Joaquín Ruiz Security Vulnerabilities

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11

This week on the Lock and Code podcast… The irrigation of the internet is coming. For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and.....

“No social media ’til 16,” and other fixes for a teen mental health crisis, with Dr. Jean Twenge: Lock and Code S04E10

_This week on the Lock and Code podcast… _ You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological...

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...

Securing your home network is long, tiresome, and entirely worth it, with Carey Parker: Lock and Code S05E07

This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the...

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesn't....

Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06

This week on the Lock and Code podcast… A disappointing meal at a restaurant. An ugly breakup between two partners. A popular TV show that kills off a beloved, main character. In a perfect world, these are irritations and moments of vulnerability. But online today, these same events can sometimes.....

How to make a fake ID online, with Joseph Cox: Lock and Code S05E05

This week on the Lock and Code podcast… For decades, fake IDs had roughly three purposes: Buying booze before legally allowed, getting into age-restricted clubs, and, we can only assume, completing nation-state spycraft for embedded informants and double agents. In 2024, that's changed, as the...

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Today on the Lock and Code podcast… If your IT and security teams think malware is bad, wait until they learn about everything else. In 2024, the modern cyberattack is a segmented, prolonged, and professional effort, in which specialists create strictly financial alliances to plant malware on...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation...

In conversation: Bruce Schneier on AI-powered mass spying

For decades, governments and companies have surveilled the conversations, movements, and behavior of the public. And then the internet came along and made that a whole lot easier. Today, search engines collect our queries, browsers collect our device information, smartphones collect out...

Bruce Schneier predicts a future of AI-powered mass spying: Lock and Code S05E03

This week on the Lock and Code podcast… If the internet helped create the era of mass surveillance, then artificial intelligence will bring about an era of mass spying. That’s the latest prediction from noted cryptographer and computer security professional Bruce Schneier, who, in December, shared....

A true tale of virtual kidnapping: Lock and Code S05E02

This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began investigating what they believed was a kidnapping. 17-year-old foreign exchange student Kai Zhuang was missing, and according to Riverdale Police Chief Casey Warren,...

A true tale of virtual kidnapping: Lock and Code S05E02

This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began investigating what they believed was a kidnapping. 17-year-old foreign exchange student Kai Zhuang was missing, and according to Riverdale Police Chief Casey Warren,...

5 ways to make your DevSecOps strategy developer-friendly

There are many benefits to implementing DevSecOps: minimized risk, reduced remediation costs, and faster and more secure product releases. But from a developer's perspective, there’s a lot to be desired from the day-to-day practice. Developers often experience fragmented tool integration and are...

DNA data deserves better, with Suzanne Bernstein: Lock and Code S05E01

This week on the Lock and Code podcast… Hackers want to know everything about you: Your credit card number, your ID and passport info, and now, your DNA. On October 1 2023, on a hacking website called BreachForums, a group of cybercriminals claimed that they had stolen—and would soon...

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called...

Meet the entirely legal, iPhone-crashing device, the Flipper Zero: Lock and Code S04E25

This week on the Lock and Code podcast… It talks, it squawks, it even blocks! The stocking-stuffer on every hobby hacker’s wish list this year is the Flipper Zero. “Talk” across low-frequency radio to surreptitiously change TV channels, emulate garage door openers, or even pop open your friend’s...

Healthcare giant Norton breach leads to theft of millions of patient records

Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents. Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said.....

Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24

This week on the Lock and Code podcast… Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little...

Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23

This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—they're spying on each other more. Whether reading someone's DMs, rifling through a partner's text messages, or even rummaging through the bags and belongings of someone...

MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22

This week on the Lock and Code podcast… In September, the Las Vegas casino and hotel operator MGM Resorts became a trending topic on social media… but for all the wrong reasons. A TikTok user posted a video taken from inside the casino floor of the MGM Grand—the company's flagship hotel complex...

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...

AI sneak attacks, location spying, and definitely not malware, or, what one teenager fears online: Lock and Code S04E21

This week on the Lock and Code podcast... What are you most worried about online? And what are you doing to stay safe? Depending on who you are, those could be very different answers, but for teenagers and members of Generation Z, the internet isn't so scary because of traditional threats like...

CVE-2023-27622

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...

CVE-2023-27622

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...

CVE-2023-27622 WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin &lt;= 1.0.0...

