A

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com CST.

B

Clor movement meets awkward reality of Genuine threats QR code parking scams surge in November Man Sen sentenced for Eagle Twin WI Fi attacks Emergency Notification system down after ransomware attack and Microsoft does the biggest own gun own foot of the year with new teams feature this is Cybersecurity Today and I'm your host David Shipley, coming to you from Snowy Frederton. Last week, a new website called hacklore.org launched with an ambitious mission to separate real cybersecurity threats from from what it calls hacklore. The creators argue that hacklore, a blend of hacking and folklore, spreads quickly and confidently, passed down from person to person as if it's hard earned wisdom. But they say most of it isn't grounded in reality and distracts people from the simple, proven steps that actually keep them safe keeping software updated, using strong passwords and pass keys, using a password manager, and enabling multi factor authentication. On the surface, there's a lot to like. The site's opening letter has the signatures of dozens of respected technology and security leaders. And some of the myths they challenge, like juice jacking, the idea that plugging your phone into a public charging port could infect it with malware, are absolutely fair game. There are no documented cases of that ever happening. But here's where things get complicated. Hacklore.org includes QR code threats and public WI fi attacks in that same myth bucket. And that's where the wheels come off. Because unlike juice jacking, attacks involving QR codes and rogue WI fi access points are not hypothetical. They're not urban legends. They are well documented, globally reported, and continuously evolving forms of social engineering. To their credit, hacklore.org acknowledges that social engineering plays a major role in these attacks. But they then wave it all away by saying modern browsers, operating systems and a bit of user caution will stop the threat. Folks, caution starts with awareness, and modern technical controls, as powerful as they may seem, have limits. Think of them like the Death Star in Star massive, impressive and great right up until someone finds the exhaust port. And finding the exhaust port is literally the cybercriminal business model. So while the core message of hacklore.org is good, focusing on the fundamentals, don't get distracted by Hollywood style hacking myths. Dismissing QR code scams and public WI fi attacks as hacklore is not just inaccurate. It's dangerous. It risks leaving people exposed to real world threats that are happening right now. In today's episode, we're going to dig into some of these recent documented cases, from global QR code parking scams to rogue wi fi attacks that led to a prison sentence and a major Microsoft design flaw that proved once again, we can't rely on technology controls alone. Let's get started. In Monaco last week, officials revealed that scammers placed fraudulent QR code stickers on 19 of the principality's 86 parking meters, nearly a quarter of all machines. When motorists scanned the QR codes, they were redirected to malicious websites designed to collect banking details under the guise of legitimate parking payments. Monaco was hit by a similar scheme in October 2024, prompting municipal teams to inspect every parking meter and remove the fake stickers. In Canada earlier this month, the city of Ottawa reported a comparable incident. Officials discovered and removed fake QR code stickers from 51 parking machines across the city. Ottawa police say the stickers redirected users to the fraudulent pay by phone lookalike websites designed to harvest credit card information. This follows similar scams last summer in the Rideau Street, Bywood Market and Vanier areas, where drivers were sent to a spoof payment site with a misleading URL POY by phone spelled P O y instead of pay by phone. Ottawa emphasizes that its own pay and display machines do not use QR codes, and any QR stickers found on the machines should be treated as suspicious. And on a much larger scale, earlier this month, European authorities recently dismantled a global fraud network involved in widespread QR code or cushing attacks. As first reported by the Bureau of Investigative Journalism On November 6, investigators identified a group known as Ather, formerly Link Media, as responsible for placing fake QR codes on public parking infrastructure across the United Kingdom as part of a broader scheme involving thousands of fraudulent websites. Nearly one third of local UK councils or municipalities were affected before the stickers were detected and removed. The European investigation, spanning nine countries, found that these QR code operations were part of a wider criminal enterprise that misused millions of stolen credit card numbers to process fake subscription charges and launder the proceeds. Taken together, these incidents in Monaco, Ottawa and across Europe demonstrate a clear and accelerating pattern. Cybercriminals are increasingly using QR codes as an entry point for payment fraud, exploiting public trust in quick scan technology and targeting high profile things like traffic services. Authorities in all regions continue to advise the same practices. Be cautious of any QR code placed on a parking machine