TWINN #127 Ring’ing Privacy

Nerds On Site
Article Written By David Redekop


Founded In


5-Star Reviews

4.83 / 5

Satisfaction Rating

TWINN #127 Ring’ing Privacy

Sometimes technology is so convenient for both the users and vendors that exploitation just happens. Those of you who know me, know how much I’ve actively resisted the RING video doorbell since Amazon acquired it.

YouTube video

The 5 Top Cyber Security Stories Of The Week – June 5, 2023

1. FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users’ Cameras.

Self custody of data is essential for modern tech. Any technology that relies on a cloud-only solution should be thoroughly vetted by policy and execution.

2. Operation Triangulation: iOS devices targeted with previously unknown malware.

There is a repeat pattern here with zero touch malwaren on iOS. Cloudflare offers a very affordable Web Application Firewall which then hides the true C&C environment. The only protection against such a zero-day is Zero Trust connectivity.

3. New MOVEit Transfer zero-day mass-exploited in data theft attacks.

Ouch. From the vendor, “To prevent exploitation, the developers warn admins to block external traffic to ports 80 and 443 on the MOVEit Transfer server.” This speaks volumes as to security posture needed for anyone using MOVEit, or a service like it.

4. Millions of PC motherboards were sold with a firmware backdoor.

“Firmware implants… analysis showed that this same code is present in hundreds of models of Gigabyte PCs”. Note that this is simply poor design that makes it easy for threat actors to take over the update process. If you have one of the models affected, best to block “” indefinitely.

5. Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery

Anyone who has been using Barracuda’s Email Security Gateway may have been infected since October 2022. The attackers used it for persistent remote access and data exfiltration. Might be a good time to remind system administrators that the proper architecture for on-prem mail services is to lock down incoming mail server’s egress control and instead, smart-host it through an outbound-only host as we demonstrated in a honeypot.

Did you know?

One of the good uses of AI is when we feed it with helpful information. Anti-SPAM engines at the carrier level are getting very good, as long as we report it. Each carrier tends to have a short-code for junk reporting, but in iOS you can also tap on “report as junk”  when you receive a new message.

You May Also Like…

TWINN #120 on Juice Jacking

TWINN #120 on Juice Jacking Threats come in all shapes and sizes. Not just in a digital sense but also in the...