The Host Unknown Podcast

This week in InfoSec (12:55)With content liberated from the “Today in infosec” Twitter account and further afield11th December 2010: The hacker group Gnosis released the source code for Gawker's website and 1.3 million of its users' password hashes.After a jury found Gawker's parent company liable in a lawsuit filed by Hulk Hogan and awarded him $140 million, Gawker shut down in 2016. https://twitter.com/todayininfosec/status/173421717017376390714th December 2009: RockYou admitted that 32 million users' passwords (stored as plain text) and email addresses were compromised via a SQL injection vulnerability. RockYou's customer notification said "it was important to notify you of this immediately"...10 days after they became aware.https://twitter.com/todayininfosec/status/1735357287147995514   Not really infosec https://x.com/depthsofwiki/status/1735147763447595024?s=20 but 14th Dec 2008 was the infamous Bush shoeing incident. Where Bush ducked the shoes thrown by Al-Zaidi while the Iraqi PM Nouri Al-Maliki tried to parry it.  Rant of the Week (22:10)UK government woefully unprepared for 'catastrophic' ransomware attackThe UK has failed to address the threat posed by ransomware, leaving the country at the mercy of a catastrophic ransomware attack that the Joint Committee on National Security Strategy (JCNSS) yesterday warned could occur "at any moment."The Parliamentary Select Committee reached this conclusion in a scathing report released December 13 that accused the government of failing to take ransomware seriously, and of providing "next-to-no support" to victims of ransomware attacks."There is a high risk that the government will face a catastrophic ransomware attack at any moment, and that its planning will be found lacking," the report concluded. "There will be no excuse for this approach when a major crisis occurs, and it will rightly be seen as a strategic failure."Recent examples of ransomware infections at UK government institutions and critical private infrastructure are not hard to find.Manchester Police, Royal Mail and the British Library have all fallen victim to ransomware attacks since September 2023.In July 2023, the Barts Health NHS Trust hospital group was hit by the BlackCat ransomware gang. The NHS had already been taught a lesson about the vicious power of ransomware in 2017 when multiple Brit hospitals stopped taking new patients, other than in emergencies, after being hobbled by WannaCry.Third-party providers of NHS software systems have been hit as well, taking systems offline and forcing care providers to revert to pen and paper.In short, the situation with ransomware in the UK is already bad, and the JCNSS has predicted things will likely get worse. Billy Big Balls of the Week (29:54)Polish Hackers Repaired Trains the Manufacturer Artificially Bricked.After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.They did DRM to a train. In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it. The fallout from the situation is currently roiling Polish infrastructure circles and the repair world, with the manufacturer of those trains denying bricking the trains despite ample evidence to the contrary. The manufacturer is also now demanding that the repaired trains immediately be removed from service because they have been “hacked,” and thus might now be unsafe, a claim they also cannot substantiate.  Industry News (38:38)EU Reaches Agreement on AI Act Amid Three-Day NegotiationsEuropol Raises Alarm on Criminal Misuse of Bluetooth TrackersWidespread Security Flaws Blamed for Northern Ireland Police Data BreachUK Ministry of Defence Fined For Afghan Data BreachUK at High Risk of Catastrophic Ransomware Attack, Government Ill-PreparedMITRE Launches Critical Infrastructure Threat Model FrameworkMicrosoft Targets Prolific Outlook Fraudster Storm-1152Vulnerabilities Now Top Initial Access Route For RansomwareCozy Bear Hackers Target JetBrains TeamCity Servers in Global Campaign Tweet of the Week (46:06)  https://x.com/WorkRetireDie/status/1732108681087508947?s=20 Come on! Like and bloody well subscribe!

