Hey. Hi. Howdy.
It's been a while.
I hope you're doing great.
I won't waste any more of your time—you're here for updates on the past week in cybersecurity.
Off we go then!
This week is no less cyber circus-y than any other—we've got dodgy characters, security blunders and, really, just a whole bunch of weird stuff.
Our first mention is a security firm called Silent Push, who took a deep dive into the seedy underbelly of Amazon AWS and Microsoft Azure. Apparently they've been hosting a bit of a smorgasbord—some useless information for ya—smörgås in Swedish (not pronounced how you might think) means sandwich and bond' means table. Smorgasbord in Swedish is smörgåsbord, literally just switching out two of the English vowels for Swedish extended edition vowels. Enough fluff, back to security stuff. Where was I? Right, smorgasbord of "iffy" content for Funnull, a Chinese content delivery network (CDN)—think like Cloudflare and so on, but for things such as fake trading apps, pig butchering scams and phishing pages. Pig butchering scams, how delightful.
What do you get when you cross a president, artificial intelligence and a national cybersecurity board? A bad joke in another universe I imagine, but in our universe it's the tale of president Trump putting together a national cybersecurity board to tackle the threat posed by AI. I'm not sure how it'll play out but let's hope for the best and all that.
Onto cryptocurrency and PEKEN Global Limited (KuCoin's operator) got caught with its hand in the cookie jar. More like running an unlicensed money-transmitting business—potato, potato, right? Their penalty was a cool $297 million. How many cookies do you reckon that would net?
The US Cybersecurity and Infrastructure security Agency (CIS A) are flying a bunch of red flags about Conte (MS 8000 devices-used for patient monitoring. These sneaky blighters have a backdoor that's quietly sending patient data to a remote IP address. My first question would be—why are they even connected to the Internet?! These are the big box things hospitals have sitting next to the beds—usually attached to a pole with wheels to measure a patient's vital signs. If you're hooked up to one of these a nurse should be checking on you anyway. Complacency has no place in security.
Google have pulled out their rubber mallet on the Play store. They blocked 2.3 million Android app submissions in 2024 for policy violations. That means 158,000 developer accounts got the boot, for trying to sneak in harmful apps. I bet the majority weren't malicious with intention, they were just poorly thought-out, LLM (Large Language model—think ChatGPT and so on) generated that didn't pass the Google sniff test.
Did you know the New York Blood Center collects almost 4,000 units of blood (1 pint, 450mL, bit less than half a liter) products every day? No, I'm not running a blood drive, just an interesting tidbit (is tidbit one word or two? I forget and writing this by hand)—imagine if vampire hackers existed. If you know of any movies or TV shows that feature vampire hackers, mention them in the comments, I'd love to watch. Even if they're terrible movies or shows—actually especially if they're terrible. I'll even write an article on what they got right and not-so-right with their hacking. Been struggling with ideas for Thirteenth Strike and I'll give you a shout out in the article!
Chinese start-up DeepSeek has the entire Internet buzzing right now. What you might not have heard is they managed to expose two databases chockablock full of sensitive user and operational info. Stuff like, chat history, API keys, backend details as well as operational metadata. This is a fantastic list of things you should keep under wraps—and not expose to virtually the whole world.
Remote work became the norm the past few years, and many companies are still struggling to provide secure, scalable and efficient access to their corporate resources (started sounding like I was about to sell you something, didn't it?). Cloud-based Remote Desktop Protocol solutions seem to be picking up in popularity. Remember, especially with new tech and things that gain popularity fast—not all that glitters is gold, or secure for that matter. Watch this space if you wanna catch the news on them as they come.
That's about all the energy I have this week—until next time,
Good luck,
Stay safe and,
Be well.
See ya!