- Disable User
- Posts
- The security swindler
Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.Did you know: on the average, we forget 80% of what we learn on any given day?That's why you can use my website to browse through everything I've ever written on here.Since this week it even includes tags for faster look-up. Awesome right?
In this weeks edition:
🚨 The security swindler🧑🍳 Massive malware campaign targeting restaurants delivers the sauce🔥 the quick and dirty
Reading time: 03:35
The security swindler
Netflix, are you reading this?
Let me start off by saying: I'm not into people bashing. But boy, do I love some good ol' fashioned drama.
Last week on Twitter I followed some threads that spoke about Jonathan Scott. Better known by his Twitter handle @jonathandata1.Earlier this year Jonathan claimed to have "reverse engineered" the Bejing 2022 olympics app for Appstore. He found that the app records audio and sends it to a Chinese server.❓ For those unaware, reverse engineering is the deconstruction of an app to find out what it does in detail.Well that sound alarming right? Except his findings weren't backed by anything. People online debunked this completely.After which Jonathan did the responsible thing and... disabled his social media accounts. (can't say he doesn't follow my advice tho)
Know that feeling when you're in bed, ready to go to sleep and make poorly thought out decision of opening Youtube for a "quick five minutes".3 hours later you're balls deep in world war history, and you know the day after is going to suuuuuuuck.
Well..Having never heard about him, I had to do some research. Around 2 am that night I could call myself a Jonathan expert. A quick update;
Jonathan, or JD1, gets famous by these types of endeavors. This isn't his first time doing this, and probably won't be the last time.
He claims to be top dog on Hacker One. Hacker One is a scoreboard for hackers giving them points fortheir bug findings. Well he isn't number one. And he only lists "bugs" filed with the US Dept of defense. Who will also accept a typo as a bug.
He has PhD with a university nobody's ever heard of. Also, it's not a PhD. Also, the school has been sued for defrauding it's students.
Check out this crazy good video for more juicy juicy details.
The last news is; he got kicked out of his universities PhD program (unclear if it's the same university) and is blaming CitizenLab, a human rights movement, for it.
Pegasus case: a researcher dismissed from his University in the United States for denouncing the prevarication of @citizenlab Citizen Lab | @Le360fr
— Jonathan Scott (@jonathandata1)
11:26 PM • Aug 24, 2022
I get a heavy Tinder Swindler vibe here. I hope Netflix contacts me to direct a documentary about him.
Could be brothers too, no?
Let me close off with a statement though, to make it somewhat useful.The reason I wanted to post this, because I also read something about younger boy throwing his messages because they look up to him.That's where it gets really dangerous.In crypto they say "do your own research", but this can applied for far more fields.Always do some due diligence, be open to other opinions.Be careful with idolizing anyone.Except when it's me, your friendly neighborhood security memelord.
Massive malware campaign targeting restaurants delivers the sauce
Alright back to r34l security matters!
At least 50 000 payment cards details were stolen through a credit card skimming attack.Three online ordering platforms; MenuDrive, Harbortouch, and InTouchPOS were targeted by a Magecart attack. Magecart, a general name for hackers focusing on credit card skimming, implemented e-skimmers on those platforms and then where able to infect the point-of-sale devices who upload payment details to criminal sites.
MenuDrive, Harbortouch and InTouchPos aren't the biggest platforms out there. But that what makes them valuable targets for hackers.They don't have the security, nor the resources, the big competitors like Uber Eats have.For those using those platforms, Point-of-sale devices or doing anything with e-payments I'd recommend looking into the PCI DSS standard.
The quick and dirty
Someone buys a Bored Ape, gets scammed out of it two hours later - that reaaaalllllly has to suck. I don't have a clue what I would do or feel when I just got e-mugged for 100k. Then again I don't have a 100K. Win win?
Twitter confirms it is testing a phone number verification badge - after Twitter emailing me last week my phone number might be leaked, how about no?
Does Mark Zuckerberg Not Understand How Bad His Metaverse Looks? - I included this post just to be able to use this meme
Security like I'm five
Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.
So sign up for the newsletter and be enlightened! (don't set the bar too high tho)