25th April AVIEN Resource Updates

Updates to Anti-Social Media 

The Register: Happy having Amazon tiptoe into your house? Why not the car, then? In-trunk delivery – what could go wrong? – “New Bezos scheme opens up vehicles as drop-off points” What could go wrong?

Sophos: Ex-Reddit mogul apologizes for making the world ‘a worse place’ “New York Magazine recently interviewed McComas for a project called “The Internet Apologizes.”That project has involved interviews with more than a dozen prominent technology figures about “what has gone wrong with the contemporary internet.” “

Updates to Cryptocurrency/Crypto-mining News and Resources

Graham Cluley for ESET: Ethereum cryptocurrency wallets raided after Amazon’s internet domain service hijacked

Help Net Security: Exfiltrating private keys from air-gapped cold wallets

Fortinet: Python-Based Malware Uses NSA Exploit to Propagate Monero (XMR) Miner

Bill Harris for Recode: Bitcoin is the greatest scam in history “It’s a colossal pump-and-dump scheme, the likes of which the world has never seen.” Harsh!

Updates to Meltdown/Spectre and other chip-related resources

Kyle Orland for Ars Technica: The “unpatchable” exploit that makes every current Nintendo Switch hackable [Updated] “Newly published Tegra bootROM exploit could be a big headache for Nintendo and others.” Commentary from The Verge: Nintendo’s Switch can be hacked to run custom apps and games.

Updates to Internet of (not necessarily necessary) Things

Help Net: Effective intrusion detection for the Internet of Things – summarizes the research paper D¨IOT: A Crowdsourced Self-learning Approach for Detecting Compromised IoT Devices

Healthcare IT News: Abbott releases firmware patch to fix cybersecurity flaws in 350,000 medical devices

Help Net: Cybersecurity task force addresses medical device safety. Also: Help Net – FDA plans to improve medical device cybersecurity

Updates to Tech support scams resource page

 Christopher Burgess for Security Boulevard: When Scammers Fill the Tech Support Void Burgess says: “I still haven’t figured out why those companies that provide tech support tend to hide the connectivity to these saviors of their brand in the weeds of the website, but they do, and we search—and sometimes we strike gold.” (I have some thoughts to add on this.)

Updates to: Ransomware Resources

Reuters: Ukrainian energy ministry website hit by ransomware attack

Graham Cluley: The firms that piggyback on ransomware attacks for profit “DON’T WANT TO PAY THE RANSOM? PAY US, AND WE’LL PAY IT FOR YOU! … It seems there are firms out there who are charging ransomware victims a hefty premium for the safe return of your data – when all that’s actually happening is they are paying the ransom on your behalf.”

Ross Ryan for the Prince Edward Island Guardian: P.E.I. government website hit by ransomware attack

Updates to Specific Ransomware Families and Types


Updates to Mac Virus

Evil maids and Apple debugs

David Harley


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.