Sign up to save your podcasts
Or
Share EP 227.5 Deep Dive - 21 Attack Types and The IT Privacy and Security Weekly Update for The Week Ending January 28th 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP 227.5 Deep Dive - 21 Attack Types and The IT Privacy and Security Weekly Update for The Week Ending January 28th 2025
What is "surveillance pricing" and how does it affect me? Surveillance pricing is a practice where online retailers adjust prices based on your personal data, such as location, browsing history, and demographics. Companies collect data like mouse movements and items left in your shopping cart to determine what you're likely willing to pay. This can lead to different individuals being offered varying prices for the same product. To mitigate this, consider using VPNs, browser extensions that block tracking, regularly clearing browser cookies, and being cautious about the personal information you share online.
What car vulnerabilities were recently discovered, and how can I protect myself? Security researchers recently found vulnerabilities in Subaru's web portal, allowing remote control of vehicles, including unlocking doors, starting the engine, and tracking location. Millions of Subaru vehicles with Starlink digital features were potentially affected. While Subaru has patched the identified flaws, it's crucial for all car owners to ensure their software is up-to-date. This is part of a larger trend of security issues in the automotive industry, so vigilance is essential.
How is Meta using my data with its new AI, and can I opt out? Meta's new AI chatbot will use personal data from your Facebook and Instagram accounts to personalize its responses. This includes information from previous conversations, dietary preferences, and interests. Unfortunately, there is no option to opt out of this data-sharing feature.
What was the recent ruling about the FBI's access to Americans' private communications? A federal court ruled that backdoor searches of Americans' private communications collected under Section 702 of FISA are unconstitutional without a warrant. This ruling found that even if the government can lawfully collect communications between foreigners and Americans, it can't search those communications without a warrant when those searches involve US persons. This stems from a case where the FBI searched emails of a US resident, collected under the premise of foreign intelligence, without a warrant. The court found this to be a Fourth Amendment violation.
What are the dangers of North Korean IT workers, and how can we protect our companies? The FBI has warned that North Korean IT workers are abusing their access to steal source code and extort U.S. companies. They often copy company code repositories, harvest credentials, and initiate work sessions from non-company devices. To mitigate these risks, companies should apply the principle of least privilege, limit permissions for remote desktop applications, and monitor for unusual network traffic. Additionally, it is important to recognize that these workers may log in from different IPs over a short period.
What is the new threat to the European power grid, and what makes it so concerning? Researchers have discovered that renewable energy facilities across Central Europe use unencrypted radio signals to control how much power is sent into the grid. By reverse-engineering the signals, they found they could potentially manipulate the system to cause widespread disruptions, including a grid-wide outage. The lack of encryption on these systems and the ability to control large amounts of energy poses a significant risk, especially considering current geopolitical tensions.
What is the significance of DeepSeek's R1 model and how does it compare to models like OpenAI's? DeepSeek's R1 model is an open-source large language model (LLM) that offers open weights, allowing users to run it on their own servers or locally. It challenges OpenAI's proprietary model by providing a more cost-effective and accessible AI solution. DeepSeek uses a technique called distillation, where existing LLMs train new, smaller models. The emergence of R1 suggests a shift towards more commoditized AI and potentially increased accessibility and customization.
What are some common types of cyber attacks and how can I defend against them? The sources list 21 common cyber attacks including: malware, phishing, ransomware, drive-by downloads, cross-site scripting (XSS), SQL injection, man-in-the-middle (MitM) attacks, DDoS attacks, password attacks, insider threats, credential stuffing, zero-day exploits, social engineering, session hijacking, eavesdropping, watering hole attacks, DNS spoofing, IoT attacks, supply chain attacks, brute force attacks, and spyware. Preventative measures involve using antivirus software, updating systems, avoiding untrusted downloads, verifying emails, using spam filters, performing regular backups, having strong firewalls, enabling MFA, monitoring activities, restricting access to risky sites, securing cookies, and training employees to recognize suspicious activity.
