Finger heat can leak your password
Researchers at the University of Glasgow’s School of Computing Sciences developed a system called ThermoSecure, designed to reveal a computer’s password with heat signatures. It uses cheap consumer thermal-imaging cameras with a machine-learning algorithm to look at a keyboard to reveal recent keypresses. The researchers previously found that humans were fairly accurate at guessing passwords based on thermal signatures, but using the algorithms could achieve up to 86% accuracy if captured within 20 seconds of input. This fell to 76% accuracy within 30 seconds and 62% after 60 seconds. Shorter passwords were even easier to guess. With six or less characters it guessed 100% of the time, making it an ideal way to steal a PIN. The researchers said longer passwords would be the most effective mitigation.
(ZDNet)
US airport sites targeted by KillNet
The pro-Russian threat group claimed it orchestrated large scale DDoS attacks against the websites of several major US airports. This intermittently took several sites offline including those for Hartsfield-Jackson Atlanta International, LAX, and Chicago O’Hare preventing travelers from accessing airport services or getting flight information. THe DDoS did not impact flights. This follows KillNet’s recent expansion into targeting US organizations. Last week it ran DDoS campaigns against government sites in Colorado, Kentucky, and Mississippi.
Intel confirms UEFI leak
Over the weekend, several outlets reported the source code for Intel Alder Lake UEFI images leaked on Github and 4chan. These leaks contained about 6GB of files for tool to build and optimize UEFI deployments. Intel confirmed the source code leak as legitimate. It said it did not believe this exposed any new security vulnerabilities. Trying to turn lemons into lemonade, it also encouraged researchers to submit any potential vulnerabilities in the code to its Project Circuit Breaker bug bounty program.
Dutch court rules on webcam surveillance
The Florida-based firm Chetu required a telemarketer in the Netherlands to keep his webcam on for 9 hours straight as part of attending a virtual classroom event. The employee refused saying it felt like an invasion of privacy, and unnecessary since the company also monitored his screen during the event. He was subsequently fired for “refusal to work.” A Dutch court ruled this constituted wrongful termination as “instructions to keep the webcam turned on is in conflict with the respect for the privacy of the workers. “ It also suggested it violated the Convention for the Protection of Human Rights and Fundamental Freedoms. The court fined the firm $50,000, ordered it to pay back wages, and remove a non-compete clause.
Thanks to today’s episode sponsor, Noname Security
Celsius bankruptcy leaks user data
With the Chapter 11 Bankruptcy filing of crypto lender Celsius Networks, it published lending information on its users. This included names, wallet IDs, transactions types, and tokens held. While this information technically resides behind the paywall of the court’s PACER system, anyone can pay the fee to view the documents, making the information entirely in the public record. Now someone made it even easier to look through the data, putting together a searchable database at CelsiusNetWorth.com. It also maintains a leaderboard of people who lost the most money with the collapse of Celsius, all with losses over $12 million. Henry de Valence of Penumbra Labs notes that “anyone can now dox all the on-chain activity and addresses of any named celsius user” by matching dates and amounts to transaction data.
(Decrypt)
Germany to fire cybersecurity chief
German media’s government sources say German Interior Minister Nancy Faeser will dismiss Arne Schoenbohm, the president of the BSI federal information security agency. Sources say possible contact with Russian security services spurred the need for his departure. Schoenbohm founded the Cyber Security Council of Germany. One member includes a Germany company that operates as a subsidiary of a Russian cybersecurity firm founded by a former KGB member. No word from the Interior Ministry or BSI on the report.
(Reuters)
Iranian protesters hack into state TV
Over the weekend, a TV news bulletin on Iran’s state TV was interrupted by a group called “Adalat Ali,” showing images of Iran’s supreme leader with a target on his head, as well as images of women killed in recent protests over the death of Mahsa Amini while in police custody. The interruption only lasted a few seconds, but also displayed the text “join us and rise up.” It’s not clear how the protesters obtained access to the state TV feed. This follows weeks of unprecedented protests across the country.
(BBC)
Fake ransomware actually a data wiper
The threat intelligence firm Cyble reports on a campaign of malicious websites that seemingly offer adult content. This would prompt a download of an executable with “.JPG” in the name. This would appear like an image file extension in the Downloads folder since Windows disables file extensions by default. Opening it drops four new executables which ultimately serve to batch rename all files to some version of ‘Lock_6.fille.’ Files aren’t modified or encrypted, just renamed. Another executable drops a ransom note asking for $300 in Bitcoin. The researchers also found that the fake ransomware actually tries to delete all system drives, but currently doesn’t work due to a typo. Even if not successful, the malware offers no way to change file names back, which will likely lead to significant data loss anyway.