red flag for some malicious activity on a security camera is slow or worse than normal performance. “Many cameras have limited memory, and when attackers leverage the cameras, CPU cycles have to work extra hard, making regular camera operations almost or entirely unusable at times,” said Lakhani.
Then again, poor performance isn’t solely indicative of a malicious attack — it could have a perfectly normal explanation, such as a poor internet connection or wireless signal.
How to protect your privacy at home
While no one system is impervious to an attack, some precautions can further decrease your odds of being hacked and protect your privacy in the case of a hack.
Another important step is simply avoiding the conditions for an invasion of privacy. Hacks are unlikely and can be largely avoided, but keeping cameras out of private rooms and pointed instead toward entryways into the house is a good way to avoid the worst potential outcomes of a hack.
Lakhani also suggested putting stand-alone security cameras on a network of their own. While this would doubtless foil your plans for the perfect smart home, it would help prevent “land and expand,” a process by which an attacker gains access to one device and uses it to take control of other connected devices on the same network.
Taking that one step further, you can use a virtual private network, or VPN, to further restrict which devices can access the network the security cameras are on. You can also log all activity on the network and be certain there’s nothing unusual happening there.
Again, the chances of being the victim of an attack like this are quite small, especially if you follow the most basic safety precautions. Using the above steps will provide multiple layers of security, making it increasingly difficult for an attacker to take over.
Known Bad Brands – Brands that lack adequate security policies
As a rule of thumb, brands that are not well-known outside of the online market should be avoided at all costs. Affordable CCTV solutions from Shenzhen-based factories in China sometimes fail to meet wireless safety standards.
Brands that have been proven to have continuous underlying issues, and that you should ultimately avoid are; ieGeek, Sricam, SV3C, and Vstarcam. All come with a friendly price tag, but they are quick to join the list of CCTV cameras that risk your privacy and security.
“Cheap CCTV systems show that they fail to prioritise customers’ security even those that are bestsellers in online marketplaces”
Home security system FAQs
Do I have to sign a contract for home security?
Contracts are sometimes required for professional home monitoring or to qualify for free equipment, so service from home security providers like ADT, Vivint and Xfinity may include one. That said, it’s usually possible to avoid contracts if you pay upfront — and other home security companies like Ring, SimpliSafe and Wyze offer DIY home security solutions that never require one.
What’s the best home security camera system for your home?
Arlo, Nest and Wyze cameras are our top picks for the best home security cameras, but the best one for your home depends on your needs. Be sure to consider price, Wi-Fi connectivity, indoor/outdoor functionality as well as compatibility with other smart home devices and security services when choosing.
How do I set up a home security system?
Some home security systems come with professional installation, so you can rely on the company to install and set up your system. Others, including many DIY systems, may require self-installation and setup. These systems should come with detailed instructions, and they’re often easy to set up. In most cases, you can simply place or mount the devices where desired, then connect them to your Wi-Fi and other smart home devices (if compatible) via app.
What’s the difference between a wired and wireless alarm system?
In a home security context, there are two ways to look at “wired” vs. “wireless.” The first is power — home security systems require electricity to operate, so in that context, a wired system would be one with devices that plug into power, and which rely on your home’s electricity to function. A fair number of current-gen systems use wireless, battery-powered sensors and battery backups for the base stations that will keep the setup running if the power ever goes out — you can think of those systems as “wireless” as far as electricity is concerned.
The second way to look at wired vs. wireless concerns connectivity. Every home security system needs to be able to notify you when there’s a problem and alert the authorities when there’s an emergency. It used to be that systems would notify you with the sound of the alarm, and contact authorities with a wired connection to your phone line, but most current-gen systems can also notify the user of issues with a push alert on their phone, and some will use an internet connection to contact the professionals during an emergency.
Even then, we’d still consider the system to be “wired” if you can stop it from operating by cutting your home’s internet signal. That’s why a growing number of systems include built-in cellular connectivity as a backup. Even if the Wi-Fi goes out (or if a tech-savvy intruder disables it), a system like that will still be able to notify you and the authorities of an emergency by way of that cellular connection. Systems like those are “wireless” in the connectivity sense — and if they double down with a battery backup as well, then they’re as wireless as home security gets.
The hackers used “legitimate” credentials to breach the vendor’s network
Advanced, an IT service provider for the U.K.’s National Health Service (NHS), has confirmed that attackers stole data from its systems during an August ransomware attack, but refuses to say if patient data was compromised.
Advanced first confirmed the ransomware incident on August 4 following widespread disruption to NHS services across the U.K. The attack downed a number of the organization’s services, including its Adastra patient management system, which helps non-emergency call handlers dispatch ambulances and helps doctors access patient records, and Carenotes, which is used by mental health trusts for patient information.
In an update dated October 12 and shared with TechCrunch on Thursday, Advanced said the malware used in the attack was LockBit 3.0, according to the company’s incident responders, named as Mandiant and Microsoft. LockBit 3.0 is a ransomware-as-a-service (RaaS) operation that hit Foxconn earlier this year.
In its updated incident report, Advanced said that the attackers initially accessed its network on August 2 using “legitimate” third-party credentials to establish a remote desktop session to the company’s Staffplan Citrix server, used for powering its caregiver’s scheduling and rostering system. The report implies that there was no multi-factor authentication in place that would block the use of stolen passwords.
“The attacker moved laterally in Advanced’s Health and Care environment and escalated privileges, enabling them to conduct reconnaissance, and deploy encryption malware,” Advanced said in the update.
Advanced said some data pertaining to 16 Staffplan and Caresys customers (referring to NHS trusts) was “copied and exfiltrated,” a technique known as double-extortion, where cybercriminals exfiltrate a company’s data before encrypting the victim’s systems.