Verify payment methods directly through official apps or posted instructions, and report suspicious stickers or unexpected payment pages immediately. Always treat QR codes in public spaces with caution. That doesn't mean that we're saying all QR codes are unsafe and or that you can't use them, but be cautious based on context. As one global cybersecurity expert told me last week, if a professional, for example, is giving you a presentation and that presentation includes a QR code to give you access to slide materials, they're putting their reputation out there and they're providing their background as context. You can probably trust that that's different than a QR code on public space or arriving in an email you weren't expecting, or now in a package delivered to you that you didn't order. Be careful. An Australian man has been sentenced to seven years and four months in prison for operating a series of evil twin WI Fi attacks targeting travelers during domestic flights at major airports across Australia, bleeping computer reports. According to the Australian Federal Police, the 44 year old set up rogue access points using a portable WI Fi Pineapple device. These access points were configured to mimic the same SSIDs as the legitimate airport WI fi networks, allowing unsuspecting passengers to connect without realizing they were joining a malicious hotspot. Once connected, victims were redirected to phishing web pages designed to steal social media credentials. Investigators say the man used access to those accounts to monitor communications and steal private images and videos, particularly targeting women. A forensic review of seized devices uncovered thousands of intimate images and videos, logging credentials belonging to other people, and multiple copies of fraudulent WI FI login pages. The individual ultimately pleaded guilty to a wide range of offenses, including multiple counts of causing or attempting to cause unauthorized access to restricted data, unauthorized impairment of electronic communication, possessing data with intent to commit a serious offense, stealing, failing to comply with a lawful order, and attempted destruction of evidence. Australian Federal Police Commander Renee Coley warned travelers about the security risks associated with free public WI fi, advising the use of VPNs, strong and unique passwords, and disabling both file sharing and automatic WI FI connections on devices. While evil twin attacks are not commonly reported, police noted they are technically straightforward to conduct and can be difficult for victims to detect, particularly in high traffic environments such as airports. Travelers are urged to treat captive portals with caution and avoid entering any personal or account information when prompted by WI Fi login pages. By the way, airports and others who are listening, please stop asking people to validate themselves legitimately using things like Facebook ID or Google accounts or other things that's literally fueling this kind of attack. Crisis 24 has permanently shut down the unsolved Code Red emergency notification system following a ransomware attack that severely damaged the platform earlier this month, reports cyberscoop. Code Red, a voluntary opt in alerting system used by dozens of law enforcement agencies and municipalities across the United States, has been non operational for roughly two weeks. While the incident disrupted Code Red services, the government run emergency alert system, the national public warning system used by state and local authorities, was not affected, Crisis24 said forensic analysis indicates the attack was contained within the legacy Code Red environment. However, attackers stole data from the platform and and have since leaked personally identifiable information belonging to Code Red users. Compromised data includes names, address, email addresses, phone numbers and passwords. The company urged users who reuse their Code Red passwords on other accounts to change them immediately. Affected agencies have begun notifying their users. Some, including the Douglas County Sheriff's Office in Colorado, say they terminated their contract with Code Red for cause immediately after learning of the breach. Crisis24 said code red was already being rebuilt on a new platform located in a separate environment that was not compromised during the attack. In response to the incident, the company has accelerated customer migration to the new system and initiated a full security audit and third party penetration testing to verify the damage was limited to legacy infrastructure. The company has notified law enforcement and the investigation remains ongoing. No specific threat actor has been formally attributed by Crisis24, but the Inc. Ransomware group claimed responsibility after adding onsolve to its data leak site last week. Crisis24 said it regrets the impact of the attack and remains committed to ensuring customers alerting and notification needs continue to work without interruption. Cybersecurity researchers are warning that Microsoft's team's Guest Access feature creates a serious blind spot that can leave users completely unprotected, even if their home organization relies on Microsoft defender for Office 365. The findings were first published by security researcher Reese Downing. According to the research, when