An Elon Musk Imposter, Foreign Malware Samples, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 10 Nov 2018 15:00:00 +0000
Did you hear? There was an election this week! Not only does that mean the 2020 campaign has officially started (help!) but also that we saw a ton of misinformation trying to affect the vote. That includes from the secretary of state of Georgia, who accused his Democratic opponent of hacking the state's voter roles, even though all evidence strongly suggests that's not the case. At least, though, law enforcement had a massive coordinated effort to protect the election from actual hacking.
While it was mostly election coverage this week, some non-political news popped up as well. Popular drone company DJI had a vulnerability that would have allowed attackers to take over user accounts, giving them access to flight paths, photos, and more. We took a look at how to control what permissions websites can access on your computer. And we had a long, on the record conversation with Sue Gordon, the second-highest ranking official at the Office of the Director of National Intelligence.
Also, sorry, one more voting story: You can't do it online, unless you're military or live in one of a handful of states that allow it. Which honestly is probably for the best.
And there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
There's a popular Twitter scam that you may have seen—but hopefully not fallen for—where imposter accounts posing as someone famous ask people for a little bit of bitcoin, promising lots more bitcoin in return. Tale as old as time! But a recent campaign proved more successful than others, thanks to taking the extra step of hacking into verified accounts like those of Pantheon Books. By switching the user name and profile picture to Elon Musk, they made it seem like it was the billionaire's verified account. They took home $180,000.
End-to-end encrypted messaging services offer great protection against potential snoops, even if they're not invincible. If law enforcement gets your phone, for instance, they can still see any messages you haven't erased. But Dutch police appear to have recently managed to actually compromise the encryption of a service called IronChat, leading to the arrest of the alleged owner of the company and his partner, who have been accused of money laundering. Most of which is just a good reminder that you should just be using Signal.
Researchers this week revealed several critical issues in popular solid state drives. Poor password set-ups let them be unlocked with relative ease, and Microsoft's BitLocker encryption protection apparently did little to act as a backstop for Windows machines. The researchers derided the home-grown cryptography deployed by the affected companies, noting that open-source software tends to be safe, since it can be vetted by a wide number of parties.
Few organizations have as much insight into exotic malware as US Cyber Command, a branch of the Department of Defense. Now, instead of keeping that intel to itself, the group's Cyber National Mission Force will upload samples of foreign malware to VirusTotal, a popular malware repository. They seem to be sharing legitimately useful code already, including new details about the LoJack malware that Russia's Fancy Bear hackers recently used as part of a so-called UEFI rootkit attack.