Paul Konikowski is a contributor to rAVe [PUBS].
My mom called me to tell me about a cyberattack. I can’t make this stuff up. She said that she had recently gone to Stop & Shop, an East-coast grocery chain with more than 300 locations because she needed a cucumber. But they were out of cucumbers. She said they were also very low on […]
I have been working in “tech” for roughly 30 years. I started in IT, then went into live audio, then AV integration, and eventually, cybersecurity. I now engineer secure audiovisual systems, KVMs and video walls for the United States military. One might think my home is full of the latest technologies, that I have smart […]
On Wednesday, June 19, 2024, a ransomware attack launched by a hacking group called BlackSuit took down the operations of approximately 15,000 North American auto retailers. The hackers did not actually attack the individual car dealerships, but rather, they attacked a Software-as-a-Service (SaaS) provider named CDK. The CDK Dealer Management System software handled everything from […]
I’m sure that no one is surprised that artificial intelligence (AI) is the buzzword at Infocomm 2024, but is it secure? And does it work? Let’s dig in. The first session I attended Wednesday at Infocomm 2024 was called “Chat GPT for AV.” The presenter showed how the platform could be used to answer a […]
When I departed Bradley International Airport on Tuesday, the temperature was a cool 70 degrees Fahrenheit. When I landed in Las Vegas 5 hours later, it was about 700 degrees. Okay, it wasn’t 700, but it was 101. I don’t know about you, but I dread this sort of heat. But I am here for […]
The news hit the headlines on a cool, rainy April 2024 morning. I grabbed my sweater. Bitdefender was the first to report the four security vulnerabilities discovered in LG’s WebOS TV operating system, allowing a potential cyber attacker to gain root access to the TV after bypassing the proper authorization. The second paragraph of the […]
In the summer of 2023, a Chinese hacking group tracked as Storm-0558 compromised Microsoft’s cloud, eventually leading to the breach of hundreds of thousands of emails, including those email accounts of U.S. government officials in charge of managing our relationship with China (Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China […]
Back in 2021, I wrote a rAVe column entitled “SecuringAV: The Remote Desktop Attack on a Florida Water Treatment Plant.” In this article, I talked about the different forms of infrastructure being targeted by cyberattacks, and connected the attack on the water treatment plant to similar vulnerabilities in AV systems. I also shared some lessons […]
A few weeks ago, a Swiss newspaper story about “3 million hacked toothbrushes” went viral. I personally shared a link about the distributed denial-of-service (DDoS) attack with my cybersecurity coworkers via Teams message, prompting a number of comments and “Jurassic Park” memes. We all fell for it, but there is very little evidence that this […]
On Oct. 1, 2023, a small percentage of 23AndMe user profile information was improperly accessed and downloaded from individual 23andMe.com accounts on its website. The company found out after an anonymous hacker began advertising “millions” of stolen genetic profiles that were supposedly from 23andMe customer accounts. The profiles included emails, photos, gender, date of birth […]
In my last rAVe column, I summarized some recent cyberattacks on MGM and Caesars’ casinos. In that article, I tried to drop some social engineering science and some lessons learned from Scattered Spider (aka 0ktapus, UNC3944, Starfraud, Scatter Swine, Muddled Libra and most recently, Octo Tempest). I warned #AVtweeps about their aggressive social engineering Tactics, […]
On Sept. 11, 2023, a number of MGM resorts and casinos were simultaneously disrupted by ransomware and data extortion attackers, costing the company $100 million, according to AP News. Caesar’s Entertainment was also attacked, which the Wall Street Journal reported resulted in the company paying roughly half of the $30 million demanded. The resorts and […]
After suffering a major data breach six years ago, you would think that a company like Uber would be ready for more cyberattacks, but here we are. How did we get here? [insert flashback music] It was late 2016. Cyberattackers quietly breached the security perimeter of Uber networks and accessed the personal data of 57 […]
TL;DR Tech giant Samsung suffered two major data breaches this year. It alerted those customers who were affected. Now there’s a class-action lawsuit against the company. On Sept. 6, 2022, a class-action lawsuit was filed against Samsung Electronics America, Inc. (hereinafter “Defendant” and/or “Samsung”). Plaintiff Shelby Harmer and thousands of individuals (hereinafter referred to as […]
In January 2022, cybersecurity researchers at Modzero reported a handful of security vulnerabilities to Owl Labs regarding their 360-degree videoconferencing Meeting Owl, Meeting Owl Pro, Meeting Owl 3, and Whiteboard Owl. Owl Labs has since released patches for these vulnerabilities. (The below is the Meeting Owl 3, as shown at InfoComm 2022.) The security patches […]
What YOU Can Do To Prevent Hackers From Hijacking Your Smart Device’s Microphone For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security. OMG, did you watch the Apple “Unleashed” stream? No, not the […]
What motivates a hacker or group of cyberattackers? The answer is typically money. For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security. The Colonial Pipeline ransomware attack in May of 2021 caused […]
Why did the pipeline get shut down if the hackers only attacked the business end? For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security. By now, most people heard about the Colonial […]
For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security. In my last “SecuringAV” column about the Nashville Christmas morning bombing, I did my best to define what “infrastructure project” meant using the […]
For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure, and cyber-physical security. In my last SecuringAV column about the SolarWinds hack attack, I asked rAVe readers an open-ended question: If extremists think that Big Tech is […]
For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure, and cyber-physical security. While most Americans are still processing the recent attack on the United States Capitol building, many cybersecurity researchers and professionals believe the real […]
So…are we gonna talk about Zoom “being on probation” for 20 years by the FTC, or nah? — Erica Williams (@haircutfw) November 13, 2020 On Nov. 9, 2020, the United States Federal Trade Commission announced a pending settlement with Zoom Video Communications, Inc. According to FTC Matter/File Number: 192 3167, “Zoom Video Communications, Inc. will […]
P.T. Barnum is credited for saying,”There’s no such thing as bad publicity.” You may have heard other variations of this old saying, such as “There’s no such thing as bad press.” Does this apply to recent headlines about Zoom? If you have lost track, I will do my best to summarize and put it all […]