Happy midweek, y’all! I’m just getting back from my first week off in about a decade, and I may have forgotten how to use 2/3 of the apps we use every day here at AX. Has anyone seen my Post-It® full of passwords? Sigh, this is a disaster. Speaking of disasters…
Unfortunately, the cybersecurity world didn’t stop being scary in my absence. Rather than try to go back to everything I missed, let’s just talk about a couple of this week’s big stories.
Okay, as offensive as that attack was, I don’t have time to rant about it. Instead:
I’m already pretty paranoid about mobile devices and there are some specific tools that I use on every device I own. That being said, there’s just really no end to the layers required for good cyber-hygiene these days. While you shouldn’t assume your mic and camera aren’t already spying on you, this is a pretty nasty piece of malware. All you iOS users who download apps in back alleys and unapproved app stores should take note.
In formjacking news, “formjacking” may be a word you’ve never heard before. It’s just a fun, hacker-y way to describe a skimmer - a script that can steal personal information, most commonly from a website’s checkout page. Ever had your card skimmed at a gas pump? I have - it sucked. Same principle, only using code instead of a little credit card device. From the article: “In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected...In total, Unit42 found over 100 real estate sites compromised by this campaign, showing a very successful supply chain attack.” Not cool, you guys.