Oops all hacks ft. Lapsus$, TikTok's clock extends, & Disney Plus Adds

March 11, 2022 by
Oops all hacks ft. Lapsus$, TikTok's clock extends, & Disney Plus Adds
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT Podcast - March 11th, 2022

This week, Matt & Griff discuss Russian RaaS group getting exposed, Ukrainian hacktivists, huge Nvidia ransom that weirdly relate to the recent Samsung Galaxy hack, TikTok extends their videos to 10min, Epic Games buys Bandcamp for some reason, Amazon's new radio app that lets you be the DJ, Truth Social still not working, and Disney Plus adding an ad tier.

Listen here!


Conti ransomware gang's internal chats leaked online after declaring support for Russian invasion

  • Conti is a ransomware-as-a-service (RaaS) group, which allows affiliates to rent access to its infrastructure to launch attacks.
  • A cache of chat logs belonging to the Conti ransomware group have leaked online thanks to an apparent insider, who claimed to have objected to the group's support for the Russian invasion of Ukraine.
  • The leaked data set has about 400 files containing tens of thousands of internal chat logs of the Conti group in their native Russian.
  • The files hold about a year's worth of messages dating back to January 2021, some six months after the group first formed in mid-2020.


Starlink terminals sent to Ukraine - proving to be very reliable

  • Elon Musk has been delivering terminals to Ukraine to help keep people connected and knowledge sharing moving forward in the war-torn country.
  • Despite Russian attacks to block the signal and interrupt the connections, they are proving to be incredibly reliable.
  • Of course, this prompts questions into the legal issues of the reliability and success of being able to provide this type of service to areas in contested situations.
  • More terminals are being delivered to help keep Ukraine connected.


Exclusive - Ukraine calls on hacker underground to defend against Russia

  • The government of Ukraine has been asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops.
  • They have already had received hundreds of applicants and was going to begin vetting to ensure that none of them were Russian agents.


Nvidia hackers leak employee credentials, threaten to release 'Nvidia's most closely guarded trade secrets'

  • Nvidia's internal systems were "completely compromised"
  • Data extortionists named Lapsus$ stole up to 1 terabyte of data from Nvidia have now delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia's graphics cards to mine cryptocurrencies faster or face the imminent release of the company's crown-jewel source code.
  • Nvidia introduced LHR (lite hash rate) in February 2021 with the launch of its GeForce RTX 3060 models. The reason: to make the cards less desirable to people mining Ethereum and possibly other types of cryptocurrencies.
  • Lapsus$ then leaked the credentials of more than 71,000 Nvidia employees after the company did not meet its demands.
  • Now, the group is taking its revenge. Multiple hack-tracking sites have reported that malware is spreading across the internet in massive waves — and that it is using "Nvidia signed" verification certificates to install drivers on computers, particularly those using Windows.


Samsung confirms hackers stole Galaxy source code

  • A hacking outfit named Lapsus$ claiming responsibility for sharing screenshots allegedly showing roughly 200GB of stolen data, including source code used by Samsung for encryption and biometric unlocking functions on Galaxy hardware.
  • It's not clear if Lapsus$ has made any threats to Samsung trying to extort specific concessions, but this breach does not include the personal information of our consumers or employees.


TikTok expands maximum video length to 10 minutes

  • The company announced on Feb 28th that it's expanding the maximum length for uploads to 10 minutes.
  • Longer videos allow TikTok to better compete with YouTube (which skews heavily toward lengthy content) as well as capture an older audience and increase overall engagement time on the app.
  • At the same time, a switch to longer content may hurt the firm by limiting the amount of data it can collect on users' watching habits, which is what allows it to customize the algorithms it uses to attract users in the first place.
  • Longer-form content is, in general, "easier to monetize and keeps people on platform longer."
  • Ironically, as TikTok expands to offer creators and users longer content, its rivals — spurred by TikTok's success — have done the opposite. Instagram launched short-form videos in the form of Reels, YouTube has the aptly-named Shorts, and Snapchat offers what it calls Spotlight. All these companies are trying to get the formula right.


Truth social struggles to let users sign-in, let alone make an impact

  • Remember the Truth Social app we talked about a few weeks back? Well, things aren't going well for the Trump-supported social media network.
  • Those who signed up are still waiting for an invite, as the quiet platform gets quieter without a more widespread user base being allowed in.
  • In fact, even former President Donald Trump has yet to make a single post.
  • They have promised, however, that these issues should be resolved by end of March.


Epic Games acquires Bandcamp

  • Epic Games might need to drop the word "Games" from its moniker and admit what kind of company it wants to be.
  • Epic's vision is to build out a creator marketplace ecosystem for content, technology, games, art, music and more.
  • While this might sound like Epic wants to acquire Bandcamp's backend, web storefront, and iOS/Android apps, this wording suggests that Bandcamp could be rolled into the Unreal asset sales ecosystem.


Amazon launches a 'live radio' app, Amp, which lets you play DJ with music and call-ins

  • Amazon's Clubhouse competitor has arrived.
  • Amp allows people to create live "radio shows" where they can act as a DJ by taking callers and playing tracks from its catalog.
  • According to Amp's App Store description, creators will also be able to pre-plan and schedule their shows, alert listeners to their upcoming shows, control who speaks when taking live callers and more.
  • Notably, creators do not have to pay the labels when accessing the music for their show, the app's listing notes.


Disney Plus to launch a cheaper tier with ads late this year

  • Disney didn't specify pricing for the new tier nor changes to its current ad-free one, after previously hinting at a price hike late 2022.