Podcast: Play in new window | Download (Duration: 1:10:39 — 50.8MB) | Embed
Subscribe: Google Podcasts | Spotify | Stitcher | TuneIn | RSS | More
Robocalls are the bane of my existence. I get so many spam calls that I’ve just stopped answering my home phone altogether. I’ve given out my cell number to fewer people, so thankfully I get fewer junk calls there. But I still won’t answer any calls unless I recognize the number. Why is it so easy to spoof caller ID? Well, starting July 1st in the US, mobile carriers are now required to implement a new(ish) set of technologies to make that more difficult: “Stir” (“secure telephone identity revisited”) and “Shaken” (“signature-based handling of asserted information using tokens”). While not perfect, they should at least help identify shady callers. In today’s Tip of the Week, I’ll give you some other options for blocking spam calls, as well.
Lots of other (mostly bad) cybersecurity news to cover today: Someone scraped a ton of LinkedIn data from over 700M LinkedIn subscribers (about 92% of total users) and posted it for $5000; a very odd and specific WiFi SSID could break your iPhone; 30M Dell computers are vulnerable to a nasty BIOS attack; many users of the old WD My Book Live storage drives have had all their data erased; the REvil ransomware gang has attacked at least 200 companies with a new supply chain hack; Microsoft tries and fails miserably to fix a bad printer server bug (“PrintNightmare”), Russian hackers are constantly trying to brute force your bad passwords; and finally, the USA’s CISA is warning manufacturers of ThroughTek devices about an exploitable vulnerability in several webcams and IoT devices.
- Data Scraping Yields 700 Million LinkedIn Profiles for Sale on Dark Web; About 92% Of Platform Users, but Mostly Public Information https://www.cpomagazine.com/cyber-security/data-scraping-yields-700-million-linkedin
- Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature https://thehackernews.com/2021/06/beware-connecting-to-this-wireless.html
- 30M Dell Devices at Risk for Remote BIOS Attacks, RCE https://threatpost.com/dell-bios-attacks-rce/167195/
- Western Digital My Book Live devices being remotely wiped by attackers https://appleinsider.com/articles/21/06/25/western-digital-my-book-live-devices-being-remotely-wiped-by-attackers
- REvil ransomware hits 200 companies in MSP supply-chain attack https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/
- How to Avoid Windows’ ‘PrintNightmare’ Security Threat https://lifehacker.com/how-to-avoid-windows-printnightmare-security-threat-1847221653
- Russian Hackers Are Trying to Brute-Force Hundreds of Networks https://www.wired.com/story/fancy-bear-russia-brute-force-hacking/
- CISA warns manufacturers of ThroughTek vulnerability (webcams) https://www.zdnet.com/article/cisa-warns-manufacturers-of-throughtek-vulnerability/
- Robocalls are out of control. But that could all change today https://www.cnet.com/news/robocalls-are-out-of-control-but-that-could-all-change-today/
- Become a Patron! https://www.patreon.com/FirewallsDontStopDragons
- Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
- Generate secure passphrases! https://d20key.com/#/