Cyber Security Today, Dec. 12, 2022 – Toronto hacking contest ends with 63 zero day bugs, and more

Share post:

Welcome to Cyber Security Today. It’s Monday, December 12th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Just shy of US$1 million in prize money was awarded to security researchers at the end of the four-day Pwn2Own hacking contest in Toronto. In this edition of the event, sponsored by Trend Micro, participants demonstrated 63 unique zero-day exploits by breaking into home and small office routers and printers. The biggest bundle of cash went to a team from Devcore Security Consulting of Taiwan, which won US$142,500. As a result it was named the event’s Master of Pwn. The total amount awarded to all participants was $989,750. The biggest payout of the series was at the 2021 event in Vancouver, where participants won US$1.2 million. The next competition will be in Miami in February.

A week after suffering a ransomware attack Rackspace Technology is facing a legal attack. A California law firm is proposing a class action lawsuit against the hosting provider over the incident. The suit still has to be certified by a state court. On Friday Rackspace said it is still investigating the cause of the attack. It says the attack was contained to its hosted Microsoft Exchange service. Rackspace is also still helping customers recover their data. It hasn’t said how much, if any, data was encrypted, or copied by the hackers

After a few days of reflection, experts have had an opportunity to size up the security and privacy announcements made last week by Apple. It’s expanding the range of data users can protect with end-to-end encryption in iCloud. Currently, health information, passwords and payment card data can be protected this way. Soon photos, notes and iCloud backups can also get extra protection. In a commentary William Murrary, a member of the SANS Institute’s editorial board, noted this is device-to-device encryption, not true end-to-end encryption. Another SANS commentator predicts it won’t be long before U.S. intelligence agencies and police forces protest Apple’s latest move will impair investigations.

Texas and Maryland have joined South Dakota, South Carolina and Nebraska in forbidding state employees from using the Chinese-owned TikTok app on government-issued computing devices. This comes after the FBI called the video-sharing app a U.S. national security concern. Earlier this year TikTok’s chief operating officer told the U.S. Senate that the company complies with U.S. laws and has strict company rules over what data employees can access.

Air-gapped computers are isolated from the internet for the best IT security. However, an Israeli university researcher argues that if compromised in the right way a hacker can transmit supposedly protected data from an air-gapped computer to a very nearby smartphone. How? Over the electromagnetic signals emitted from a PC’s power supply. However, first, an attacker would have to physically plant malware on the computer. But that’s been done before, by someone in 2008 to a U.S. military classified computer. So it’s not Mission Impossible. Government, banking and research organizations depending on air-gapped computers have to continue to limit access to areas with these machines — and be suspicious of anyone hanging around them.

Software supply chain security is one of the most critical risk to any organization, says Google. Which is why it has launched a new research report detailing how developers should make open-source software more secure. One is by using a framework called supply-chain levels for software artifacts, or SLSA. It includes a checklist of controls and practices to prevent the tampering of code.

Australian police are now publicizing the arrest there of four Chinese nationals who are charged with being part of the $100 million investment scam. Most of the victims were people in the U.S. It is alleged the operation found victims on dating employment and messaging sites, where, after gaining the confidence of people, investment opportunities in things like cryptocurrency were raised. The U.S. Secret Service tipped off the Australians about the link to their country. Two men were arrested in October. The other two were arrested last month just before trying to board planes to Hong Kong. Police allege the gang behind the scam used the four accused to register Australian companies and to open bank accounts so money could be laundered.

Finally, a month ago I told listeners that this is the time of year when crooks try to trick employees in many ways, including with email-delivered gift card scams. The crook impersonates a corporate executive and asks a staff member to buy gift cards — with their own money — to reward employees for work well done during the year. The scam is asking the victim to send the so-called executive the numbers on the back of the cards. Then the crook can cash them in. A new report from Trustwave warns employees that crooks are increasingly trying this type of scam in text messages. Again, the sender pretends to be a corporate executive who comes up with some excuse why they can’t do the card-buying themself. Sometimes the request starts with an email, then the crook asks the messaging to switch to text. So, be aware of text and email messages like this.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 12, 2022 – Toronto hacking contest ends with 63 zero day bugs, and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Exploring the 2024 CDW Canadian Hybrid Cloud Report with K J Burke, Field CTO for CDW Canada

In this episode of Hashtag Trending, the weekend edition, host Jim Love delves into the evolution and current...

Leverage best research and psychology to increase cyber security training results: Cyber Security Today, the Weekend for October 5, 2024

Unveiling the Truth: Insights into Cyber Security Awareness and Phishing In a special crossover episode of Cyber Security Today...

OpenAI raises big money. But can it ever make money? Hashtag Trending for Friday, October 4, 2024

Hi, it’s Jim.  One more reminder about CDW Canada Tech Talks. If you’re passionate about technology and innovation,...

National Vulnerabiity Database facing a huge backlog, update on CIRA study and more: Cyber Security Today for Friday, October 4, 2024

Hi, it’s Jim. Before we get into today’s episode, I want to tell you about another fantastic podcast:...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways