May 04 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s popping off more than the MET Gala Red Carpet.
Today’s hottest cyber security stories:
Apple and Google Play, go together in perfect harmony 🎶 There’s nothing quite like when a plan comes together; in this instance it’s two tech giants who have buried the hatched to face a common enemy: cybercrime. Can’t wait to see who scoops up the movie rights to this one, right?
So, Apple and Google have joined forces like Batman and Robin to save the day! They’re teaming up to tackle safety risks and let users know when they’re being tracked without their knowledge or consent using sneaky devices like AirTags.
According to the dynamic duo’s joint statement, this revolutionary new industry-wide specification will make Bluetooth location-tracking devices compatible with unauthorised tracking detection and alerts across both Android and iOS platforms. Holy interoperability, Batman! You said it, Robin.
Now, we all know that these trackers are supposed to keep tabs on our stuff like keys, wallets, and luggage. But unfortunately, some rotten apples have been using them for evil, like stalking, harassment, and theft. Not cool, bro.
But fear not, citizens! The goal here is to standardise the alerting mechanisms and minimise opportunities for misuse across Bluetooth location-tracking devices from different vendors. And it’s not just Apple and Google in this fight, Samsung, Tile, Chipolo, eufy Security, and Pebblebee have all come on board too. It’s like the Avengers of Bluetooth tracking!
What do they say?
“Formalising a set of best practices for manufacturers will allow for scalable compatibility with unwanted tracking detection technologies on various smartphone platforms and improve privacy and security for individuals,” according to the spec.
“Unwanted tracking detection can both detect and alert individuals that a location tracker separated from the owner’s device is travelling with them, as well as provide means to find and disable the tracker.”
Ultimately, all tracking devices made by these companies will have to adhere to a set of guidelines and let users know if any unauthorised tracking is going down on their iOS or Android devices.
It’s time to take a stand against sneaky stalkers and thuggish thieves, and with Apple and Google on the case, we can all sleep a little easier at night.
Western Digital just can’t catch a break! Not only did they get hacked in a suspected ransomware attack, these sadistic scammers are taunting and embarrassing the company with some seriously juicy info.
Security researcher Dominic Alvieri spilled the beans, revealing that the hackers released twenty-nine screenshots of emails, documents, and video conferences related to the company’s response to the attack. Talk about rubbing salt in the wound!
Now, when a company gets hacked, you’d think they’d be scrambling to shut down any possible access points, right? But sometimes, there’s a bit of a lag between detection and response, which means the hackers can keep poking around and stealing data.
And in this case, it looks like those sneaky hackers had continued access to some of Western Digital’s systems, because they’ve got video conferences and emails about the attack on full display in those leaked screenshots. Ouch, that’s gotta hurt!
Get this, one image includes the “media holding statement” and another is an email about employees leaking information about the attack to the press. Talk about egg on your face!
Included with the leaked data is another message from the threat actors, where they claim to have customers’ personal information and a complete backup of WD’s SAP Backofffice implementation.
Western Digital have been well and truly caught with their cyber-pants down. And honestly it’s kind of funny in a cruel sort of way. #SorryNotSorry #PrayforWesternDigital #NahWeActuallyAreSorry
As we know, it’s only a matter of time until threat actors begin to target apps as popular and widespread as Open AI’s chatbot engine. ChatGPT has been the victim of a spate of data leak’s in recent months.
In the case of this latest exploit, the infiltration occurred via a vulnerability in the Redis open-source library.
This allowed users to see the chat history of other active users. We wonder what some of the most embarrassing ones were?
Lonely spinster: Write me an erotic novel in the style of 50 shades of grey with me as the main character and George Clooney as my love interest 😂
Joking aside, open-source libraries are used “to develop dynamic interfaces by storing readily accessible and frequently used routines and resources, such as classes, configuration data, documentation, help data, message templates, pre-written code and subroutines, type specifications and values,” according to a definition from Heavy.AI.
Indeed, OpenAI uses Redis to cache user information for faster recall and access. Because thousands of contributors develop and access open-source code, it’s easy for vulnerabilities to open up and go unnoticed.
Threat actors know that which is why attacks on open-source libraries have increased by 742% since 2019.
These leaks obviously haven’t put users off, however, as there’s been reports of ChatGPT crashing constantly due to high demand.
Uni students: Data leaks be damned. I WILL NOT write my own essay.
Stay safe, people!
So long and thanks for reading all the phish!