Tag Archive for: Drivers

How to Put Your Driver’s License on Your Phone

/in


How nice would it be to never again realize that you forgot your driver’s license in your other pants? Well, if you have a smartphone—and if you live in one of the US states that supports it—you can start carrying a digital version of your ID with you everywhere.

A recent Android update expands Google’s digital ID program that lets users store their personal IDs in digital form within Google Wallet. This includes driver’s licenses and other official state IDs. Apple launched a similar feature in Apple Wallet in 2021. Digital identification cards (for both platforms) are available in just a handful of US states right now: Arizona, Colorado, Georgia, and Maryland. Both Apple and Google say residents of more states will be able to load their driver’s licenses onto their phones eventually, but that depends on local governments making the necessary policy and digital infrastructure changes.

Some other states are content to maintain their own services for displaying your digital ID. California has its own mobile driver’s license app, as does Utah. Both Google and Apple hope to build out their ID storage capabilities, but with so many government agencies involved, the process is slow going. Meanwhile, the US Transportation Security Administration accepts digital drivers licenses at just over two dozen airports across the US; you can find a map of those airports on the TSA website.

Digital IDs in both Apple and Google Wallets work in tandem with your phone’s bio-authentication features to verify that the person holding the phone is the person whose ID is on there. When you are asked to show your ID, you’ll be prompted to unlock the feature by scanning your face with Face ID or using your fingerprint scanner, just like you would with a contactless payment.

If you live in a state that supports digital ID management, here’s what to know about storing your government-issued ID card on your phone.

How to Add Your ID to Google Wallet

Google Wallet should be preinstalled on your Android device, but if not, then redownload the app. You’ll need to have a screen lock enabled, which Google requires so that nobody other than you is able to use your ID or your payment cards.

Go into the…

Source…

Caesars: Driver’s license, Social Security data of loyalty members stolen in cyberattack

/in


Hotel Room Barricade at Caesars Palace

Steve Marcus

An exterior view of the porte cochere at Caesars Palace Tuesday, July 11, 2023.

By (contact)

Data from members in the loyalty program at Caesars Entertainment was compromised this month when an unauthorized actor acquired a copy of the program’s database, including the driver’s license and Social Security numbers of members, the resort said in a report to the Securities and Exchange Commission.

“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network,” officials wrote in the report, which was released today. The attack happened Sept. 7, they said.

“We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators,” the company said.

Caesars paid a roughly $30 million ransom to hackers, the Wall Street Journal reported Wednesday. The report with the Securities and Exchange Commission doesn’t mention a ransom payment.

Caesars has properties up and down the Las Vegas Strip, including Caesars Palace, Horseshoe, Harrah’s, Planet Hollywood, Paris, Flamingo and Linq.

Caesars said it “identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the company.” The company said its customer-facing operation — both in-person and mobile gaming applications — weren’t impacted.

This is the second reported cybersecurity attack on a prominent Las Vegas resort company this week. MGM Resorts International wasn’t as fortunate with the disruptions to its operations.

The attack resulted in a shutdown that prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.

Some visitors to its properties still weren’t able to access their rooms digitally as of Wednesday, relying on staff to provide physical keys.

Both…

Source…

Attackers Continue to Leverage Signed Microsoft Drivers

/in


In December of last year, Microsoft worked with SentinelOne, Mandiant, and Sophos to respond to an issue in which drivers certified by Microsoft’s Windows Hardware Developer Program were being used to validate malware.

Unfortunately, the problem hasn’t gone away.

In a recent Mastodon post, security expert Kevin Beaumont observed, “Microsoft are still digitally signing malware kernel drivers, as they can’t identify malware (this comes up over and over again).”

Beaumont provided three examples of remote access trojans that had been verified by Microsoft as legitimate software, adding, “If you have Google’s VirusTotal (Microsoft do) you can run something like this to find them. signature:”Microsoft Windows Hardware Compatibility Publisher” p:5+ tag:signed name:.sys

In response to an email inquiry from eSecurity Planet, a Microsoft spokesperson acknowledged the ongoing issue, stating, “We have suspended the partners’ seller accounts. In addition, Microsoft Defender Antivirus provides blocking detection for these files.”

The essential challenge remains – and Microsoft has only been able to suspend individual offenders.

Microsoft’s Initial Response

In guidance first published on December 13, 2022, the company stated, “Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers.”

Microsoft was notified of the issue by SentinelOne, Mandiant, and Sophos in October 2022, and began an investigation. “This investigation revealed that several developer accounts for the Microsoft Partner Center were engaged in submitting malicious drivers to obtain a Microsoft signature,” the company added. “A new attempt at submitting a malicious driver for signing on September 29th, 2022, led to the suspension of the sellers’ accounts in early October.”

Matching the Microsoft spokesperson’s more recent explanation above, the company stated at the time that Windows Security Updates were released revoking the…

Source…

Tesla workers spy on drivers, and Operation Fox Hunt scams • Graham Cluley

/in


Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China's Operation Fox Hunt. Smashing Security podcast #318: Tesla workers spy on drivers, and Operation Fox Hunt scams

Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China’s Operation Fox Hunt.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

(Oh, and when Carole mentioned Colin the Accountant as her “Pick of the Week” she really meant “Colin from Accounts”. Sorry!)

Warning: This podcast may contain nuts, adult themes, and rude language.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Episode links:

Sponsored by:

  • Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
  • Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international…

Source…