The best way to stay protected is to stay informed. Keep listening
View all episodes
By R. Prescott Stearns Jr.
4.5
44 ratings
What is "surveillance pricing" and how does it affect me? Surveillance pricing is a practice where online retailers adjust prices based on your personal data, such as location, browsing history, and demographics. Companies collect data like mouse movements and items left in your shopping cart to determine what you're likely willing to pay. This can lead to different individuals being offered varying prices for the same product. To mitigate this, consider using VPNs, browser extensions that block tracking, regularly clearing browser cookies, and being cautious about the personal information you share online.
What car vulnerabilities were recently discovered, and how can I protect myself? Security researchers recently found vulnerabilities in Subaru's web portal, allowing remote control of vehicles, including unlocking doors, starting the engine, and tracking location. Millions of Subaru vehicles with Starlink digital features were potentially affected. While Subaru has patched the identified flaws, it's crucial for all car owners to ensure their software is up-to-date. This is part of a larger trend of security issues in the automotive industry, so vigilance is essential.
How is Meta using my data with its new AI, and can I opt out? Meta's new AI chatbot will use personal data from your Facebook and Instagram accounts to personalize its responses. This includes information from previous conversations, dietary preferences, and interests. Unfortunately, there is no option to opt out of this data-sharing feature.
What was the recent ruling about the FBI's access to Americans' private communications? A federal court ruled that backdoor searches of Americans' private communications collected under Section 702 of FISA are unconstitutional without a warrant. This ruling found that even if the government can lawfully collect communications between foreigners and Americans, it can't search those communications without a warrant when those searches involve US persons. This stems from a case where the FBI searched emails of a US resident, collected under the premise of foreign intelligence, without a warrant. The court found this to be a Fourth Amendment violation.
What are the dangers of North Korean IT workers, and how can we protect our companies? The FBI has warned that North Korean IT workers are abusing their access to steal source code and extort U.S. companies. They often copy company code repositories, harvest credentials, and initiate work sessions from non-company devices. To mitigate these risks, companies should apply the principle of least privilege, limit permissions for remote desktop applications, and monitor for unusual network traffic. Additionally, it is important to recognize that these workers may log in from different IPs over a short period.
What is the new threat to the European power grid, and what makes it so concerning? Researchers have discovered that renewable energy facilities across Central Europe use unencrypted radio signals to control how much power is sent into the grid. By reverse-engineering the signals, they found they could potentially manipulate the system to cause widespread disruptions, including a grid-wide outage. The lack of encryption on these systems and the ability to control large amounts of energy poses a significant risk, especially considering current geopolitical tensions.
What is the significance of DeepSeek's R1 model and how does it compare to models like OpenAI's? DeepSeek's R1 model is an open-source large language model (LLM) that offers open weights, allowing users to run it on their own servers or locally. It challenges OpenAI's proprietary model by providing a more cost-effective and accessible AI solution. DeepSeek uses a technique called distillation, where existing LLMs train new, smaller models. The emergence of R1 suggests a shift towards more commoditized AI and potentially increased accessibility and customization.
What are some common types of cyber attacks and how can I defend against them? The sources list 21 common cyber attacks including: malware, phishing, ransomware, drive-by downloads, cross-site scripting (XSS), SQL injection, man-in-the-middle (MitM) attacks, DDoS attacks, password attacks, insider threats, credential stuffing, zero-day exploits, social engineering, session hijacking, eavesdropping, watering hole attacks, DNS spoofing, IoT attacks, supply chain attacks, brute force attacks, and spyware. Preventative measures involve using antivirus software, updating systems, avoiding untrusted downloads, verifying emails, using spam filters, performing regular backups, having strong firewalls, enabling MFA, monitoring activities, restricting access to risky sites, securing cookies, and training employees to recognize suspicious activity.
The best way to stay protected is to stay informed. Keep listening