Plus: Thousands of Citrix servers are vulnerable to cyberattacks
| Part of  Network | |
 |
Google paid a security researcher $107,000 after finding a security flaw in Google Home speakers that could've allowed eavesdropping on conversations. He found the flaw by hacking his own Google Home mini speaker. More: - The researcher stated that in order to hack the device, threat actors would need to know the following:
- the device name,
- certificate, and
- "Cloud ID" from its local API.
- Once they had this info, they could have sent a link request to the Google server, disconnected the device from the network so that it offered the chance of adding a new user, and finally spied on any conversation close to the device.
- The security researcher could also play media on the compromised smart speaker, rename it, force a reboot, force it to forget stored Wi-Fi networks, force new Bluetooth or Wi-Fi pairings, etc.
- The researcher tracked the flaw in January 2021, while Google patched it in April 2021.
| |
The LCMHS hospital in Louisiana has been hacked, leading to 270,000 patients having their data stolen. The issue has been reported to the secretary of the U.S. Department of Health and Human Services. More: - The security breach took place on Oct. 21, 2022.
- Hackers were able to steal:
- Full names
- Physical addresses
- Dates of birth
- Medical records
- Patient identification numbers
- Health insurance information
- Payment information
- Limited clinical information regarding the received care
- Social Security numbers.
- The company has started to send emails to the affected victims to instruct them on how to proceed.
- The Hive ransomware group added the hospital to the list of victims on its Tor data leak site on Nov. 15, 2022, and leaked several documents that allegedly belong to the organization.
- Law authorities, however, have not confirmed whether Hive is responsible for this breach yet.
| |
Crypto company 3commas has admitted that its mistake led to $22M worth of crypto being stolen last week. Many API keys belonging to the company's users were stolen and leaked online, resulting in the theft. More: - 3Commas enables users to link their crypto accounts so that they can day trade without having to switch between their different accounts.
- The company's CEO had categorically denied any responsibility from the company in previous weeks, claiming that the leaked API keys that were circulating on the internet were not stolen from 3commas.
- Due to many online speculations, Binance's CEO publically announced that he was certain the leaked keys were stolen from 3commas.
- 3commas' CEO admitted today that the files leaked by hackers were indeed stolen from the company's infrastructure and that it had asked all crypto exchanges it works with to disable the keys.
| |
Thousands of Citrix servers are vulnerable to cyberattacks, according to a new report. The servers could be hacked through two newly tracked security flaws that have a 9.8 CVSS ranking. More: - The two flaws are tracked as CVE-2022-27510 and CVE-2022-27518.
- Both of the flaws were allegedly patched by the company during the last few weeks, but researchers have disputed the claim.
- CVE-2022-27510 is a critical authentication bypass vulnerability affecting Citrix ADC and Citrix Gateway. In order for the flaw to be used, the server must be configured as a gateway.
- CVE-2022-27518 is believed to be the flaw that the NSA warned about earlier this month in a public statement that tied the flaw to the APT5 hacker group.
- For the flaw to be exploitable, the Citrix ADC or Gateway server must be configured as a SAML Service Provider or SAML Identity Provider.
- More than 40% of servers located in Denmark, the Netherlands, Austria, Germany, France, Singapore, Australia, the U.K., and the U.S. have been updated, while only 20% of nearly 550 servers in China have been patched.
| |
Netwrix has acquired Dell-backed cybersecurity company Remediant for an undisclosed amount. Remediant is based in San Francisco. More: - Remediant aims to help companies avoid lateral movement cyberattacks.
- The company's feature product is PAM, a SaaS product that removes administrators from endpoints and deploys the zero-trust privilege model as a way of protecting administrators from privileged access cyberattacks.
- Founded in 2010, Remediant raised $15M in funding before this acquisition.
- Netwrix is a Frisco, Texas-based cybersecurity company that offers solutions against ransomware attacks, privileged access attacks, data protection, etc.
- The company has worked with clients such as Allianz, Virgin, and Airbus.
| |
Quick Hits: - Need help setting up and securing your business' Apple devices? Manage up to 3 devices for free with Jamf Now.*
- Netgear has patched a recently tracked security flaw and is urging its customers to update the firmware of their devices as soon as possible.
- Hackers are targeting users that search for famous software companies such as Grammarly, Slack, Dashlane, Audacity, etc., with malware-infected ad campaigns.
- The Twitter account of India's Minister of Water Resources was hacked earlier today. Hackers promoted a false cryptocurrency giveaway and pretended that Elon Musk was behind the giveaway.
- Three founders wished they could invest in fractional shares of real estate while browsing Zillow. So they made Arrived.*
*This is sponsored content.
| |
Upcoming events at Inside: - January 05 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 06 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 10 - Inside Startups Coffee Break (Register Here)
- January 17 - Inside Marketing Coffee Break (Register Here)
- January 31 - Growth Summit 2023 (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
