Gone in a Flash
Earlier this week, Adobe announced Flash will be end-of-life (EOL) at the end of 2020. Thankfully, the announcement doesn’t require Flash to view. The move comes as other open web standards like HTML5, WebAssembly, and WebGL gain widespread adoption by developers while Flash usage has decreased dramatically over the last 3 years, according to the Chromium project.
China Extinguishes Fireball Team
Chinese authorities turned up the heat on the criminals responsible for Fireball malware by arresting at least 9 of the developers at RafoTech, a digital marketing company in Beijing. Fireball spread like wildfire, allegedly infecting over 250 million machines across the globe, by bundling itself with other software distributed by RafoTech.
We recommend protecting yourself from other threats like Fireball by ensuring your operating system, browser, and antivirus are up to date, and avoid downloading software from third party websites.
Putting the Brakes on an IoT Carwash
If that previous story got you heated, you can cool off by taking a drive through your nearest carwash, where hackers have figured out how to hijack Internet connected drive-through carwash stations and gain control over the doors and washing arm. With just these two primitive capabilities, an attacker could trap a vehicle inside the washing bay, douse the occupants with water, or even strike the vehicle with the washing arm or exit doors.
The automated washing machines rely on software-based safety mechanisms to prevent the doors and arm from hitting a vehicle, but hackers can override these safety controls. Apparently, the developers didn’t learn the lessons from the Therac-25 incident, where a software safety interlock failed silently resulting in at least six cases where patients received excessive radiation treatments.
Perhaps we should stop connecting things to the Internet that don’t need to be connected. At the very least, you can follow our guide on securing your IoT car wash.
Letters Home from Summer Camp
As many of you know, BlackHat and DefCon are in full swing this week. Here’s a quick roundup of interesting things being announced at the event:
- Cylance's Principal Research Scientist, Alex Matrosov, will detail 6 different UEFI firmware vulnerabilities
- Facebook announces $1 million in new funding for original defensive research
- Microsoft is launching a Windows Bug Bounty Program
- The Android Security Team discovers a new targeted Spyware Family
- Exodus Intelligence breaks down the “Broadpwn” vulnerability