Oops they did it again, on the IT Privacy and Security Weekly Update for the week ending January 20th., 2026.
EP 275
This week, we update you on an "oops" that might have had you in its line of sight.
Security researchers uncovered a major exposure of Flock Safety’s facial-tracking cameras openly livestreaming to the internet, prompting police visits and swift industry backlash.
The FTC has finalized a landmark order requiring General Motors and OnStar to secure explicit consumer consent before monetizing sensitive driving and location data.
The Pentagon quietly acquired a portable pulsed-radio-wave device, containing Russian components, that investigators believe may be connected to the long-mysterious Havana Syndrome incidents.
A sophisticated malware operation has re-emerged, hiding persistent code inside seemingly benign browser extensions to silently track and compromise hundreds of thousands of users.
Researchers have uncovered VoidLink, a highly modular Linux cloud malware framework whose code quality and development speed strongly indicate heavy AI-assisted creation.
A new stealer campaign is targeting developers by delivering Evelyn Stealer through malicious Visual Studio Code extensions, harvesting credentials, crypto wallets, and more.
The European Commission has proposed mandatory rules to exclude high-risk foreign vendors from critical telecom and ICT infrastructure, signaling a major shift toward fortified digital supply-chain security.
Italy’s aggressive data-protection authority, the Garante, faces a high-profile corruption and embezzlement investigation that threatens the credibility of one of Europe’s most active tech regulators.
Microsoft’s latest security update has introduced an unexpected bug that prevents some Windows 11 systems from shutting down or hibernating when Secure Launch is enabled.
Oops, they did it again…
US: What Happened After Security Researchers Found 60 Flock Cameras Livestreaming to the Internet
A YouTuber named Benn Jordan recently discovered serious security flaws in some of Flock Safetys surveillance cameras.
He found that dozens of the company's Condor cameras were livestreaming to the open internet without passwords, allowing anyone to watch, download footage, or access administrative controls.
Reporter Jason Koebler confirmed the issue by locating one of the cameras in California and viewing its live feed remotely.
These Condor cameras are designed to track people, not just vehicles, and can zoom in on faces.
At least 60 cameras across the country were exposed, with no encryption or authentication in place.
Jordan and a security researcher known as GainSec published videos showing how easily they accessed the systems.
They stressed that while they did not alter anything, they could have deleted footage or changed settings.
Jordan described the situation as a widespread industry problem, not an isolated mistake.
After the videos were released, Jordan said he was visited by police and surveilled at his home, while GainSec lost his job.
Jordan said he viewed these outcomes as punishment for responsible security research, not wrongdoing.
He publicly offered to fund further testing of Flocks systems if granted legal permission.
So what's the upshot for you?
Flock Safety denied that the exposed devices reflected its current security standards and promoted its policies publicly, but did not respond to Jordans offer.
US: FTC Orders GM and OnStar to Rein In Driver Data Sales
The US Federal Trade Commission, or FTC, finalized an order over the collection and sale of driving and location data.
GM/OnStar must obtain clear, affirmative consent before sharing sensitive data.
Consumers gain stronger rights to access, delete, and limit use of their data.
Connected cars generate massive amounts of information, where you go, how fast you drive, how hard you brake.
This case makes clear that regulators expect companies to treat that data as deeply personal, not just another revenue stream.
So what's the upshot for you?
You have more control and more leverage over how your driving data is used, but only if you check and manage your vehicle's privacy settings.
US: Pentagon Purchases a Device Allegedly Linked To Havana Syndrome
Since the United States reopened its embassy in Cuba in 2015, a number of personnel have reported a series of debilitating medical ailments, which include dizziness, fatigue, problems with memory, and impaired vision.
For ten years, these sudden and unexplained onsets have been studied with no conclusive evidence one way or the other.
Now comes word that a device, purchased by the Pentagon, has been tested, which may be linked to what is known as Havana Syndrome.
A division of the Department of Homeland Security, Homeland Security Investigations, purchased the device for millions of dollars in the waning days of the Biden administration, using funding provided by the Defense Department, according to two of the sources.
The device acquired by HSI produces pulsed radio waves, one of the sources said, which some officials and academics have speculated for years could be the cause of the incidents.
Although the device is not entirely Russian in origin, it contains Russian components, this person added.
Officials have long struggled to understand how a device powerful enough to cause the kind of damage some victims have reported could be made portable; that remains a core question, according to one of the sources briefed on the device.
