Thursday, May 16th, 2019

Subscribe: Apple Podcasts | Google Podcasts | Spotify | Email | TuneIn | RSS

GOOGLE WILL REPLACE TITAN SECURITY KEY OVER A BLUETOOTH FLAW

‘GozNym’ Banking Malware Gang Dismantled by International Law Enforcement

Russian government sites leak passport and personal data for 2.25 million users

Transcript:

 Welcome to security on the bayou. It is Thursday, May 16th, 2019. And here’s today’s security news and why it matters to you.

‘First off big news of the day this articles on wired one thing in this article you could google and find almost anywhere probably be on your local news Google replace tighten security key over a Bluetooth flaw. This is written by Lily Hay Newman. Essentially there is a flaw in the Titan key with the BLT that could allow an actor to intercept and relay signals including credentials so while there is a flaw or a misconfiguration in this piece of hardware. In reality, this attack would be extremely difficult to pull off. You’re going to have to be within 30 feet of someone using a key. You’re also gonna have to already know their username and password. But if you have both those things and you’re able to pull this off you can get access to the user’s machine and their account locally. So it is dangerous. The fact that you could do this you know increases the danger associated with this account or with this attack. And you know according to you know one of the things they point out in this article is that those people that are using this type of thing are probably extremely security conscious and really really worried about this. So a good part on Google is they’re going to replace it with a new version that does not have this issue it’s going to have a three on the back. I take it back anything as T1 or teal it to on the back they will replace. So if you’ve got one go get it replaced. And also good for you for using something like this.

Next from the hacker news by Moet Kumar goes Nim. Jose and why am banking malware gang dismantled by international law enforcement. So this was a multinational group from Bulgaria Germany Georgia Moldova Ukraine United States Euro justice and Euro pull. They were able to bring down this big banking malware Trojan group cybercrime network whatever you want to call it a bunch of bad guys with the malware stealing money. They’re responsible for stealing nearly a hundred million dollars from 41000 victims across the globe. Anytime I see one of these I get excited. This is good stuff. I mean any cooperation between multiple countries multiple law enforcement. This is just good for the world in general for people. You know it’s one less thing you have to worry about there’s already enough going on in this world that you have to worry about your money get stolen less than you want is your money stolen while you’re on the Internet. So they were able to get these guys one of them has green hair which is an interesting sort of fitting the other one’s wearing a black beanie. I mean if there are hackers these are them right. Proof super hackers one of them’s got some me if she’s going to it’s perfect. It fits the profile exactly how they didn’t catch him earlier.

Next from Xena Russian government sites leaked passport and personal art. Let me try again. Russian government sites leak passport and personal data for 2.5 million users. Written by Caitlin Sim poncho for zero-day. So this is an interesting article. This researcher found that he was able to collect P.I. is what I would call it for Russian folks. Employees government employees citizens and high ranking politicians from all these different sites that have passport information or an S and ISIS which is the equivalent to a social security number here in the United States. So he did the responsible thing. He found all this he wrote and reported it to the Russian government and the Russian government said no it’s all good. It’s supposed to be public information. And then he went to the press. And now they’ve gotten a hold of the story obviously. So it’s interesting a couple of times they’ve come back and said No no no it’s all good. This is supposed to be out there. Which makes you wonder what is the Russian government you know defying P.I. eyes in my mind if the U.S. government said no. Everybody can have your passport information in your social security number. It’s ok we would lose our collective minds. So I don’t you know I don’t know if this is just a misstatement by the Russian government or if somebody really just doesn’t know what’s going on over there. So they were notified eight months ago. So plenty of time to fix it. I think you know this guy did his due diligence right. He’s you know he alerted all the right people and they chose to do nothing about it. So that is your security news for the day. This is security on the bayou and it is Thursday, May 16th, 2019. Everybody have a wonderful day we’ll talk tomorrow.