Episode Details

Unsecured Flock Safety Condor cameras were found livestreaming on the internet without passwords or encryption. The flaw exposed at least 60 cameras, allowing public access to feeds, downloads, and administrative controls. The researchers who disclosed the vulnerability reported facing police surveillance and job loss following what they termed their "responsible security research."

The Federal Trade Commission (FTC) has finalized an order requiring General Motors and its OnStar service to obtain "clear, affirmative consent" from consumers before sharing sensitive driving and location data. The mandate grants consumers expanded rights to access, delete, and control the use of their personal information generated by connected vehicles.

Homeland Security Investigations (HSI) has acquired a device potentially linked to "Havana Syndrome" using funding provided by the Department of Defense. Reportedly portable enough to fit in a backpack, the device is said to produce pulsed radio waves. A primary national security concern is that if the technology is viable, it may have proliferated, giving other nations access to a potentially harmful weapon.

The "GhostPoster" malware campaign has re-emerged, leveraging malicious browser extensions installed by hundreds of thousands of users. The malware conceals its malicious code within image files and can activate after long delays. Its primary threats include injecting scripts into web pages, tracking user activity, and weakening browser security settings.

A newly discovered malware framework named "VoidLink" shows strong evidence of being generated with AI assistance. Designed to target Linux cloud servers and container environments, VoidLink features a sophisticated modular design with rootkit capabilities. Analysis suggests the framework was generated to a functional state in about a week using an AI assistant, highlighting how AI is accelerating the creation of advanced malware.

A malware campaign is deploying "Evelyn Stealer" through malicious Visual Studio Code extensions. The attack injects the stealer into a legitimate Windows process, grpconv.exe, to evade detection. The malware also tricks browsers into running in hidden contexts to avoid detection during credential harvesting. It is designed to exfiltrate developer credentials, browser cookies, and cryptocurrency wallets.

The European Commission has proposed new mandatory cybersecurity legislation aimed at removing high-risk technology suppliers, such as Chinese firms Huawei and ZTE, from the EU's critical telecommunications and ICT infrastructure. This policy, which builds on frustrations with the EU's voluntary 5G Security Toolbox, shifts from voluntary guidelines to binding rules empowering the EU to restrict equipment based on national security risks.

Italy's influential data privacy authority, the "Garante," is the subject of a corruption investigation. Prosecutors are examining allegations of excessive spending and possible corruption involving the agency's president, Pasquale Stanzione, and three other board members. The Garante is one of the EU's most proactive regulators against major technology firms.

A recent security update for Windows 11 23H2 has introduced a bug preventing some PCs from shutting down or hibernating. Microsoft has linked the issue to its "Secure Launch" security feature. The company's official workaround is to use the command-prompt command shutdown /s /t 0 to force the machine to power down while a permanent fix is developed.