The device could fit in a backpack, this person said.
So what's the upshot for you?
One concern now for some officials is that if the technology proves viable, it may have proliferated, several of the sources said, meaning that more than one country could now have access to a device that may be capable of causing career-ending injuries to US (and other) officials.
Global: GhostPoster Malware Campaign Resurfaces in Browser Extensions
Hundreds of thousands of users installed malicious browser extensions.
Malware hid code inside image files and activated after long delays.
Extensions could inject scripts, track users, or weaken security settings.
Browser extensions are powerful, trusted, and often forgotten, making them ideal hiding places for long-term malware campaigns.
So what's the upshot for you?
Once again, we'd like to call out that a quick review and cleanup of browser extensions can eliminate real risk in minutes, with almost no downside.
Just do it.
Global: VoidLink Cloud Malware Shows Clear Signs of Being AI-Generated
A newly discovered Linux malware framework called VoidLink was likely developed with heavy assistance from an AI model.
Check Point Research says the malware combines custom loaders, implants, rootkit modules, and dozens of plugins for advanced functionality.
Researchers found source code, docs, and sprint plans leaked due to operational security mistakes, providing insight into its AI-assisted creation.
Analysis suggests the malware was brought to a functional state in about a week using an AI assistant embedded in a development environment.
Cloud-native malware is shifting the threat landscape by focusing on the infrastructure that runs the apps and data most organizations rely on every day.
VoidLink stands out because it's modular, stealthy, and designed to persist inside Linux cloud servers and container environments, showing how attackers are embracing AI to produce highly capable tools with far fewer developers than before.
So what's the upshot for you?
This doesn't just change what malware looks like; it changes who can build it and how fast.
If you operate or secure cloud infrastructure, assume attackers will increasingly use AI to accelerate malware creation, making continuous monitoring, rapid detection, and zero-trust controls even more critical.
Global: Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Security researchers disclosed a malware campaign that weaponizes malicious Visual Studio Code (VS Code) extensions to install Evelyn Stealer.
The extensions (e.g., BigBlack.bitcoin-black, BigBlack.codo-ai, and BigBlack.mrbigblacktheme) drop a malicious DLL that launches a hidden PowerShell downloader.
The attacker's payload injects the main stealer into a legitimate Windows process (grpconv.exe) and exfiltrates data to a remote FTP server.
Stolen information includes clipboard contents, installed apps, system info, stored Wi-Fi credentials, browser cookies, credentials, and cryptocurrency wallets.
The malware uses anti-analysis techniques and tricks browsers into running in hidden, minimal contexts to avoid detection during credential harvesting.
This campaign highlights how trusted development tools and ecosystems can be hijacked to deliver malware that not only steals sensitive developer and crypto credentials but also leverages legitimate applications to evade detection.
So what's the upshot for you?
If you or your teams use VS Code extensions, especially from third-party sources, treat them with the same scrutiny as any software install: validate publishers, limit extension use to what's necessary, and monitor development workstations for unusual process behavior or unexpected network activity.
EU: EU Plans Cybersecurity Overhaul to Block Foreign High-Risk Suppliers
The European Commission proposed new cybersecurity legislation to remove high-risk suppliers from critical telecommunications and ICT infrastructure.
The move builds on frustrations with the EUs voluntary 5G Security Toolbox and makes controls mandatory.
While no companies are named, officials have previously expressed concerns about Chinese tech firms like Huawei and ZTE.
The proposal expands risk assessments and allows EU-wide actions to restrict equipment based on origin and national security implications.
The broader cybersecurity package also updates the Cybersecurity Act, streamlining certification and boosting ENISAs role in incident reporting and skills training.
Europe is essentially moving from suggested best practices to binding rules about who gets to build the hardware and software that power everything from cell networks to scanners in sensitive infrastructure.
This is part of a larger strategy to reduce dependency on external suppliers that officials deem potentially risky, and to tighten the digital supply chain under a unified security regime.
So what's the upshot for you?
If you work with global technology vendors or supply chains, this signals a shift toward stricter review of vendor origin and risk profile, meaning compliance planning and supplier governance will matter more in future contracts and deployments.
The powerful data privacy watchdog in Italy long known for aggressively policing U.S. and Chinese AI giants is under investigation for possible corruption and embezzlement.
Rome prosecutors are investigating the agencys president, Pasquale Stanzione, and three other board members over alleged excessive spending and possible corruption behind its decisions, Italian news agencies including ANSA as well as the judicial source, who did not wish to be named, said.
