The Lighthouse IT Podcast - April 8th, 2022
This week, Matt & Griff discuss how police traced the hacking group Lapsus$ back to English teenager, how Mailchimp hackers phished cryptocurrency wallets from their clients, how the EU is attempting to help smaller messaging companies, and some Twitter changes that come right after Musk becomes the biggest shareholder.
Cybersecurity researchers trace Lapsus$ attacks to a teenager from England
- Cybersecurity researchers investigating the attacks have traced them to a 16-year-old living with his mother near Oxford, England
- While the researchers have identified seven accounts associated with the hacking group — including one traced to another teenager in Brazil — they believe the teenager from England is the mastermind and is behind some of the major Lapsus$ hacks.
- However, they weren't able to connect the teen to all the attacks the group carried out.
- Apparently, rival hackers posted the teenager's details online, including his address and information about his parents.
- He was reportedly so skilled at hacking and so fast at what he does that researchers previously thought the attacks were automated.
- Police have arrested 7 people thus far, ages 16-21.
Hackers breach Mailchimp to phish cryptocurrency wallets
- Mailchimp has confirmed that hackers used an internal tool to steal data from more than 100 of its clients — with the data being used to mount phishing attacks on the users of cryptocurrency services.
- Mailchimp had become aware of the breach on March 26th when it detected unauthorized access of a tool used by the company's customer support and account administration teams. Although Mailchimp deactivated the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them, Smyth said.
- Details of the hack show that the compromise of Mailchimp's internal tools was just one piece in a bigger puzzle.
- One of the stolen email lists was used to send a fake data breach notification to Trezor customers, prompting them to download a new version of the Trezor Suite desktop application. In fact, the email directed users to a phishing site that hosted a fake version of the application, designed to steal the seed phrase that would allow hackers to gain total control over a user's cryptocurrency wallet. It's currently unclear whether any Trezor users had funds stolen by the attack.
Apple subscriptions for hardware and development on foldable OLED iPad & MacBooks
- LG Display will supply 17-inch foldable 4K OLED panels to HP this year, destined for an in-folding notebook with an 11-inch display when closed.
- LG Display has growing expertise in foldable OLED displays, having supplied the 13.3-inch display panel for the Lenovo ThinkPad X1 Fold which have gotten pretty good reception.
- These devices could form a whole new product category for Apple and result in a dual-use product, potentially able to work as a notebook with a full-size on-screen keyboard when folded and as a monitor when unfolded and used with an external keyboard.
Down with Big Messaging?
- New EU Act could require messaging apps to play nicely with smaller companies
- Developers would have to request interoperability with the big messaging companies (i.e. WhatsApp, FB Messenger, iMessage)
- It's not fully vetted, i.e. would WhatsApp be able to tap into iMessage (big to big?)
Are you there Twitter? It's me, Elon.
- Apparently making a car that can follow you like a terrier, shooting rockets into space, establishing a punny excavating company called "Boring" and pushing for Hyperloop transit has set his sites on something that is actually important: Social Media.
- Largest shareholder of Twitter at 9%
- Twitter has been a bit of a rough patch for Musk -- getting in trouble about tweets regarding Tesla with the SEC. Attorneys now have to approve his posts.
Twitter is adding an edit button
- Twitter has announced that it's working to allow users to edit their tweets after posting them.
- What about the altering the record of a conversation?
- No timeframe for launch as they still need to work items like that out.
- Days later, after it emerged that Elon Musk had bought a 9.2 percent stake in the company. One of his first tweets afterwards was to poll his followers on whether Twitter should add an edit button. 73.4 percent were in favor.
Taking a Shein towards money
- Chinese fashion giant valued at $100bn
- Worth $5bn more than Stripe (payments)
- Competitors H&M and Zara combined can't match
- Equal footing? Worth as much as SpaceX.