Hello, welcome to the Tuesday, July 21st, 2020 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

For about the last two years, ever since we sort of originally saw these extortion schemes come out, Rick has been tracking the money

that was made using these scams. Now, in case you don't remember, these are these emails

that claim that someone has compromising material about you, that they used your webcam to record you, and then they

asked for some number of Bitcoins in order to erase that material and not leak it. Now, these

scams have different levels of sophistication and Rick has been tracking the

Bitcoin addresses that we collected that received Bitcoins as part of these scams.

Now we haven't really seen a lot of these lately.

Some of them also switched to Monero, which is more difficult to track.

So Rick is now wrapping this up with final post.

Overall, he did track 568 bitcoins or about $800,000.

And the final $102,000 in Bitcoins were taken out of these accounts earlier in June.

And the security arm of Chinese company Tencent demonstrated an interesting new variation of the

evil charger attack. Now, I always feel that some of the warnings of plugging your device into a public charger

are somewhat overblown, but, well, this new variation of the attack, I think, has some real

potential, but it only affects USB-C.

Now, USB-C is different than USB USBA in the sense that it does everything.

It does high power charging and high speed networking. And also has the ability to dynamically

adjust the charging voltage and current based on negotiating the parameters with a device.

Now, in the usual evil charger attack, the charger is attacking the device that connects to it

in order to charge. This attack sort of takes a different approach. The device connecting

to the charger will actually attack the charger and update the firmware in the charger, which often is not well protected.

...