a teams user accepts an invitation to join another organization's tenant as a guest, they effectively leave their own security boundary at that point. All protections, including safe links, safe attachments and Microsoft Defender for Office365 are determined entirely by the hosting tenant, not the user's home organization. This creates a scenario in which attackers can deliberately craft unprotected malicious tenants to lure victims into environments with little or no security controls in place. The warning comes as Microsoft begins rolling out a new Teams feature that allows users to chat with anyone via email, even individuals who don't use teams. The feature is enabled by default and full global availability is expected by January 2026. Recipients receive an email invitation prompting them to join the chat as a guest. Critically, while organizations can disable outgoing invitations using teams messaging policy settings, they cannot prevent users from receiving invitations from from external tenants. This may be the stupidest idea of 2025. The research highlights what it calls a fundamental architectural gap in Microsoft's cross tenant security model. If an attacker sets up a low cost Microsoft 365 tenant such as Teams Essentials or Business Basic, they can host an environment with no defender protections at all. From there, the attacker can send a team's invitation to a target using only the victim's email address. Because the invitation is generated by Microsoft's own infrastructure, it bypasses security email filter controls because it's going to pass spf, dkim and dmarc. Email security tools are unlikely to identify it as suspicious and most likely will be allow listing delivery if the victim accepts the guest invite, communications moves entirely from the attacker controlled tenant. At that point, the attacker can send phishing links or malware laced attachments without any safe links or safe attachment scanning and the victim's organization has no visibility into the attack. Downing notes that the victim's home organization remains completely unaware of since the compromise occurs outside of its security perimeter. Security experts recommend several mitigations, including restricting B2B collaboration settings to allow guest access only from trusted domains, applying cross tenant access controls, disabling external teams communications if it's not business critical, and training users to treat unexpected teams invitations with caution. Microsoft has not commented on the findings. According to the Hacker News report, if this week has shown us anything, it's this. Criminals don't care what security experts call hacklore. They care about what works. QR codes work Evil twin WI FI attacks work Guest tenant exploitation Unless something changes dramatically real quick, it's going to work real well. None of these attacks require Hollywood level sophistication. All of them rely on simple deception, human assumptions and small lapses in vigilance. Technical safeguards matter deeply. We all should be patching often as quickly as possible. We should be using strong multi factor authentication and employing modern operating system protections. But all of these controls have limits. They can be bypassed, they can fail, they can be misconfigured, or as in Microsoft's new teams feature, they can be sidestepped entirely by design. That's why cybersecurity is and always has been and always will be. As long as humans are using technology, a combination of strong controls and properly informed people. We can debunk myths without downplaying real ongoing attacks. We can encourage good cyber hygiene without pretending people are protected from everything automagically by controls that can be defeated. And we can empower the public without telling them to stop worrying about threats that are actually happening. A balanced approach means acknowledging reality. Not all threats are hacklore, not all controls are airtight, and no single layer of defense, human or technical, is ever enough on its own. As the GRUK once said, your threat model is not my threat model. For people to make informed decisions on their threat model, they need real information with context. They don't need to hear that real attacks are myths. They can decide with real information how they want to respond. And it's not about saying never use public wi fi just as much as it's not about saying always trust public wi fi because you've patched your device and you have mfa. It's saying here's what you need to know and why you should be vigilant. David I'm David Shipley and this is Cybersecurity Today. We're always interested in your feedback. I'd love to know your thoughts on hacklore. You can contact us@technewsday.com or leave a comment under the YouTube video. Please help us spread the word about the show. Subscribe, leave a review, and if you like the show, please tell others. We'd love to grow our audience and we need your help. I've been your host David Shipley. Jim Love will be back on Wednesday.

A

We'd like to thank Meter for their support in helping bring you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments and run support. It's a single integrated solution that scales from branch offices, warehouses and large campuses all the way to data centers. Book a demo@meter.com CST that's M E T E R.com CST.

B

It.