What does a car need to know about your sex life? Lock and Code S04E20

This week on the Lock and Code podcast... When you think of the modern tools that most invade your privacy, what do you picture? There's the obvious answers, like social media platforms including Facebook and Instagram. There's email and "everything" platforms like Google that can track your...

Pegasus spyware and how it exploited a WebP vulnerability

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. For those that have missed the subtle clues, we have tried to construct a clear picture. We attempted to follow the timeline of events, but have made some adjustments to keep the flow of the...

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin &lt;= 1.3...

Re-air: What teenagers face growing up online: Lock and Code S04E19

This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internet's youngest users, children. Children have always...

CVE-2023-33929

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin &lt;= 1.3...

CVE-2023-33929

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin &lt;= 1.3...

CVE-2023-33929 WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin &lt;= 1.3...

"An influx of Elons," a hospital visit, and magic men: Becky Holmes shares more romance scams: Lock and Code S04E18

Becky Holmes is a big deal online. Hugh Jackman has invited her to dinner. Prince William has told her she has "such a beautiful name." Once, Ricky Gervais simply needed her photos ("I want you to take a snap of yourself and then send it to me on here...Send it to me on here!" he messaged on...

A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17

"Freedom" is a big word, and for many parents today, it's a word that includes location tracking. Across America, parents are snapping up Apple AirTags, the inexpensive location tracking devices that can help owners find lost luggage, misplaced keys, and--increasingly so--roving toddlers setting...

How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16

Earlier this month, a group of hackers was spotted using a set of malicious tools--that originally gained popularity with online video game cheaters--to hide their Windows-based malware from being detected. Sounds unique, right? Frustratingly, it isn't, as the specific security loophole that was...

Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew

The language of a data breach, no matter what company gets hit, is largely the same. There's the stolen data--be it email addresses, credit card numbers, or even medical records. There are the users--unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into.....

Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia

In the United States, when the police want to conduct a search on a suspected criminal, they must first obtain a search warrant. It is one of the foundational rights given to US persons under the Constitution, and a concept that has helped create the very idea of a right to privacy at home and...

Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13

When you think about the word "cyberthreat," what first comes to mind? Is it ransomware? Is it spyware? Maybe it's any collection of the infamous viruses, worms, Trojans, and botnets that have crippled countless companies throughout modern history. In the future, though, what many businesses...

Trusting AI not to lie: The cost of truth: Lock and Code S04E12

In May, a lawyer who was defending their client in a lawsuit against Columbia's biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit. But when the court reviewed the...

Identity crisis: How an anti-porn crusade could jam the Internet, featuring Alec Muffett: Lock and Code S04E11

On January 1, 2023, the Internet in Louisiana looked a little different than the Internet in Texas, Mississippi, and Arkansas--its next-door state neighbors. And on May 1, the Internet in Utah looked quite different, depending on where you looked, than the Internet in Arizona, or Idaho, or Nevada,....

The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11

Ransomware is becoming bespoke, and that could mean trouble for businesses and law enforcement investigators. It wasn't always like this. For a few years now, ransomware operators have congregated around a relatively new model of crime called "Ransomware-as-a-Service." In the...

Removing the human: When should AI be used in emotional crisis? Lock and Code S03E09

In January, a mental health nonprofit admitted that it had used Artificial Intelligence to help talk to people in distress. Prompted first by a user's longing for personal improvement--and the difficulties involved in that journey--the AI tool generated a reply, which, with human intervention,...

How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09

The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to send....

Solving the password’s hardest problem with passkeys, featuring Anna Pobletts

How many passwords do you have? If you're at all like our Lock and Code host David Ruiz, that number hovers around 200. But the important follow up question is: How many of those passwords can you actually remember on your own? Prior studies suggest a number that sounds nearly...

Riello UPS Restricted Shell Bypass Vulnerability

Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system...

Riello UPS Restricted Shell Bypass

...

"Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06

Becky Holmes knows how to throw a romance scammer off script--simply bring up cannibalism. In January, Holmes shared on Twitter that an account with the name "Thomas Smith" had started up a random chat with her that sounded an awful lot like the beginning stages of a romance scam. But rather than.....

Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05

Government threats to end-to-end encryption--the technology that secures your messages and shared photos and videos--have been around for decades, but the most recent threats to this technology are unique in how they intersect with a broader, sometimes-global effort to control information on the...