Researchers have created an Alexa skill which spies on its victims. Once the skill is downloaded it will listen to conversations and document everything into a text file. While they did not release the skill publically, they have already worked with Amazon to fix the feature.
Reported by Wired
Amazon’s DNS service, Route 53, was rerouted for two hours as a man-in-the-middle redirected web traffic to a server in Chicago.The only know traffic was a redirect to MyEtherWallet.com to a server in Russia to steal cryptocurrency. Both Equinox and AWS have released statements on the redirection.
Reported by DoublePulsar
Uber is planning to announce a new bug policy addressing vulnerability discovery. In the past, Uber has been criticized for paying out a large sum to criminals who had gained access to their 57 million customers data. The new policy provides an includes the release of a web portal that allows researchers to easily report findings.
Reported by Reuters
The cost of the Equifax breach is estimated at $254 Million but revenue for the company continues to grow. The total cost of the breach may well be the largest loss a company has seen from a cyber attack. After the breach, Equifax has doubled down on hiring top talent including a new CISO.
Reported by pymnts.com
A ransomware attack in March has already cost the city of Atlanta $2.6 million as consultants and professionals attempt to recover. The city has declined to pay the ransomware fee ($51,000) and instead recover and remediate many of their key functions. Some impact has been reduced due to effective backup strategies.
Reported by GCN
At the Infiltrate conference, Tomi Tuominen and Hirvonen will explain how they can create a hotel master key in under a minute. Using a two-step process they take $300 RFID card reading tool and a hotel keycard to reduce the number of possibilities for the master. The remaining codes can be run at the door to gain access to almost any room.
Reported by Wired
The SEC has stated that Yahoo will be fined $35 million for not properly disclosing a breach from 2 years ago. Over 500 million users had data stolen from them but Yahoo reportedly had not given investors adequate information surrounding the breach details. This will likely drive companies to drive faster reporting.
Reported by the Washington Post
Research Steve Markgraf has made a software-defined radio out of a VGA cable. This $5 solution can allow the user to transmit on multiple frequencies including testing on: GSM, LTE, and GPS. A tutorial can be found on his website.
Reported by osmo
Robert Samuel, Chief Information Security Officer of the province of Nova Scotia, took to social media to discuss his thoughts about recent breaches and data. In particular, his concern about the press exaggerating facts, figures, and reporting speculation to sell more stories. He requests that people directly contact him to clarify issues.
Reported by Halifax Today
Hardware hacker Katherine Temkin has discovered a way to make use of a vulnerability inherent in the Tegra X1’s USB recovery mode allowing access to the bootROM. Since the exploit goes after the hardware, it is unlikely that Nintendo will be able to patch this exploit and 14 Million shipped devices will remain vulnerable.
Reported by Arstechnica