This week in InfoSec (07:51)With content liberated from the “today in infosec” twitter account and further afield5th December 2011: Fyodor reported that CNET's http://Download.com had been wrapping its Nmap downloads in a trojan installer...in order to monetize spyware and adware. CNET quickly stopped, then resumed within days, it affected other downloads, and was a debacle.Download.com Caught Adding Malware to Nmap & Other Softwarehttps://twitter.com/todayininfosec/status/17320738939120478604th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of  compromised records from hundreds of breaches. Search your email addresses for free.https://twitter.com/todayininfosec/status/1731673318560801228     Rant of the Week (13:29)It's ba-ack... UK watchdog publishes age verification proposalsThe UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":Open banking, where a bank confirms a user is over 18 without sharing any other personal information.Mobile network operator (MNO) age check, where the responsibility is shunted onto an MNO content restriction filter that can only be removed if the device user can prove to the MNO that they are over 18.Photo ID matching, where an image of the user is compared to an uploaded document used as proof of age to verify that they are the same person.Credit card checks, where a credit card account is checked for validity – in the UK, credit card holders must be over 18.Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age.It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites. Billy Big Balls of the Week (23:12)WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with PasswordMeta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."Secret Code builds on another feature called Chat Lock that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics.By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted."You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added.The development comes weeks after WhatsApp introduced a "Protect IP Address in Calls" feature that masks users' IP addresses to other parties by relaying the calls through its servers.Industry NewsSellafield Accused of Covering Up Major Cyber BreachesPorn Age Checks Threaten Security and Privacy, Report WarnsUS Federal Agencies Miss Deadline for Incident Response RequirementsDisney+ Cyber Scheme Exposes New Impersonation Attack TacticsPolice Arrest 1000 Suspected Money MulesDeutsche Wohnen Ruling Set to Drive Up GDPR FinesCambridge Hospitals Admit Two Excel-Based Data BreachesGovernments Spying on Apple and Google Users, Says SenatorLiability Fears Damaging CISO Role, Says Former Uber CISO Tweet of the Week https://twitter.com/MalwareJake/status/1732463774949310547 Come on! Like and bloody well subscribe!

This week in InfoSec  (09:40)With content liberated from the “today in infosec” twitter account and further afield24th November 2014: The Washington Post published an article which included a photo of TSA master keys. A short time later functional keys were 3-d printed using the key patterns in the photo. https://twitter.com/todayininfosec/status/172804840445278249726th November 2001: "In an effort to turn the tide in the war on terrorism", Cult of the Dead Cow offered its expertise to the FBI. How did it plan on helping? By architecting a new version of Back Orifice for use by the US federal government."THE CULT OF THE DEAD COW OFFERS A HELPING HAND IN AMERICA'S TIME OF NEED"https://twitter.com/todayininfosec/status/1728998509033238952    Rant of the Week (18:55)Interpol makes first border arrest using Biometric Hub to ID suspectEuropean police have for the first time made an arrest after remotely checking Interpol's trove of biometric data to identify a suspected smuggler.The fugitive migrant, we're told, gave a fake name and phony identification documents at a police check in Sarajevo, Bosnia and Herzegovina, while traveling toward Western Europe. And he probably would have got away with it, too, if it weren't for you meddling kids Interpol's Biometric Hub – a recently activated tool that uses French identity and biometrics vendor Idemia's technology to match people's biometric data against the multinational policing org's global fingerprint and facial recognition databases."When the smuggler's photo was run through the Biometric Hub, it immediately flagged that he was wanted in another European country," Interpol declared. "He was arrested and is currently awaiting extradition."Interpol introduced the Biometric Hub – aka BioHub – in October, and it is now available to law enforcement in all 196 member countries. Billy Big Balls of the Week (27:42)https://www.theregister.com/2023/11/28/cert_in_rti_exemption/India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information (RTI) requests – the nation's equivalent of the freedom of information queries in the US, UK, or Australia.Reasons for the exemption have not been explained, but The Register has reported on one case in which an RTI request embarrassed CERT-In.That case related to India's sudden decision, in April 2022, to require businesses of all sizes to report infosec incidents to CERT-in within six hours of detection. The rapid reporting requirement applied both to serious incidents like ransomware attacks, and less critical messes like the compromise of a social media account.CERT-In justified the rules as necessary to defend the nation's cyberspace and gave just sixty days notice for implementation.The plan generated local and international criticism for being onerous and inconsistent with global reporting standards such as Europe's 72-hour deadline for notifying authorities of data breaches.The reporting requirements even applied to cloud operators, who were asked to report incidents on tenants' servers. Big Tech therefore opposed the plan. Industry News (34:04)Cybersecurity Incident Hits Fidelity National FinancialCybercriminals Hesitant About Using Generative AIGoogle Fixes Sixth Chrome Zero-Day Bug of the YearDeleFriend Weakness Puts Google Workspace Security at RiskOkta Admits All Customer Support Users Impacted By BreachThousands of Dollar Tree Staff Hit By Supplier BreachBooking.com Customers Scammed in Novel Social Engineering CampaignManufacturing Top Targeted Industry in Record-Breaking Cyber Extortion SurgeNorth Korean Hackers Amass $3bn in Cryptocurrency Heists Tweet of the Week (43:12)https://twitter.com/JamesGoz/status/1730498780812767350 Come on! Like and bloody well subscribe!

