Month: January 2020

Enlarge / It may take longer to get your money changed when you travel, since Travelex is doing everything on paper because of a ransomware attack. (credit: iStock Editorial/Getty Images)

In April of 2019, Pulse Secure issued an urgent patch to a vulnerability in its popular corporate VPN software—a vulnerability that not only allowed remote attackers to gain access without a username or password but also to turn off multi-factor authentication and view logs, usernames, and passwords cached by the VPN server in plain text. Now, a cybercriminal group is using that vulnerability to target and infiltrate victims, steal data, and plant ransomware.

Travelex, the foreign currency exchange and travel insurance company, appears to be the latest victim of the group. On New Year's Eve, the company was hit by Sodinokibi ransomware, also known as REvil. The ransomware operators contacted the BBC and said they want Travelex to pay $6m (£4.6m). They also claimed to have had access to Travelex's network for six months and to have extracted five gigabytes of customer data—including dates of birth, credit card information, and other personally identifiable information.

"In the case of payment, we will delete and will not use that [data]base and restore them the entire network," the individual claiming to be part of the Sodinokibi operation told the BBC. "The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."

Enlarge (credit: Spencer Platt/Getty Images)

Progress isn't always positive. Although the occupants of modern cars are undeniably safer in a crash than they would be in models just a few years old, that's not true for people using Shank's pony. Overall, fewer people died on America's roads in 2018 (the last year for which full data is available) than the year before—some 36,600 in total. But concealed within that figure is a big rise in the number of pedestrians who were killed by drivers—6,283 in all, an increase of 3.4 percent on 2017.

Obviously there's no single cause to which we can point. More than three-quarters of pedestrians were killed after dark, and a similar percentage were killed while crossing a road, but Americans' antisocial love for big SUVs needs reckoning with, too. Obviously this is a problem we need to solve. Some US cities have adopted the Vision Zero project, although few have come anywhere near the success of the Norwegians when it comes to shrinking that body count. We could implement far stricter driver training and significantly beef up traffic law enforcement, but only the most naive optimists think there's any actual possibility of that happening any time soon.

Pedestrian detection is increasingly a component of the advanced driver assistance systems that are fitted to some new cars, but independent testing suggests you probably don't want to rely on these to save your life. Meanwhile, some are hoping that another technology can save us through deployment of what's known as Vehicle-to-Pedestrian (V2P). V2P is related to the Vehicle-to-Vehicle communication protocol, a protocol that after 20 years has yet to be deployed and is now the subject of a bitter fight among regulators and interest groups over its allocated 5.9GHz bandwidth. But not all Vehicle-to-whatever communication needs to use dedicated short-range communications (DSRC); in the past we've reported on a compatible cellular approach, called C-V2X.