Tag Archive for: Makers

The 22 biggest tech scandals of 2020, from the unprecedented Twitter hack to the makers of ‘Fortnite’ declaring war on Apple

/in


JANUARY: New details emerge about Jeff Bezos’ iPhone hack

mohammad bin salman jeff bezos
Saudi Crown Prince Mohammad bin Salman (left) and Jeff Bezos.

AP

In January, The Guardian and The New York Times reported that a forensic analysis of Bezos’ iPhone by FTI Consulting found evidence that Saudi officials were involved in the leaking of Bezos’ relationship and personal messages in 2019.

The claim was backed up soon after, when the UN called for an “immediate investigation” into the crown prince. 

According to the forensic report, Bezos and Saudi Crown Prince Mohammed bin Salman exchanged numbers at a dinner in April 2018 — on May 1 of that year, Bezos’ iPhone is said to have been infiltrated after he received a video attachment from the crown prince’s personal WhatsApp account.

Within hours of Bezos receiving the video, the report found that a “massive and … unprecedented exfiltration of data” began, an increase of more than 29,000%. 

After details of the forensic report were published, the Saudi government issued a statement calling the reporting “absurd” and said it would be investigating the claims. 

FEBRUARY: A former Microsoft engineer is convicted of stealing $10 million from the company

Microsoft headquarters in Redmond, Washington.
Microsoft headquarters in Redmond, Washington.

Stephen Brashear

Former Microsoft software engineer Volodymyr Kvashuk was convicted in February of stealing $10 million worth of digital currency from his former employer. 

Kvashuk — who worked at Microsoft from August 2016 to June 2018, first as a contractor, then as a full-time employee — was convicted by the US District Court in Seattle after a five-day trial, the US Attorney’s Office for the Western District of Washington announced at the time. 

The court found that Kvashuk had stolen “currency stored value,” like online gift cards, during his time testing the retail-sales platform on Microsoft’s website. He then resold the currency in exchange for bitcoin and used the money to buy a lakefront home for $1.6 million and a Tesla that cost $160,000 — likely a Model X, given the price. 

Kvashuk was later sentenced to nine years in prison. 

MARCH: Trolls start invading Zoom calls to share porn or racial slurs

video conference, video chat, zoom call
A Zoom call.

Getty Images

Source…

Cyber-attackers may target COVID-19 vaccine makers, distributors next year, Kaspersky says

/in


FREEPIK

CYBER-ATTACKERS are seen to target coronavirus vaccine manufacturers and firms involved in the distribution beginning next year, internet security firm Kaspersky said.

“The coronavirus vaccine is going to make a major change in our lives starting next year, and it will have its own effects on the cyberspace,” Vitaly Kamluk, director of Kaspersky-Asia Pacific’s global research and analysis team, said at Kaspersky’s Cybersecurity Weekend virtual media forum on Tuesday.

He added, “We see that cyber-attackers will focus on either impersonating the vaccine manufacturers or attacking them, trying to destroy their digital reputation for competitive purposes.”

As for the logistics firms involved in the distribution of the vaccines, Mr. Kamluk said they will also be more vulnerable to cyber attacks, as cybersecurity “is not one of their strongest sides.”

“But with their involvement in the distribution of the vaccines, things can change,” he noted.

He said coronavirus vaccine makers, distributors, and logistics firms “should pay attention to cybersecurity now.”

“They should prepare before the distribution starts by installing security products and by briefing their personnel that things like this may come, so they should not trust every party that contacts them,” he explained.

Kaspersky said businesses should protect their digital reputation, as “five in 10” internet users in the Asia-Pacific region, based on its latest study, “avoid companies who were involved in a scandal or had received negative news coverage online.”

It added that “four in 10” had “stopped using a company’s or brand’s products once they were embroiled in some kind of crisis online.” — Arjay L….

Source…

Coronavirus Vaccine Makers Targeted By North Korean Hackers Who Wanted To Steal Information

/in


KEY POINTS

  • Kimsuky hacker group targeted at least six drugmakers
  • The cyberattacks targeted companies developing COVID-19 treatment
  • Russian and North Korean hackers attacked AstraZeneca in November

A group of North Korean hackers has targeted half a dozen pharmaceutical companies in the United States, United Kingdom and South Korea in a coordinated cyberattack. 

Kimsuky, a notorious hacker group, targeted drugmakers working on potential coronavirus vaccines and treatments as part of an effort to steal sensitive information that could be sold or weaponized by the North Korean regime. 

Authorities said any stolen information could be used to extort victims or give foreign governments a strategic advantage. 

Since August, the hackers have worked to infiltrate U.S. companies Johnson & Johnson and Novavax Inc. The hackers also launched coordinated cyberattacks on South Korean companies Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., sources told the Wall Street Journal.

Both American drugmakers are working on experimental vaccines for the novel coronavirus, while the three South Korean pharmaceutical companies are holding early clinical trials of their COVID-19 drugs. 

The “Kimsuky” hackers create e-mail accounts that enable them to pose as colleagues or friends. The messages contain malicious attachments that , when clicked on, would allow hackers to penetrate the targets’ computer systems. 

It is unclear whether the hackers have stolen crucial information from any of their target companies. 

The latest hacking attempt came a week after Kimsuky attempted to break into the systems of British biopharmaceutical company AstraZeneca, two people familiar with the incident told Reuters

The hackers reportedly posed as recruiters on LinkedIn and WhatsApp, where they found and approached AstraZeneca employees with fake job offers. They then sent a document containing “more information about the job.” It was later discovered that the files had malicious codes designed to grant the hackers access to their target’s computers. 

The “Kimsuky” hackers targeted multiple employees, including people who were working on crucial coronavirus research. However, the…

Source…

When coffee makers are demanding a ransom, you know IoT is screwed

/in

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

Security problems with Smarter products first came to light in 2015, when researchers at London-based security firm Pen Test partners found that they could recover a Wi-Fi encryption key used in the first version of the Smarter iKettle. The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices. The result: the researchers showed a hacker could probably replace the factory firmware with a malicious one. The researcher EvilSocket also performed a complete reverse engineering of the device protocol, allowing reomote control of the device.

Two years ago, Smarter released the iKettle version 3 and the Coffee Maker version 2, said Ken Munro, a researcher who worked for Pen Test Partners at the time. The updated products used a new chipset that fixed the problems. He said that Smarter never issued a CVE vulnerability designation, and it didn’t publicly warn customers not to use the old one. Data from the Wigle network search engine shows the older coffee makers are still in use.

Read 25 remaining paragraphs | Comments

Biz & IT – Ars Technica