This week in InfoSec (06:40) 23rd November 2011: KrebsonSecurity reported that Apple took over 3 years to fix the iTunes software update process vulnerability which the FinFisher remote spying Trojan exploited. Evilgrade toolkit author Francisco Amato had reported it to Apple in 2008.Apple Took 3+ Years to Fix FinFisher Trojan Holehttps://twitter.com/todayininfosec/status/172768779801710602512th November 2009: John Matherly announced the public beta launch of Shodan (@shodanhq) - the first search engine for internet-connected devices.https://twitter.com/todayininfosec/status/1727462790330232951   Rant of the Week (10:51)Former infosec COO pleads guilty to attacking hospitals to drum up businessAn Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics – a provider to healthcare institutions, among others – admitted that in September 2018 he rendered the Ascom phone system of Gwinnett Medical Center inoperable.Gwinnett Medical Center operates hospitals in Duluth and Lawrenceville and the deliberate disablement of the Ascom phone system meant the main communication line between doctors and nurses was unavailable to them.More than 200 phones were taken offline, which were used for internal communications, including "code blue" incidents that often relate to cardiac or respiratory emergencies. Billy Big Balls of the Week (18:52) UK's cookie crumble: Data watchdog serves up tougher recipe for consent bannersThe UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.At question are advertising cookies, where users should be able to "Accept All" advertising cookies or reject them. Users will still see adverts regardless of their selection, but rejecting advertising cookies means ads must not be tailored to the person browsing.However, the ICO noted that: "Some websites do not give users fair choices over whether or not to be tracked for personalized advertising." This is despite guidance issued in August regarding harmful designs that can trick users into giving up more personal information than intended.A few months on, the ICO has upped the ante. It has now given 30 days' notice to companies running many of the UK's most visited sites that they must comply with data protection regulations or face enforcement action. Industry News (26:16) Cybersecurity Executive Pleads Guilty to Hacking HospitalsRegulator Issues Privacy Ultimatum to UK’s Top WebsitesMicrosoft Launches Defender Bug Bounty ProgramWhy Ensuring Supply Chain Security in the Space Sector is CriticalBritish Library: Ransomware Attack Led to Data BreachNorth Korea Blamed For CyberLink Supply Chain AttacksUS Seizes $9m From Pig Butchering ScammersNorth Korean Software Supply Chain Threat is Booming, UK and South Korea WarnInfectedSlurs Botnet Resurrects Mirai With Zero-Days Tweet of the Week (32:28)https://twitter.com/MichaelaOkla/status/1721715089970274542 Come on! Like and bloody well subscribe!

