DoS usually is an acronym that refers to Denial of Service, but according to researcher Joseph Gaby, it can also stand for Denial of Shopping. On August 8, at the DEF CON 29 conference, Gabay outlined his research into how physical shopping cart immobilization systems work, and how they can potentially be abused by hackers. He noted that there is some pretty cool technology that most people take for granted every time they go shopping…

There may be little if any argument about the vast impact that social media platforms have on the lives of hundreds of millions of people around the world. Social media has also had a profound influence on elections. In a session at the DEF CON 29 conference on August 7, Sebastian Bay, a researcher at the Swedish Defence Research Agency (FOI), outlined how social media platforms are failing at limiting the risk of false information…

If a computer science student has a scheduling conflict and wants to attend two different classes that occur at the same time, what should that student do? In a session at the DEF CON 29 conference on August 7, Ph.D. student Vivek Nair outlined a scenario where a hack of the attendance system could, in fact, enable him, or anyone else, to be in two places at the same time. Nair explained that many schools…

VMworld is VMware’s flagship event, typically attracting 20,000+ people in the US (San Francisco) and 13,000+ in EMEA (Barcelona). As with 2020, VMworld 2021 is virtual and online. The annual conference is in its 18th year, currently focused on accelerating business innovation by delivering and securing modern applications, managing multiple clouds, and seamlessly supporting an anywhere workspace. This year at VMworld 2021 the content catalogue is a reflection of how fast technology and society have…

Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw adversaries using Excel 4.0 macros, an old technology, to deliver payloads to their victims. They were mainly using workbook streams via the XLSX file format. In these streams, adversaries were able to enter code straight into cells (that’s why they were called macro-formulas). Excel 4.0 also used API level functions like downloading a file, creation of files, invocation of other processes like PowerShell, cmd, etc.   With the evolution of technology, AV vendors started to…

No attack type has been as impactful as ransomware in 2021. According to a panel of experts at the DEF CON 29 conference, the rising notoriety and impact of ransomware in 2021 has accelerated the need for both government and the private sector to act—though there was no clear consensus on the panel on exactly what actions should be taken. Chris Painter, co-chair of the Ransomware Task Force, commented that after the ransomware attack against…

Amazon’s Kindle e-reader is a popular device that has been on the market since 2007, with approximately 100 million Kindles in use around the world today. The primary purpose of the Kindle is to enable users to read books. Slava Makkaveev, security researcher at Check Point Software Technologies, had another idea, though; he wanted to see if he could load a book that would exploit the Kindle. At the DEF CON 29 conference, Makkaveev outlined…

Three Disney theme park employees have been arrested in Florida as part of an undercover sting operation to catch sexual predators who target children via the internet. The suspects are among 17 individuals arrested by the Polk County Sheriff’s Office (PCSO) under the Operation Child Protector initiative. The initiative was a joint effort involving detectives from the Auburndale Police Department, Orlando Police Department, Winter Haven Police Department, and Orange County Sheriff’s Office. From July 27…

A data breach at the University of Kentucky has exposed the personal information of hundreds of thousands of students and staff. An annual cybersecurity inspection uncovered the breach, which was caused by a vulnerability in a server associated with the university’s College of Education database.  News source WDRB reported that more than 355,000 email addresses were exposed in the security incident, with victims located across the world.  “The database is part of a free resource program known as the Digital…

An intelligence analyst who illegally obtained classified US government documents on drone warfare and leaked them to a journalist has been sentenced to prison. Daniel Everette Hale met the reporter in April 2013 while attending an event in a bookstore in Washington DC.  In 2014, while working as a cleared defense contractor at the National Geospatial-Intelligence Agency (NGA), Hale printed six classified documents, all of which were later published by a news outlet. Hale later printed 36…