TechSpot’s top security stories for 2022: Vulnerabilities are waiting in the wings

As more aspects of everyday life go digital, it’s more important than ever to be proactive about online security. However, as 2022 has shown, security is not just a modern concern, as vulnerabilities have been around for years — even decades — and can appear in the most unexpected places and ways.

Security Researchers Demonstrate RTX 4090 Password Cracking Power

The new GPU significantly reduces the time it takes to retrieve or recover user passwords.

Security researcher and password cracker Sam Crawley has posted tests highlighting the RTX 4090’s password cracking capabilities. Nvidia’s latest flagship GPU has broken previous RTX 3090 performance records and doubled performance for nearly every algorithm tested. The cracked passwords followed best security practices and included random case letters, symbols, and numbers.

For years, some Gigabyte and Asus motherboards have contained UEFI malware.

The CosmicStrand rootkit is the latest indication that UEFI malware may be more prevalent than previously thought.

Security firm ESET discovered the first UEFI rootkit being used in the wild back in 2018. This type of persistent threat used to be the subject of theoretical discussion among security researchers, but in recent years it has become clear that there is much more to it. more common than previously thought, despite being relatively difficult to develop.

Janet Jackson’s 1989 song announced a cybersecurity vulnerability for hard drives to fail.

Rhythm Nation doesn’t emit good vibes

People of the modern world, are we looking for a better way of life?” Janet Jackson sang on her 1989 hit Rhythm Nation, not knowing that the best lifestyle she talked about didn’t involve certain hard drives. showed that the song could crash certain laptop models, and it is now recognized as a cybersecurity vulnerability.

GameStop ‘eavesdropped’ on customers without their consent, claims lawsuit

He sold secret transcripts to a marketing firm to create profiles using personal information.

If GameStop dove headfirst into the NFT and crypto market right before the bubble burst wasn’t stupid enough, wait a second – the company wants you to hold its beer. Now he is being sued for recording customer service chats without consent and selling the transcripts to a marketing firm.

QNAP warns users about ransomware: Protect your devices or shut down an unsecured NAS

Ransomware and brute-force attacks from unknown sources actively target networked devices.

QNAP has issued a security statement urging NAS users to take immediate action to protect their data from ongoing ransomware and brute force attacks. While the responsible parties have not been identified, widespread attacks appear to target any vulnerable network devices. The company has provided security setup instructions and mitigation measures to be followed immediately by all QNAP NAS users.

Nvidia allegedly hacked their hackers, stole their data back

Lapsus$ hacker group claims they still have a copy of the data

Several online security groups report that South American hacker group Lapsus$ claims to be behind the recent cyber attack on Nvidia. He also claims that Nvidia retaliated by hacking them, encrypting the stolen data, and ransoming their machines. It’s just a rumor at the moment, but it’s a great story that turns the tables.

Numerous security flaws found in Australian digital driver’s license

Possibly less secure than physical IDs

The New South Wales government in Australia introduced digital driver’s licenses in late 2019, saying they are harder to forge than physical identification. The security company recently outlined several reasons why this is not the case.

Nvidia hackers steal 190 GB of sensitive Samsung data

The leaks include Samsung encryption data and source code.

Lapsus$, the hacker group that leaked confidential information from Nvidia last week, has reportedly moved on to a new target: Samsung. Hackers have claimed an attack that leaked 190GB of sensitive information from the South Korean tech giant, including encryption data and source code for Samsung’s latest devices.

Teenage hacker remotely accesses more than 20 Tesla cars

Full control over car doors, security system, etc.

This week, the teen revealed that he had remotely accessed about two dozen Tesla vehicles in different countries and was trying to contact their owners. The list of things he can do to damaged cars is long and dangerous.

Alder Lake BIOS source code has been published on GitHub

This could reveal some security vulnerabilities.

Visible Alder Lake BIOS source code has been posted online. It appears to have been completely leaked at 5.9 GB uncompressed, possibly by someone working for a motherboard supplier, or by chance a Lenovo manufacturing partner.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button