6:48 This week in InfoSec  With content liberated from the “today in infosec” twitter account and further afield15th November 1994: The earliest known example of the Good Times email hoax virus was posted to the TECH-LAW mailing list. Variants of the hoax spread for several years. In 1997, Cult of the Dead Cow (cDc) claimed responsibility for initiating the hoax..https://twitter.com/todayininfosec/status/172486786372541262712th November 2012: John McAfee went into hiding because his neighbor, Gregory Faull, was found dead from a gunshot. Belize police wanted him to come in for questioning, but he fled to Guatemala where he was then arrested. He was never charged, though he lost a $25 million wrongful death suit. https://twitter.com/todayininfosec/status/1723790884053938623 11:57 Rant of the WeekClorox CISO flushes self after multimillion-dollar cyberattackThe Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars.  18:15 Billy Big BallsBlackCat plays with malvertising traps to lure corporate victimsAds for Slack and Cisco AnyConnect actually downloaded Nitrogen malwareAlphV files SEC complaintAffiliates of ransomware gang AlphV (aka BlackCat) claimed to have compromised digital lending firm MeridianLink – and reportedly filed an SEC complaint against the fintech firm for failing to disclose the intrusion to the US watchdog.First reported by DataBreaches, the break-in apparently happened on November 7. AlphaV’s operatives claimed they did not encrypt any files but did steal some data – and MeridianLink was allegedly aware of the intrusion the day it occurred. 24:15 Industry newsMPs Dangerously Uninformed About Facial Recognition – ReportCyber-Attack Could Have “Devastating” Impact on Aussie ExportsNCSC: UK Facing “Enduring and Significant” Cyber-ThreatUK Privacy Regulator Issues Black Friday Smart Device WarningUS Government Unveils First AI Roadmap For CybersecurityEuropean Police Take Down $9m Vishing GangBlackCat Ransomware Group Reports Victim to SECRussian Hacking Group Sandworm Linked to Unprecedented Attack on Danish Critical InfrastructureCyber-Criminals Exploit Gaza Crisis With Fake Charity 30:56 Tweet of the Weekhttps://twitter.com/FadzaiVeanah/status/1724825417196904743 Come on! Like and bloody well subscribe!

This Week in InfoSec (05:41) 2002: In response to a report which insinuated Mac is less vulnerable than Windows, Microsoft suggested few focus on discovering Mac vulnerabilities and that products with more customers will have more vulnerabilities reported.https://t.co/WOUUDOB0g6https://x.com/todayininfosec/status/1721895407545143382?s=20 Rant of the Week (11:09)Photos of naked patients and medical records have been posted online by extortionists who hacked a Las Vegas plastic surgery, driving victims to file a lawsuit claiming not enough care was taken to protect their private information.https://www.bitdefender.com/blog/hotforsecurity/women-sue-plastic-surgery-after-hack-saw-their-naked-photos-posted-online/  Billy Big Balls of the Week (20:48)A federal judge on Tuesday refused to bring back a class action lawsuitalleging four auto manufacturers had violated Washington state’s privacy laws by using vehicles’ on-board infotainment systems to record and intercept customers’ private text messages and mobile phone call logs.https://therecord.media/class-action-lawsuit-cars-text-messages-privacy Industry News (29:28) SentinelOne to acquire cybersecurity consulting firm Krebs Stamos GroupNATO allies express support for collective response to cyberattacksCouncil for Scottish islands faces IT outage after ‘incident’Mortgage giant Mr. Cooper using alternative payment options after cyberattackSerbian pleads guilty to running ‘Monopoly’ darknet marketplaceJapan Aviation Electronics says servers accessed during cyberattack Tweet of the Week (42:39)https://twitter.com/j4vv4d/status/1722916507653394575?s=61&t=0s-EyC1T6uSS3Lo_cyqI4w  Come on! Like and bloody well subscribe!

