ZuoRAT Hijacks SOHO Routers
Researchers have found a multi-stage remote access trojan (RAT) being used against a wide range of small and home office routers in Europe and North America. The RAT has been active since 2020 according to the researchers. The malware exploits known vulnerabilities (which is why patching IoT devices and making sure that vendors are actually releasing patches is so important), so in that sense, it is not that sophisticated. Right now it is targeting Cisco, Netgear, Asus and Draytek, so it has millions of devices that are likely not being patched to compromise. Credit: Dark Reading
HackerOne Bug Bounty Service Fires Employee For Stealing Bugs and Selling Them
I am sure this is a one-off, but it is bizarre anyway. Companies outsource their bug bounty programs to companies like HackerOne because managing bug bounties is hard and not part of anyone’s core business. HackerOne said that this now ex-employee accessed reported bugs and then sold them elsewhere, pocketing the money. This activity went on for three months before being detected. Once detected, they fired the employee. Credit: Hackread
UK is Trying to Pass a Law to Detect CSAM in Encrypted Content
There is a proposed update to the Online Safety Bill that would require big tech to detect CSAM – child porn – in end to end encrypted content. The bill doesn’t care how you do that, just that you do it. One option is to do away with end to end encryption and that might be a strategy the companies use to pressure lawmakers. They could say, every where else in the world you can have private conversations but in the UK, you can’t. Alternatively, they can say that there is no end to end encryption or they could try to detect it in the user’s computer or phone. This has not been passed and the UK’s ruling conservative party is in the middle of a political meltdown, so it might not happen, at least now. Stay tuned. Credit: The Register
FTC Affirms the Right to Repair – Your barbeque Grill
The FTC told the Weber BBQ grill company that they are violating the law by voiding the warranty of customers who repaired their own grills using third party parts. The Magnuson-Moss warranty act, which we usually think of around car warranties, applies to everything and the administration thinks this is important. Even the Supremes have voted in favor of this right. Among other things, Weber has to directly contact all warranty customers and tell them that Weber will now obey the law. Credit: Vice
What Part of Cryptocurrency is Risky Don’t You Understand?
Cryptocurrency broker and lender Voyager entered Chapter 11 bankruptcy this week, blaming volatility and contagion. The company has struggled as its share price dropped 90%. In part, the bankruptcy is due to a bad $650 million loan it made to Three Arrows Capital, which itself went bankrupt after making a bunch of risky crypto bets. As long as all you are investing is your Starbucks money and not your rent money, you are likely safe, but one chap invested 90% of his savings at Voyager, thinking that the high interest rates they were paying were a good thing. They are good, as long as you can afford to lose it. I invested in Bitcoin when it was $40,000. Now at $20,000, my investment is worth half of what it was and I am out a hundred bucks. Remember that there is likely no insurance in the crypto market. Credit: Vice