- ByteSize
- Posts
- Treasury Hacked, VW Tracked, and Healthcare's Security Stack(ed)
Treasury Hacked, VW Tracked, and Healthcare's Security Stack(ed)
Starting 2025 with a bang (and several security breaches we need to talk about)...
In partnership with
Receive Honest News Today
Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.
Well, well, well... if it isn't our first newsletter of 2025!
And like your code after holiday break, things are already breaking.
It's January 7th, and on this day in 1963, Ivan Sutherland dropped Sketchpad at MIT faster than Apple discontinues perfectly good ports, revolutionizing how humans interact with computers. Using a light pen and TX-0 computer (basically the Nokia 3310 of mainframes), users could actually draw on screens! Which, in 1963, was like showing a caveman a lighter...
Speaking of things that make you go "wait, what?" let's jump right into some of this year's very first "wait, are you f***ing kidding me" moments…
$9B Later: Healthcare Finally Discovers Passwords Aren't Optional
Remember when we thought Flash websites were the future of the internet? Well, the Department of Health and Human Services just looked at healthcare's cybersecurity and pulled a face that would make Jean-Luc Picard facepalm.
They're proposing new requirements that'll cost the industry about $9 billion in the first year alone – roughly what Jeff Bezos spends on yacht maintenance. But considering healthcare breaches are up 102% since 2019, maybe it's time to stop using "password123" to protect patient data.
The new rules would mandate vulnerability scans, data encryption, multi-factor authentication, and yearly audits. It's like your annual physical, but for your IT infrastructure. And just like your doctor keeps telling you to exercise more, these requirements are probably long overdue.
Deputy National Security Advisor Anne Neuberger points out that hospitals are increasingly forced to operate manually after attacks, which is about as fun as it sounds. When the choice is between $9 billion in security upgrades or paying ransoms to hackers while patients' mental health records pop up on the dark web, suddenly that price tag doesn't seem so bad.
Among Sus: Volkswagen's Location Data Emergency Meeting
In what could be called "Locations Gone Wild: Automotive Edition," Volkswagen managed to expose the location data of about 800,000 electric vehicles. According to the Verge, the data was so precise (within 10 centimeters!) that you could practically count the dust particles on each car's hood.
The leak affected VW, Audi, Seat, and Skoda vehicles globally, with some data even including emails, phone numbers, and addresses of drivers – because why stop at just location data when you can go full "Gotta Leak 'Em All"?
A whistleblower basically slammed the Among Us "Emergency Alert" alarm, tipping off Der Spiegel and the Chaos Computer Club about the vulnerability.
The culprit? VW's software subsidiary Cariad apparently left the door to Amazon's cloud storage wide open. Cariad basically sat there like this – saying there's "no need to take action" since no passwords or payment details were exposed. Because knowing exactly where 800,000 luxury vehicles are at any given time couldn't possibly be a security concern, right?
China’s Latest TikTok Challenge: Hack the Treasury
Chinese Hackers: "Nobody's gonna know..."
Treasury Firewall: "They're gonna know..."
BeyondTrust: "How would they know?"
Everyone on December 8th: "They're gonna know."
Oh, they definitely knew…
Like that TikTok sound living rent-free in your head, Chinese state-sponsored hackers turned the Treasury's security into their own viral moment. Using a "borrowed" security key (about as borrowed as your Netflix password), they pulled off a breach so smooth could've been a TikTok transition . One minute the Treasury's feeling secure, next minute woosh – Chinese hackers are in their systems faster than your mom discovering the front-facing camera.
The breach, according to the New York Times, was discovered on December 8th, when software company BeyondTrust noticed someone had obtained a security key that basically worked like an all-access backstage pass to unclassified documents and Treasury employee workstations.
This comes after their "Salt Typhoon" world tour, where they hit nine U.S. telecom firms. At this point, getting hacked by China is more predictable than TikTok's algorithm – and just about as transparent. The Treasury's now doing damage control faster than players eliminated in Squid Game, but as that sound goes... they knew. They all knew.
⚙️ Tool Time
We recommend Telerik's Fiddler.
The Swiss Army knife of web debugging that makes intercepting HTTP(S) traffic feel less like pissed off Bill O'Reilly and more like this chill guy.
Available for Windows, MacOS, and Linux, Fiddler lets you capture, analyze, modify, and replay web traffic with the ease of someone who actually knows what they're doing. The interface is clean enough that you won't need three monitors and a PhD to understand what's happening with your requests.
Here's why we think it's cool… Fiddler Everywhere (their cross-platform version) supports multiple protocols including HTTP/2 and WebSocket, has extensive rules for traffic modification, and comes with collaboration features that'll make your team actually want to debug together (we know, shocking).
Shoutout to @gr8gonzo for recommending this gem. It's basically the developer equivalent of having X-ray vision for web traffic.
Have a product recommendation to share with the ByteSize community? Tell us here.
👨💻 Job Opportunities
Can you juggle multiple software platforms like a speedrunner managing inventory in Resident Evil 4? If debugging XML is your idea of a good time (weird flex, but okay), this role's got your name written all over it in perfectly validated code.
Must be fluent in both "tech speak" and "human speak" – think of yourself as C-3PO but with better job security. If you can wrangle IT operations while explaining to Karen from accounting that ctrl+alt+delete isn't a magic spell, then this chair has your name on it.
Do you approach validated systems with the same dedication FromSoftware fans have for discovering game lore? If perfectly organized documentation gives you the same zen as ASMR videos, this role's harder to skip than the Game of Thrones intro.
🛩 Industry Moves
HPE Plays "Keep Your Friends Close" With AWS
HPE just let customers run their beefiest server (we're talking 1,920 vCPUs and 32TB of memory!) on AWS, which is like letting your older brother on your couch and then wondering why they're eating all your food.
The move lets customers run massive workloads on AWS infrastructure, but industry analysts are side-eyeing this harder than developers reviewing PHP code. With AWS's history of turning partners into competitors faster than you can say "cloud native," this could be HPE's "It's fine" dog meme moment.
Apple vs Meta: Dawn of Privacy War
The tech giants are fighting in Europe like it's Captain America: Civil War, but instead it's Team Privacy vs Team "Pretty Please Let Us Have All The Data".
Meta made 15 requests for iOS access, which Apple treated like a Nigerian prince's email offer. According to TechCrunch, the battle centers around the EU's Digital Markets Act, with Meta claiming Apple's playing gatekeeper while Apple suggests Meta's requests are about as reasonable as trying to download more RAM. Meanwhile, EU regulators are watching this unfold like it's the season finale of Severance.
Journal Editors Pull a "Rage Against the Machine Learning"
Almost the entire editorial board of the Journal of Human Evolution quit after Elsevier sneakily deployed AI in their editorial process. Oh, that Amsterdam-based sneaky snake! Turns out, replacing human editors with AI works about as well as replacing coffee with sleep – technically possible, but why would you!? (cue: Jackie Chan angrily confused meme)
ByteSize's HUMAN editor note: Yes, I'm here don't worry!
💽 Data Upload
Well folks, that wraps up our first newsletter of 2025.
Here's hoping this year brings fewer security breaches and more innovative solutions. Though given this week's news, maybe we should just invest in carrier pigeons and typewriters…
Enjoyed the news? Discuss over on Experts Exchange.
Got news to share or topics you'd like us to cover? Send 'em our way. We can't wait to hear from you. Really.
And hey... psst... interested in sponsoring ByteSize and reaching a passionate, engaged community of IT professionals across the globe? Reach out here