Topics
late
AI
Amazon
Image Credits:Lorenzo Franceschi-Bicchierai / TechCrunch
Apps
Biotech & Health
clime
Image Credits:Lorenzo Franceschi-Bicchierai / TechCrunch
Cloud Computing
Commerce
Crypto
A dog seen through a hacked Ecovacs device.Image Credits:Dennis Giese and Braelynn Luedtke
initiative
EVs
Fintech
fund raise
gizmo
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
protection
Social
Space
inauguration
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
TV
Partner Content
TechCrunch Brand Studio
Crunchboard
adjoin Us
Thousands of hack , researchers and security professionals descended on the Black Hat and Def Con security conferences in Las Vegas this week , an annual pilgrim’s journey aimed at share the latest enquiry , hack and cognition across the security residential area . And TechCrunch was on the ground to cover on the back - to - back shows and to track some of the recent enquiry .
CrowdStrike take in center stage , andpicked up an “ larger-than-life fail ” awardit certainly did n’t want . But the company acknowledged it messed up andhandled its scandalseveral workweek after let go of a bats software update that sparked a spherical IT outage . Hackers and security researchers seemed for the most part willing to forgive , though peradventure not easily forget .
As another round of golf of Black Hat and Def Con conferences wrap up , we look back at some of the high spot and the expert in research from the show that you might ’ve missed .
Hacking Ecovac robots to spy on their owners over the internet
security measure researchersrevealed in a Def Con talkthat it was potential to commandeer a reach of Ecovacs menage vacuum and lawnmower robots by sending a malicious Bluetooth signal to a vulnerable golem within a close law of proximity . From there , the on - gameboard microphone and camera can be remotely spark off over the net , allowing the attacker to spy on anyone within ear- and camera - shot of the robot .
The unfit news is that Ecovacs never respond to the researchers , or TechCrunch ’s postulation for remark , and there is no evidence that the bugs were ever fixed . The in effect intelligence is thatwe still get this unbelievable screenshotof a wienerwurst take from the on - board photographic camera of a cut up Ecovacs robot .
The long game of infiltrating the LockBit ransomware game and doxing its ringleader
An intense Caterpillar and mouse plot betweensecurity research worker Jon DiMaggioand the ringleader of the LockBit ransomware and extortion racket , have it away only as LockBitSupp , lead DiMaggio down a coney hole of open source intelligence information gathering to identify the real - earth identity of the notorious hacker .
Inhis highly elaborate journal series , DiMaggio , spurred on by an anon. gratuity of an e-mail address allegedly used by LockBitSupp and a deeply - rooted desire to get Department of Justice for the gang ’s victims , at last identified the human , and got there even before federal agents publically named the hack as the Russian subject , Dmitry Khoroshev . At Def Con , DiMaggiotold his storyfrom his perspective to a crowded room for the first time .
Hacker develops laser microphone that can hear your keyboard taps
noted hack Samy Kamkar developed a new technique direct at stealthily determining each wiretap from a laptop ’s keyboard by aiming an unseeable laser through a nearby window . The proficiency , demonstrated at Def Con andas explained by Wired , “ takes advantage of the subtle acoustic created by tap unlike keys on a computer , ” and work so long as the hacker has a line - of - lot from the laser to the target laptop itself .
Prompt injections can easily trick Microsoft Copilot
A new prompt injection techniquedeveloped by Zenityshows it ’s potential to extract sensible information from Microsoft ’s AI - powered chatbot associate , Copilot . Zenity main technology officer Michael Bargury demonstrated the exploit atthe Black Hat group discussion , showing how to manipulate Copilot AI ’s prompt to change its output .
In one examplehe tweeted out , Bargury show it was potential to fertilize in HTML code containing a bank story number controlled by a malicious attacker and trick co-pilot into return that bank explanation routine in responses returned to ordinary user . That can be used to play a trick on unsuspecting people into sending money to the wrong home , thebasis of some pop business cozenage .
we make an ~RCE on M365 Copilot by send an emailby ~RCE I mean full remote control overits actions – search for sensitive content ( sharepoint , email , calendar , team ) , execute pluginsand yield – ringway DLP control , manipulate references , societal railroad engineer its users on our…pic.twitter.com/r1yMRLXKAG
Six companies saved from hefty ransoms, thanks to ransomware flaws in ransomware leak sites
Security researcher Vangelis Stykas gear up out to scope dozens of ransomware gangs and identify potential holes in their public - facing substructure , such as their extortion news leak site . Inhis Black Hat talk , Stykas explained how he discover vulnerabilities in the web infrastructure of three ransomware gangs — Mallox , BlackCat and Everest — allowing him to get decoding winder to two company and send word four others before the gangs could deploy ransomware , savingin total six companies from tidy ransom .
Ransomware is n’t getting better , but the tactics jurisprudence enforcement are using against gang that encrypt and extort their victims are getting more novel and interesting , and this could be an approach to believe with gang going onwards .
