Security Concerns with Rogue DHCP Servers and VPN Traffic Rerouting

Security experts talk at length about how to choose a good password - but we don't often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing. In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees' SSN's leaked; new macOS malware called Cuckoo; Ascension Healthcare suffers cyberattack; Proton user's poor OpSec gives him away; TunnelVision VPN attack exploits DHCP feature; Maryland & Vermont pass data privacy laws; tracker detection feature debuts on iPhone & Android. Article Links [BleepingComputer] MediSecure e-script firm hit by ‘large-scale’ data breach https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/ [The Hacker News] CISA Warns of Actively Exploited D-Link Router Vulnerabilities https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html [Ars Technica] How I upgraded my water heater and discovered how bad smart home security can be https://arstechnica.com/gadgets/2024/05/how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be/ [BleepingComputer] Dell API abused to steal 49 million customer records in data breach https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ [infosecurity-magazine.com] 53,000 Nissan Employees' Social Security Numbers Exposed https://www.infosecurity-magazine.com/news/employees-social-security-nissan/ [Tom's Guide] New Cuckoo macOS malware can take over all Macs and steal your passwords https://www.tomsguide.com/computing/malware-adware/new-cuckoo-macos-malware-can-take-over-all-macs-and-steals-your-passwords-too-dont-fall-for-this [Dark Reading] Ascension Healthcare Suffers Major Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack [restoreprivacy.com] Proton Mail Discloses User Data Leading to Arrest in Spain https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/ [Ars Technica] Novel attack against virtually all VPN apps neuters their entire purpose https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ [mullvad.net] Evaluating the impact of TunnelVision https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision [epic.org] Vermont Passes Landmark Data Privacy Bill https://epic.org/vermont-passes-landmark-data-privacy-bill/ [epic.org] Governor Moore Signs Maryland Online Data Privacy Act https://epic.org/governor-moore-signs-maryland-online-data-privacy-act/ [9to5Mac] Here’s how the new Cross-Platform Tracking Detection works https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/ Tip of the Week: How to Choose a PIN https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:34: Update Apple devices, Chrome 0:01:16: A note on supporting Firefox 0:03:48: News preview 0:07:00: MediSecure hit by large-scale data breach 0:09:01: CISA Warns of Actively Exploited D-Link Router Vulnerabilities 0:13:14: How I upgraded my water heater and discovered how bad smart home securi...