ACTION ALERTS! (Patreon)

These are additional stories that I wasn't able to cover in the weekly episode but are important nontheless. Some of these are crucial reads due to vulnerabilities and potential threat vectors!

The White House is warning that Russia could attack US infrastructure in cyberattacks. If that's the case, they recommend 8 things you can do now to boost defenses. These are also great recommendations for us regular users even if you aren't a network admin for an infrastructure org: https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks/

The NPM package manager found they had about 200 malicious packages that had been downloaded at least 50 times each before the packages were taken down. These could allow for an attacker to steal PII. The malicious packages were targeting Azure developers. https://thehackernews.com/2022/03/over-200-malicious-npm-packages-caught.html

Don't ignore that Google Chrome update notification! There's an emergency update to Chrome crossplatform that fixes a zero day vulnerability. Not a lot of info is available on the attack which has been noticed in the wild, but it is listed as high severity: https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/

I always love learning about new car hacks and this one that targets Honda vehicles could allow an attacker to unlock and start your car via a replay attack on the key fob and RF signals. Unlocking a car via replay attacks is pretty common and affects a lot of manus but this one can take it a bit further by starting the car as well. https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/

Dell is recommending that you update your BIOS ASAP if you own an affected laptop due to these high severity vulnerabilities: https://thehackernews.com/2022/03/new-dell-bios-bugs-affect-millions-of.html

Totally random but you can read this article to see how singer Grimes claims that she had a friend DDOS and blackmail a journalist for publishing photos of her at a party. This is illegal (a federal crime) but we'll likely not see any recourse against the celebrity. She also claimed she deleted the journalists backups: https://www.vice.com/en/article/dypj77/grimes-said-she-orchestrated-cyber-attack-that-shut-down-hipster-runoff

Speaking of lawsuits, apparently Ubiquiti is suing Brian Krebs for reporting on one of their security breaches. They call Kreb's statements about Ubiquiti "demonstrably false". Krebs has his own website where he often publishes in depth articles about hacker groups and major breaches. Should a company be suing a journalist for writing an article about a security breach? https://twitter.com/QuinnyPig/status/1508965090019577856

I'll be posting some overviews of Tax Season Scams, 2FA tutorials, and more on my own channel throughout April: https://youtube.com/shannonmorse

Stay safe!!