Stanzione, when asked by reporters to comment on the investigation, said he was absolutely serene.
The opposition 5-Star Movement said the agency's credibility had been undermined and called for Stanzione to resign.
Stanzione declined to answer when asked repeatedly by reporters whether he would step down.
The data privacy authority, known in Italy as the Garante, is one of the European Union's most proactive regulators in assessing AI platform compliance with the bloc's data privacy regime.
It frequently takes initiatives -- such as requesting information or imposing fines or bans -- on matters affecting high-tech multinationals operating in the country.
So what's the upshot for you?
Well, OK They have not indicted him yet, but this sure echoes a number of Italian movie plots.
Global: Patch Tuesday Update Makes Windows PCs Refuse To Shut Down
A recent Microsoft Patch Tuesday update has introduced a bug in Windows 11 23H2 that causes some PCs to refuse to shut down or hibernate, no matter how many times you try, reports The Register.
In a notice on its Windows release health dashboard, Microsoft confirmed that some PCs running Windows 11 23H2 might fail to power down properly after installing the latest security updates.
Instead of slipping into shutdown or hibernation, affected machines stay stubbornly awake, draining batteries and ignoring shutdown like they have a mind of their own and don't want to experience temporary non-existence.
The bug appears to be tied to Secure Launch, a security feature that uses virtualization-based protections to ensure only trusted components load during boot.
On systems with Secure Launch enabled, attempts to shut down, restart, or hibernate after applying the January patches may fail to complete.
From the user's perspective, everything looks normal -- until the PC keeps running anyway, refusing to be denied life.
Microsoft says that entering the command shutdown /s /t 0 at the command prompt will, in fact, force your PC to turn off, whether it wants to or not.
Until this issue is resolved, please ensure you save all your work, and shut down when you are done working on your device to avoid the device running out of power instead of hibernating, Microsoft said.
So what's the upshot for you?
This one did make us giggle.....but just to make sure it really didn't go to sleep, we stayed up to see who would blink first. Us. And are now completely exhausted!
This week our oopsies included:
What Happened After Security Researchers Found 60 Flock Cameras Livestreaming to the Internet? Revealed how easily surveillance tech can become dangerously exposed when basic security is neglected, and the risk created by poorly managed companies and products.
Connected vehicles are collecting far more personal data than most drivers realize, and regulators are finally holding manufacturers accountable. Take a moment to review your car’s privacy settings; your hot foot is now recognized as sensitive information worth protecting.
A backpack-sized device with Russian components may help explain years of mysterious health attacks on U.S. personnel. If the technology proves real and has already spread, it raises deafening questions about the future vulnerability of diplomats and officials worldwide.
Your browser extensions remain one of the easiest and most persistent ways for malware to hide in plain sight. A quick audit of your installed extensions takes only minutes and can dramatically reduce your exposure to long-term stealth threats.
AI is dramatically lowering the barrier for creating sophisticated, modular cloud-targeting malware. Organizations relying on Linux servers and containers can now treat rapid malware evolution as the new normal and double down on proactive monitoring and zero-trust defenses.
Even trusted developer tools like VS Code can become attack vectors when third-party extensions are poorly vetted. Developers and security teams have to now treat every extension install with the same caution as any other software, verify the source, minimize what’s installed, and … watch for suspicious behavior.
Europe is moving decisively from voluntary guidelines to mandatory rules on who can supply critical telecom and ICT infrastructure. Businesses operating in or with the EU should prepare for stricter vendor-origin scrutiny and stronger supply-chain risk assessments in upcoming contracts. You must have seen this one coming.
One of Europe’s most feared data-protection enforcers now faces serious questions about its own integrity. While the investigation unfolds, it shows that even the strongest regulators can lose credibility when internal governance falters.
A well-intentioned patch Tuesday security patch has created an ironic new headache for some Windows 11 users. If your PC won’t sleep or shut down after the latest update, the command-line workaround is reliable, just save your work first, keep an eye on Microsoft’s fix, and get to bed a little earlier.
And our quote of the week used to describe Jenna Bush Hager (daughter of George W. Bush), being cited for underage drinking for the second time, with her sister Barbara in tow.
Quote: People magazine’s headline read: “Oops! They Did It Again.”
That’s it for this week, stay safe, stay secure, and let’s do it again, in se7en!
Comments
Post a Comment