This week in InfoSec  (07:11)With content liberated from the “today in infosec” twitter account and further afield26th October 2006: Christopher Soghoian created a website allowing visitors to generate fake airlines boarding passes. A congressman called for his arrest, his ISP shut down his site, the FBI raided his home, and then the same congressman said DHS should hire him. His career since? Notable.https://twitter.com/todayininfosec/status/171753096622947552324th October 2010: Eric Butler announced Firefox extension Firesheep's release at Toorcon, making HTTP session hijacking on open Wi-Fi trivial. Today >95% of websites have enabled HTTPS and efforts like browser HTTPS-Only mode have largely eliminated the risk. A security industry success! https://twitter.com/todayininfosec/status/1716990537171918976 Rant of the Week (16:00)First Brexit, now X-it: Musk 'considering' pulling platform from EU over probeElon Musk is said to be toying with the idea of withdrawing access to X in the European Union rather than go to the effort of complying with the bloc's Digital Services Act.As The Register reported last week, His Muskiness had a rather public spat on the website with Thierry Breton, EU Commissioner for Internal Market, who was simply reminding social media platforms of their content moderation obligations under the law.This was particularly in light of renewed hostilities between Israel and Hamas, and the potential disinformation campaigns that had begun swirling online. Meta, TikTok, and YouTube were also sent letters."Free speech absolutist" Musk's response was sarcastic and juvenile, the kind of smack talk that would get a teen grounded. It would take a couple of days for the adult in the room, CEO Linda Yaccarino, to get a formal response written.However, by then the EU had indicated that X was now under investigation on account of its designation as Very Large Online Platform under the Digital Services Act, which means it has to follow rules regarding how it handles illegal content among many other things.Since Musk increasingly appears to see obeying the law as optional for him, it would be very unlike the X owner to actually do anything, and whispers out of the company seem to support this.That most watertight of sources, "a person familiar with the matter," told Insider that Musk "has discussed simply removing the app's availability in the region, or blocking users in the European Union from accessing it," much like how Meta's Threads declined to launch in the EU because it was unwilling and/or unable to meet the union's onerous data protection and privacy requirements.Twitter, which was once intensely moderated, has become a wild west of violence, misinformation, disinformation, racism, and hardcore pornography. Many of the website's rules judging what users can and can't post have been screwed up and tossed in the trash. Billy Big Balls of the Week (26:45)‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authoritiesUS and South Korean authorities have updated their guidance on how to avoid hiring North Korean agents seeking work as freelance IT practitionersThousands of North Korean techies are thought to prowl the world’s freelance platforms seeking work outside the Republic. Kim Jong Un’s regime uses the workers to earn hard currency, and infiltrate organizations they work for to steal secrets and plant malware. The FBI has previously warned employers to watch for suspicious behavior such as logging in from multiple IP addresses, working odd hours, and inconsistencies in name spellings across different online platforms.The updated advice adds other indicators that freelancer you are thinking about hiring could be a North Korean plant, including:Repeated requests for prepayment followed by “anger or aggression when the request is denied”;Threats to release proprietary source codes if additional payments are not made;Using a freight forwarder’s address as the destination for a company laptop rather than a home address, and changing that address frequently;Evading in-person meetings or requests for drug tests;Changing payment methods or accounts on freelance-finder platforms;Having multiple online profiles for the same identity with different pictures, or online profiles with no picture.The updated guidance suggests requiring recruitment companies to document their background checking processes, to be sure that they can screen out North Korean stooges. Conducting your own due diligence on workers suggested by recruiters is also recommended. Industry News (33:45)Okta Breached Via Stolen CredentialGenerative AI Can Save Phishers Two Days of WorkAI to Create Demand for Digital Trust Professionals, ISACA Survey FindsAWS: Security Not a Priority For a Third of SMBsHumans Need to Rethink Trust in the Wake of Generative AIUK Parliament Opens Inquiry into Cyber-ResilienceCISA Releases Cybersecurity Toolkit For HealthcareEuropol: Police Must Start Planning For Post-Quantum FutureUK IT Pros Express Concerns About C-Suite’s Generative AI Ambitions NADINE DORRIES: I Googled my name, and learnt all about Big Tech!https://www.dailymail.co.uk/debate/article-12663701/NADINE-DORRIES-Googled-learnt-Big-Tech.htmlhttps://twitter.com/AdamBienkov/status/1716735397802233947“Nadine Dorries, who until last year was in charge of digital regulation in the UK, says tech executives have “big dials” which they deliberately use to “nudge opinion ever leftwards” and suggests this was somehow hidden from her when she met them” Tweet of the Week (41:05)https://twitter.com/gcluley/status/1717433320823218640 Come on! Like and bloody well subscribe!

