Tis the Season for Scams

Tis the season for giving… and unfortunately, also for taking. Scammers tend to be extremely active during the holiday season. We’re buying lots of stuff online, having lots of packages delivered. We’re away from our homes for extended periods of time. We’re giving money to charities. We’re firing up new tech toys. The bad guys know this and are happy to take advantage of our chaotic holiday schedule and unusual levels of spending and giving. I’ll give you some top tips to avoid being a victim this holiday season.

In other news: the SFPD wants to arm its law enforcement robots; the TSA is expanding the use of facial recognition at airports; Microsoft warns of malware coming from Google Ads; a new study shows that computer repair shops may be accessing your personal data; WhatsApp data breach affects nearly 500M users; Twitter data breach was far worse than reported; Meta shuts down covert US propaganda operation; US watchdog raises warning for offshore oil and gas rig security; a new malware campaign bypasses Windows protections; LastPass admits to customer data breach caused by previous breach; and Anker’s Eufy cameras caught sending data to cloud without user consent.

Article Links

  1. [Electronic Frontier Foundation] Red Alert: The SFPD want the power to kill with robots https://www.eff.org/deeplinks/2022/11/red-alert-sfpd-want-power-kill-robots
  2. [The Washington Post] TSA now wants to scan your face at security. Here are your rights. https://www.washingtonpost.com/technology/2022/12/02/tsa-security-face-recognition/
  3. [BleepingComputer] Brave starts showing “privacy-preserving” ads in search results https://www.bleepingcomputer.com/news/technology/brave-starts-showing-privacy-preserving-ads-in-search-results/
  4. [Tech.co] Microsoft Warns Hackers Use Google Ads to Deliver Ransomware https://tech.co/news/microsoft-warns-hackers-google-ads-ransomware
  5. [Ars Technica] Thinking about taking your computer to the repair shop? Be very afraid https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/
  6. [TechRadar] WhatsApp data breach sees nearly 500 million user records up for sale https://www.techradar.com/news/whatsapp-data-breach-sees-nearly-500-million-user-records-up-for-sale
  7. [9to5mac.com] Massive Twitter data breach was far worse than reported, reveal security researchers https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
  8. [BleepingComputer] Meta links U.S. military with covert Facebook influence operation https://www.bleepingcomputer.com/news/security/meta-links-us-military-with-covert-facebook-influence-operation/
  9. [TechCrunch] US offshore oil and gas rigs at ‘significant’ risk of cyberattacks, warns watchdog https://techcrunch.com/2022/11/22/offshore-oil-gas-cyberattacks-watchdog/
  10. [TechRadar] This new malware is able to bypass all of Microsoft’s security warnings https://www.techradar.com/news/this-new-malware-is-able-to-bypass-all-of-microsofts-security-warnings
  11. [Naked Security] LastPass admits to customer data breach caused by previous breach https://nakedsecurity.sophos.com/2022/12/02/lastpass-admits-to-customer-data-breach-caused-by-previous-breach/
  12. [MacRumors] Anker’s Eufy Cameras Caught Uploading Content to the Cloud Without User Consent https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/
  13. Tip of the Week: Tis the Season for Scams: https://firewallsdontstopdragons.com/how-to-avoid-holiday-scams/

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.

  • 0:00:37: Contest, promo updates
  • 0:01:20: Update Chrome, iOS
  • 0:01:51: News rundown
  • 0:03:53: SFPD wants to arm its robots
  • 0:08:18: TSA to expand use of facial recognition at airports
  • 0:15:12: Brave to start showing “privacy-preserving” ads
  • 0:17:45: Google Ads being used to deliver malware
  • 0:21:17: Computer repair shops may be accessing your private data
  • 0:29:17: WhatsApp data for nearly 500M users breached
  • 0:30:59: Twitter data breach far worse than reported
  • 0:35:03: Meta removes US military covert influence operation
  • 0:38:12: US watchdog warns of offshore oil and gas rig vulnerabilities
  • 0:41:32: New malware evades Microsoft protections for downloaded files
  • 0:44:12: LastPass admits to customer data breach caused by previous breach
  • 0:50:01: Eufy cameras caught sending data to cloud without user consent
  • 0:59:56: Tip of the Week: Avoiding Holiday Scams
  • 1:06:19: Wrap-up and look ahead