In the update, Advanced said there is “no evidence” to suggest that the data in question exists elsewhere outside our control and “the likelihood of harm to individuals is low.” When reached by TechCrunch, Advanced chief operating officer Simon Short declined to say if patient data is affected, or whether Advanced has the technical means, such as logs, to detect if data was exfiltrated.
Lockbit 3.0’s dark web leak site did not list Advanced or NHS data at the time of writing. Short also declined to say if Advanced paid a ransom.
“We are, however, monitoring the dark web as a belt and braces measure and will let you know immediately in the unlikely event that this position changes,” Advanced said in the update.
Advanced said its security team disconnected the entire Health and Care environment to contain the threat and limit encryption, which downed a number of services across the NHS. The extended outage left some trusts unable to access clinical notes and others were forced to rely on pen and paper, BBC News reported in August.
Advanced said its recovery from the incident is likely to be slow, citing an assurance process set by the NHS, NHS Digital, and the U.K. National Cyber Security Center.
“This is time consuming and resource intensive and it continues to contribute to our recovery timeline,” Advanced said. “We are working diligently and bringing all resources to bear, including outside recovery specialists, to help us restore services to our customers as quickly as possible.”
For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all.
We are extremely excited to announce that BlueHat is back in-person and the 2023 Call for Papers (CFP) is now open through December 8! Don’t worry if you can’t attend in-person, we promise you won’t miss out on the content!, reports a blog on the Microsoft website
BlueHat 2023 will be held in Redmond, WA on the Microsoft Campus February 8-9, 2023. It is impossible to express the positive energy and excitement we feel to re-connect with the community. The Call for Papers (CFP) is now open! The topics and possibilities are limitless – Don’t delay in submitting your talks as the CFP closes on December 8, 2022. Submit now at https://aka.ms/BHCFP.
Here are some possible topics for submission. These are meant to be inspirations, not boundaries. We cannot wait to see what you want to share with the community!
Cloud Security Research
Virtualization and Container Security
Operating System Security
Detection Techniques at Scale
IOT/OT Critical Infrastructure Security
Machine Learning and Security Operations Applications
Network Security
Applied Cryptography
Identity Management
AuthN/AuthZ
We will be announcing more details soon including keynotes, registration information, the event website, and what to expect! Block your calendars, submit your paper, and get ready for BlueHat 2023!!
Recent attacks use phishing emails to impersonate the U.S. Small Business Administration (SBA) and rely on Google Forms to host phishing pages that steal the personal details of business owners.
COVID-19-themed phishing campaigns are not unheard of in the U.S., but this time the attack is actually based on a legitimate financial recovery program the SBA ran in the past. It is worth mentioning that no such initiatives are being officially implemented at me moment.
Fake Grants Real Threat
The phishing emails lure their recipients with grants for pandemic financial support programs like the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan”, which they can apply for by filling out a form.
According to INKY, once the link is clicked and the victim is directed to Google Forms, the questions are designed to extract users personally identifiable information (PII) and include EIN, SSN, driver’s license details, and bank account information.
Upon a Closer Look
BleepingComputer explains that phishing actors take advantage of the free hosting, encrypted data traffic, and brand recognition and trustworthiness that come with legitimate Software-as-a-Service (SaaS) platforms. Google Forms is no exception, this particular instance turning them into a victim of a credential harvesting and brand impersonation scheme.
First of all, business owners should keep in mind that the SBA would never request such information be submitted by means of Google Forms, but rather directly on their site. Also, as mentioned in the beginning of this article, the organization is no longer accepting applications to their COVID-19 relief loan and grant programs.
Business owners are advised to remain vigilant and treat all incoming messages offering financial support with suspicion, as well as check sender details. In this case, the phishing email content is full of grammar errors that should raise a few questions related to its origin. Additionally, the use of all caps in “GRANT MONEY” feels and looks unprofessional.
A new warning is being issued for anyone who uses wireless security cameras like “Ring” to protect their home.
A Detroit woman said her Ring camera didn’t capture the moment her car was stolen from the front of her house, and one local expert said it’s because crooks are becoming more tech-savvy.
Earlier this month, the woman said her car was stolen from her driveway, and when she went to review her Ring camera footage, she realized hours were missing.
Chris Burns, the owner of Techie Gurus, said security cameras that use WiFi to record are more about convenience than security. That’s because WiFi can easily be disrupted, preventing the camera from capturing who is around your home, and criminals are catching on.
“If you’re relying on wireless as a security thing, you’re looking at it wrong,” Burns said. “Wireless signals are easy to jam or block.”
Those crooks can use this like a WiFi jamming device, or a deauther, which can be the size of an Apple Watch.
A deauther will overwhelm a WiFi system, forcing the WiFi camera to stop recording if you stand close enough. The accessory only costs about $10-$50. A jammer on the other hand will cost anywhere between $150 to $1,000.
They’re also highly illegal, so jammers are more difficult to find, but a powerful jammer can prevent an entire street from recording on WiFI security cameras with the switch of a button.
A spokesperson from Ring sent a statement saying, “Like any wifi-enabled device, WiFi signal interference may affect Ring device performance. If customers are experiencing issues with connectivity, we encourage them to reach out to Ring Customer Support.”
How can customers protect themselves?
“For true security, it should always be hard-wired, it should always be plugged into ethernet or something like that,” Burns said.
A spokesperson for Ring said although they are aware of the problem, it is rare.
Burns said as technology gets cheaper, it’s likely jammers will become more popular and it’s important to keep people fully-informed.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