This week in InfoSec  (09:48)With content liberated from the “today in infosec” twitter account and further afield8th October 2018: Google announced that it exposed the private info of hundreds of thousands of Google+ users between 2015 and 2018, only disclosing it 7 months after discovery because it was reported by The Wall Street Journal. Social network Google+ launched in 2011 and closed in 2019. Google hid major Google+ security flaw that exposed users’ personal informationhttps://twitter.com/todayininfosec/status/171115972855268566716th October 1983: FBI agents raided homes of "young electronics buffs known as 'hackers'" in 6 states as part of an investigation of unauthorized intrusions into scores of large commercial and DoD computers. These teens included Lord Flathead - real name Tom Anderson, future MySpace founder.https://twitter.com/todayininfosec/status/1712593589237076056 Rant of the Week (15:44)Everest cybercriminals offer corporate insiders cold, hard cash for remote accessThe Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.In a post at the top of its dark web victim blog, Everest said it will offer a "good percentage" of the profits generated from successful attacks to those who assist in its initial intrusion.The group also promised to offer partners "full transparency" regarding the nature of each operation, as well as confidentiality about their role in the attack.Everest is specifically looking for access to organizations based in the US, Canada, and Europe, and would accept remote access by a variety of means including TeamViewer, AnyDesk, and RDP. Billy Big Balls of the Week (22:23)Chinese citizens feel their government is doing a fine job with surveillanceChinese residents are generally comfortable with widespread use of surveillance technology, according to a year-long project conducted by the Australian Strategic Policy Institute (ASPI) and an unnamed non-government research partner.The project mainly investigated how state surveillance is conducted by Beijing and how the population of the People's Republic of China (PRC) perceives it. For the investigation, the researchers conducted media analysis, and an online survey of over 4,000 Chinese citizens.Most respondents ranked their trust in central government positively – at an average of 7.3 on a scale out of 10. Businesses received a 6.7 rating. When it came to surveillance – by video, audio or internet activity – roughly half said they were comfortable.As part of the project, ASPI provided a tool that could be considered quite subversive in China: an interactive website that provided access to uncensored non-Beijing information about deployed surveillance technologies and the agencies that run them. It consisted of five educational modules with quizzes at the end.The website content was shaped by the survey results and reached over 55,000 users over the course of four months. It covered facial recognition, Wi-Fi probes, DNA surveillance, database management and surveillance cameras. Industry News (28:08)AWS to Mandate Multi-Factor Authentication from 2024Blackbaud Settles Ransomware Breach Case For $49.5mDNA Tester 23andMe Hit By Credential Stuffing CampaignMGM Resorts Reveals Over $100M in Costs After Ransomware AttackAir Europa Asks Customers to Cancel Cards After BreachUS Smashes Annual Data Breach Record With Three Months LeftEuropean Police Hackathon Hunts Down TraffickersChinese APT ToddyCat Targets Asian Telecoms, GovernmentsCalifornia Enacts “Delete Act” For Data Privacy Tweet of the Week (36:01) https://twitter.com/ireteeh/status/1712408097170325968 Come on! Like and bloody well subscribe!

