This week in InfoSec teaches us a whole new way to screw Rant of the Week takes microtransactions to a whole new level of ridiculousness Billy Big Balls is the most expensive job someone has ever applied for Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is something very exciting...
This Week in InfoSec (08:09)
With content liberated from the “today in infosec” twitter account and further afield
12th July 2008: NextGenHacker101 taught us "how to view someone's IP address and connection speed!" Tracer-tee! Naive? Troll? You decide. Painfully hilarious.
https://twitter.com/todayininfosec/status/1414224928413454341
13th July 2001: Code Red Worms its Way into the Internet. The Code Red worm is released onto the Internet. Targeting Microsoft’s IIS web server, Code Red had a significant effect on the Internet due to the speed and efficiency of its spread. Much of this was due to the fact that IIS was often enabled by default on many installations of Windows NT and Windows 2000. However, Code Red also affected many other systems with web servers, mostly by way of side-effect, exacerbating the overall impact of the worm, ensuring its place in history among the many malware outbreaks infecting Windows systems in the late 1990’s and early 2000’s.
7th July 1936: A Whole New Way to Drive a Screw: Several US patents are issued for the Phillips-head screw and screwdriver to inventor Henry F. Phillips. Phillips founded the Phillips Screw Company to license his patents. One of the first customers was General Motors for its Cadillac assembly-lines. By 1940, 85% of U.S. screw manufacturers had a license for the design.
Rant of the Week (16:00)
BMW starts selling heated seat subscriptions for $18 a month
BMW is now selling subscriptions for heated seats in a number of countries — the latest example of the company’s adoption of microtransactions for high-end car features.
A monthly subscription to heat your BMW’s front seats costs roughly $18, with options to subscribe for a year ($180), three years ($300), or pay for “unlimited” access for $415.
It’s not clear exactly when BMW started offering this feature as a subscription, or in which countries, but a number of outlets this week reported spotting its launch in South Korea.
BMW has slowly been putting features behind subscriptions since 2020, and heated seats subs are now available in BMW’s digital stores in countries including the UK, Germany, New Zealand, and South Africa. It doesn’t, however, seem to be an option in the US — yet.
Billy Big Balls of the Week (26:48)
Hackers stole $620 million from Axie Infinity via fake job interviews
The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game’s developers.
The attack happened in March 2022 and pushed into the ground the then massively popular and quickly-growing game from Sky Mavis.
By April 2022, the FBI was able to link the attack to the Lazarus and APT38 hackers, two groups who are often involved in cryptocurrency heists for the North Korean government.
In a recent report from news publication on digital assets The Block, sources with knowledge about the attack said that the threat actors contacted staff at Sky Mavis over LinkedIn, posing as a company looking to hire them.
One senior engineer at Axie Infinity showed interest in the fake job offer, due to the very generous salary, and went through multiple rounds of interviews.
At one point, the engineer received a PDF file with details about the job. However, the document was the hackers' way into the Ronin systems - the Ethereum-linked sidechain that supports the Axie Infinity non-fungible token-based online video game.
The employee downloaded and opened the file on the company’s computer, initiating an infection chain that enabled the hackers to penetrate Ronin’s systems and corrupt four token validators and one Axie DAO validator.
Industry News (32:08)
Majority Want Limitations on Social Media Content
Spike in Amazon Prime Scams Expected
Aerojet Rocketdyne Pays $9m Settlement Over Whistleblower Allegations
Cyber Insurers Looking for New Risk Assessment Models
Microsoft Details How Phishing Campaign Bypassed MFA
HavanaCrypt Ransomware Masquerades as a Fake Google Update
Critical Industries Failing at IIoT/OT Security
ICO Calls for Review of Government “Private” Messaging
State-Sponsored Hackers Targeting Journalists
Tweet of the Week (38:48)
