Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
If you’ve ever hired a developer for a website or a project, hopefully you did a little bit more vetting than the thousands of people that hired a Dutch developer, as he installed backdoors into nearly all the websites he built for clients.
He used the backdoor to gather customer information and use that info to open gambling accounts and extort victims and their families for money. If I could steal a line from Austin Powers: Goldmember: “There’s only two kinds of people in this world that I hate. People that are intolerant of other people’s cultures, and the Dutch.”
After numerous lawsuits, cases, and denials, a pacemaker vendor admits that maybe—JUST MAYBE—its hardware can be hacked. Here’s a statement from the FDA on the St. Jude Medical pacemaker:
“The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
If you’ve ever wondered how Google Play is able to vet its apps for malicious content, it’s an algorithm combined with Android’s own Verify Apps program that then checks the app for malicious stuff, as well as how long a user retains an app.
If it drops below a certain score, goodbye app.
Rudy Giuliani was announced as now-President Trump’s cybersecurity adviser.
The only problem is that his website about his security team is unsecure and extremely vulnerable.
Google released a security document that reveals the measures they take to ensure the security of their hardware and products. Unfortunately, in that document, they let slip that they install a custom security silicon on all of their servers, even the ones they colocate. The silicon chip “allow us [Google] to securely identify and authenticate legitimate Google devices at the hardware level.” I don’t know how to feel about this, but I understand where they’re coming from.
–The CIA dumped a BOATLOAD of declassified files onto the Internet the other day for your reading enjoyment. Here’s something to note:
“Included in the database are US discussions about assassinating Fidel Castro, details of Nazi war crimes, reports of UFO sightings, and a study into human telepathy dubbed “Project Star Gate.”
YEP I KNOW WHAT I’M DOING WITH MY WEEKEND.
See you next week!