Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart

Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things.

For years, Internet capabilities have crept into modern consumer products, providing sometimes convenient, sometimes extraneous Internet connectivity. This increase in IoT devices has an obvious outcome—a broader attack surface for threat actors. Not only that, but with more devices connecting to the Internet, there are also more devices collecting your data and analyzing it to send you more ads, more frequently, for more products.

Tune in to hear about the development of IoT devices, their cybersecurity and data privacy lapses, and more, on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on the Apple iTunes storeGoogle Play Music, and Spotify, plus whatever preferred podcast platform you use.

We cover our own research on:

  • Of Bluetooth and beacons: We took a look at how companies use Bluetooth to track you and use that capability for their benefit.
  • A malicious installer of the Little Snitch app was brought to our attention, and it happens to be a new Mac ransomware we now call ThiefQuest.
  • The Chromebook, they say, is a system that doesn’t need antivirus protection. Or does it? We took a deep dive into this claim to see if it truly holds water.

Plus other cybersecurity news:

  • Another ransomware attack struck a school, this time the University of California, who admitted to paying the ransom to the tune of 1.4 USD. (Source: Computer Business Review)
  • A known APT threat actor called Promethium, aka StrongPity, was spotted by multiple security researchers pushing Trojanized installers that mimic legitimate programs to target countries, which include India and Canada, for intelligence gathering. (Source: ZDNet)
  • Website owner and bloggers, beware! There’s a “secure DNS” scam making rounds, purporting to “help” you. (Source: Sophos’s Naked Security Blog)
  • Attackers compromised several US newspaper websites, and then used them as launchpads to distribute code that allows for the downloading of ransomware to visitors, of which are mostly huge organizations. (Source: Dark Reading)
  • TrickBot, a nefarious and very tricky Trojan, has a new quirk: it checks for the screen resolution spec of victim machine to identify if it is running on a virtual machine or not. (Source: BleepingComputer)

Stay safe, everyone!