At the Defcon security conference in Las Vegas last Saturday, a new jailbreak for John Deere tractor was demonstrated, putting a spotlight on the strength of the right-to-repair movement. Researchers are working to develop new tools to detect spyware on Windows, Mac, and Linux computers.
The family that used the Freedom of Information Act to learn more about the US Department of Defense made millions of dollars by promoting transparency. There is a flaw in the Veterans Affairs department's VistA electronic medical record system.
We have tips on how to create a secure folder on your phone, how to use the Signal messaging app, and how to keep your data safe.
There is more to come. The news we didn't cover is highlighted each week. The full stories can be found below. Stay safe out there.
The Janet Jackson song "Rhythm Nation" is still blowing up the charts and has some hard drives. Microsoft disclosed a vulnerability in a widely used 5400-rpm laptop hard drive. The laptop can be taken down by the disk if it's played on or near a vulnerable computer. There are still spinning disk hard drives in a number of devices around the world. One of the natural resonance frequencies created by the movement in the hard drive is caused by the flaw. It wouldn't be hard to vibe hard with a classic jam. According to Microsoft, the manufacturer of the drives developed a special filter for the audio processing system to stop the song from playing. Audio hacks that manipulate speakers, grab information leaked in vibrations, or exploit resonance frequencies are not often discovered in research.
One of the customers that suffered a knock-on effect was the secure messaging service Signal. The device verification service is underpinned by Twilio. Twilio is the provider that sends the text to the user when they register a new device. Attackers were able to take control of the Signal account once they had compromised the Twilio service. According to the secure messaging service, the hackers specifically searched for three users. The Signal account was one of the smallest subsets. The attackers might have impersonated him and sent new messages from his account if they had been able to compromise his account.
A group of spyware apps that all share the same infrastructure exposed the data of their users because of a shared vulnerability. TheTruthSpy is an app that is intrusive to begin with. They're inadvertently exposing the phone data of hundreds of thousands of people because of an infrastructure vulnerability. There is a tool that victims can use to check if their devices have been compromised with the spyware. A cache of files was dumped from the server of TheTruthSpy's internal network. The cache of files included a list of every device that was compromised by any of the apps in TheTruthSpy's network up to April 2022, which is when the data was dumped. There is not enough information in the leaked list to alert the owners of compromised devices. That is what led to the creation of this spyware search tool.
The Ontario Cannabis Store, a distribution company that works with the Ontario Cannabis Store, was hacked on August 5, limiting OCS's ability to process orders and deliver weed products to stores and customers around Ontario. There was no evidence that customer data had been compromised. OCS says that there is an investigation going on. OCS is backed by the government and can be ordered online. Roughly 1,330 licensed cannabis stores are distributed by the company. OCS said in a statement that it shut down Domain Logistics until a full forensic investigation could be done.