https://www.cyberscoop.com/top-justice-official-paper-only/

Hickey said the takeaway for the court system is that sometimes the old-fashioned way of doing things is safer. He added that the paper-only system applies only to the most sensitive sealed documents as opposed to all of them.

“It’s a lesson, a fairly familiar adage, that going online is not always the best thing,” Hickey added. “Convenience is great, but security in any internet connected system is going to be different from what it would be on paper.”

https://therecord.media/microsoft-bug-in-janet-jacksons-rhythm-nation-could-crash-a-laptop/

the vulnerability comes from a phenomenon discovered by Microsoft where playing “Rhythm Nation” would cause any laptop with a certain hard drive to crash.

In its CVE page, the MITRE organization said the 5400 RPM OEM hard drives were shipped primarily with many laptop PCs around 2005. If played near these laptops, the song causes “a denial of service (device malfunction and system crash) via a resonant-frequency attack.”

https://arstechnica.com/information-technology/2022/08/north-korea-backed-hackers-have-a-clever-way-to-read-your-gmail/

The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise. The extension isn’t available in Google’s Chrome Web Store, Microsoft’s add-ons page, or any other known third-party source and doesn’t rely on flaws in Gmail or AOL Mail to get installed.

Volexity President Steven Adair said in an email that the extension gets installed “by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.

https://www.binance.com/en/blog/community/scammers-created-an-ai-hologram-of-me-to-scam-unsuspecting-projects-6406050849026267209

Over the past month, I’ve received several online messages thanking me for taking the time to meet with project teams regarding potential opportunities to list their assets on Binance.com. This was odd because I don’t have any oversight of or insight into Binance listings, nor had I met with any of these people before.

It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a “deep fake” of me. Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members. 

https://www.bloomberg.com/news/articles/2022-07-29/chinese-government-asked-tiktok-for-stealth-propaganda-account

A Chinese government entity responsible for public relations attempted to open a stealth account on TikTok targeting Western audiences with propaganda, according to internal messages seen by Bloomberg.

https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

https://www.wired.com/story/starlink-internet-dish-hack/

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

https://edition.cnn.com/2022/07/23/politics/fbi-investigation-huawei-china-defense-department-communications-nuclear/index.html

https://therecord.media/report-mercenary-spyware-exploited-google-chrome-zero-day-to-target-journalists/

A zero-day vulnerability in Google Chrome was discovered when attackers exploited it to target users in the Middle East, including journalists, cybersecurity firm Avast said Thursday. 

The company attributed the attacks to a secretive Israeli firm known as Candiru — named after a notorious parasitic fish — that sells spyware to governments. 

https://www.eff.org/deeplinks/2022/07/ring-reveals-they-give-videos-police-without-user-consent-or-warrant

Amazon’s Ring devices are not just personal security cameras. They are also police cameras—whether you want them to be or not. The company now admits there are “emergency” instances when police can get warrantless access to Ring personal devices without the owner’s permission. This dangerous policy allows police, in conjunction with Ring, to decide when access should be granted to private video.