10Fold – Security Never Sleeps – 63

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A new sneaky form of malware can be found on USB devices. This week, personal data from thousands of foreign nationals living in Thailand was leaked and appeared on the dark web. Six people have been charged with tampering a lottery terminal to produce more winning tickets. An art gallery is highlighting the intrusive nature of live surveillance cameras by spotting people jaywalking and allowing random people to report her jaywalker.

Dangerous New USB Trojan Discovered – Publication: Dark Reading – Reporter name: Jai Vijayan

The Internet and the growing interconnectedness of networks have made it incredibly easy for threat actors to deliver and propagate malware. But not all cyber threats are Internet-borne. Take USB Thief, new malware sample that researchers at security firm ESET recently discovered.  As its name implies, the malware is completely USB-borne, meaning it spreads exclusively through devices that plug into the USB port of computers.


Data Breach Reveals Expat Details in Thailand – Publication: SecurityWeek – Reporter name: STAFF

The personal details of thousands of foreign nationals living in southern Thailand were briefly leaked online in what the site’s developer admitted Monday was a data breach during a test for police. The gaffe was spotted by social media users late Sunday when a database appeared online containing the names, addresses, professions and passport numbers of more than 2,000 foreigners living in Thailand’s southern provinces.


Cops: Lottery terminal hack allowed suspects to print more winning tickets – Publication: Ars Technica – Reporter name: Dan Goodin

Six people have been charged in what prosecutors say was a scheme to hack Connecticut state lottery terminals so they produced more winning tickets and fewer losing ones. Of tickets generated at one liquor store, for instance, 76 percent were instant winners in one sample and 59 percentin another sample. The state-wide average, meanwhile, was just 24 percent. After manipulating the terminals, the suspects cashed the tickets and took the proceeds, prosecutors alleged.


Turning Live Surveillance Feeds Into Unsettling Works of Art – Publication: Wired – Reporter name: Andy Greenberg

The webcam’s public feed, like thousands of others like it, is accessible to anyone who can find its URL with a Google search. At an art gallery thousands of miles away, a tiny Raspberry Pi computer is streaming the video to a monitor while it analyzes the footage with a simple computer vision algorithm. It instantly snitches, flashing, “WOULD YOU LIKE TO REPORT THE JAYWALKER?” on the screen. If you’re a visitor at this gallery, you’ll face a choice: hit a red button in front of the computer, and it will send a screenshot of the incident in an email to the nearest police precinct, potentially costing her a $42 fine. Or you can let the oblivious lawbreaker go on her way.