March 7, 2022
David Redekop

TWINN Security News March 7

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

I’d like to raise an alarm about our increasing reliance on our most identifiable piece of data today, our mobile number. The fact that most of the planet at any point has a cellular number that is reachable, makes it quite an attractive market for cyber criminals, so it’s no surprise that mobile operators continue to be a target, just so that the criminals can get access to your mobile account or be able to clone your SIM card, or use your personally-identifiable information held by the mobile operator in some monetizing way. The criminal opportunities are massive, when armed with just your data that is held by a mobile operator. Like this lead story of today from T-Mobile’s 5th breach since 2018:

Personal data from T-Mobile breach still spreading on dark web, state governments warn. The real question is, how can we as businesses and consumers change our behaviour to mitigate such risks? (A) if you can, register your phone to a business address and (B) enable highest level of security to make it impossible for your phone number to be assigned to a criminal’s SIM card.

Cybercriminals who breached Nvidia issue one of the most unusual demands ever. The attackers don’t want Nvidia to artificially constrain their crypto mining capabilities.

How China built a one-of-a-kind cyber-espionage behemoth to last. Daxin has been the subject of fascination in the cyber security industry for the past week. For good reason: it has been developed over the past decade and has never been detected because it hides within existing, authorized data streams.

Data-stealing app found in Google Play downloaded thousands of times. The “QR Code & Barcode – Scanner” was stealing two-factor authentication codes.

Attackers can force Amazon Echos to hack themselves with self-issued commands. It is officially now an AvA world. Alexa-vs-Alexa. The robots can now fight each other.

Did you know?

Calendar management through Fantastical takes time and task management to a whole new level. I’m a paying subscriber and I have one friend that hates subscription software so much that he has only one recurring subscription. Fantastical. They do offer a free trial though, so no need to take my word for it.

For a video version see: https://youtu.be/qP0jDchXJZM