This week in InfoSec (08:56)With content liberated from the “today in infosec” twitter account and further afield2006: The http://wikileaks.org domain name was registered, though the first document wasn't posted to WikiLeaks until December.Assange taken from Ecuador embassy in April 2019, since been staying at his majesty’s pleasure at Belmarsh.2005: The Samy worm, the first self-propagating cross-site scripting worm, was released onto the mega-popular MySpace by 19-year-old Samy Kamkar (@samykamkarHe's since made numerous impactful security and privacy field contributions. https://en.m.wikipedia.org/wiki/Samy_Kamkarhttps://en.wikipedia.org/wiki/Samy_(computer_worm)The worm itself was relatively harmless; it carried a payload that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page as well as send Samy a friend request. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability.[1]2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault. https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.htmlIt took 960 hours (40 days) between Equifax finding out about the breach and warning the public.  Millions of people’s data in US, UK, and elsewhere stolen.Three Equifax execs sold $1.8 million of stock days after breach discovery Rant of the Week (17:16) https://www.theregister.com/2023/10/04/onedrive_to_acquire_copilot_skills/Microsoft is to overhaul OneDrive in a move that will bring Copilot to the cloud storage service and herd users towards the tool's web interface.Inevitably, Copilot skills are due to arrive in OneDrive. Microsoft hopes these will help users find files and stay organized. Worryingly, in the example given, Copilot can move files around and create folders depending on its interpretation of the user's instructions. What could possibly go wrong? Billy Big Balls of the Week (26:06)EXCLUSIVE A four-hour system interruption in September at the Veterans Affairs Medical Center in Kansas City, Missouri has been attributed to a cat jumping on a technician's keyboard.So we're told by a source, who heard the tale on one of the regular weekday calls held by the US government department with its CIO, during which recent IT problems are reviewed. We understand that roughly 100 people – contractors, vendors, and employees – participate in these calls at a time.On a mid-September call, one of the participants explained that while a technician was reviewing the configuration of a server cluster, their cat jumped on the keyboard and deleted it. Or at least that's their story.Kurt DelBene, assistant secretary for information and technology and CIO at the Department of Veterans Affairs, is said to have responded on the call with words to the effect that: "This is why I have a dog." There was laughter and not much more – it was a short incident report.https://www.theregister.com/2023/10/05/hospital_cat_incident/ Industry News (31:30)Apple Issues Emergency Patches for More Zero-Day BugsRecord Numbers of Ransomware Victims Named on Leak SitesCISA and NSA Tackle IAM Security Challenges in New ReportScammers Impersonate Companies to Steal Cryptocurrency from Job SeekersCritical Glibc Bug Puts Linux Distributions at RiskUS Government Proposes SBOM Rules for ContractorsChina Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft WarnsGoldDigger Android Trojan Drains Victim Bank AccountsLightSpy iPhone Spyware Linked to Chinese APT41 Group Tweet of the Week (40:56)https://twitter.com/infosecmo/status/1709289777973883000?s=61&t=UAjRqPj0iqNyKsG8ZaAiig Come on! Like and bloody well subscribe!

This week in InfoSec (08:45)With content liberated from the “today in infosec” twitter account and further afield25th September 1986: "The Hacker Manifesto" was published by The Mentor (Loyd Blankenship) in issue 7 of the hacker zine Phrack. It was originally titled "The Conscience of a Hacker". Phrack #7https://twitter.com/todayininfosec/status/1706364950623515017  26th September 1988: Time Magazine published the article "Technology: Invasion of the Data Snatchers - A 'virus' epidemic strikes terror in the computer world". The 9 page article is an interesting glimpse into the state of malware risk, response, and fears 35 years ago.Technology: Invasion of the Data Snatchershttps://twitter.com/todayininfosec/status/1706690706863952278 Rant of the Week (13:54) After failing at privacy, again, Google is working to keep Bard chats out of SearchGoogle's Bard chatbot is currently being re-educated to better understand privacy.In July, Bard gained the ability to share conversations with other people using a unique public link. Unfortunately, Google Search has indexed those shared links, making them more widely available and discoverable than Bard patrons might expect.[Open the story and read from there - it’s much easier 🙂]At least such oversights don't happen all that often at Google, which has a 33-page privacy policy [PDF] detailing how much the company values user privacy. Apart from an $100 million biometric privacy settlement with Illinois in April 2022, an $85 million location data settlement with Arizona in October 2022, a $391.5 million privacy settlement in November 2022 with a 40-state coalition of Attorneys General, and $29.5 million to settle location tracking claims in Indiana and Washington DC, you have to back all the way to 2019 – when the FTC settled with Google and YouTube for gathering kids info without consent – to find substantive privacy issues at the 25-year-old search advertising biz.Frankly, the presence of Bard chats in Google Search barely rates on a list of text ads giant's greatest privacy misses, which includes Street View cars collecting sensitive data from Wi-Fi networks and combining its ad data with Google user's personal data. Billy Big Balls of the Week (22:46)China's national security minister rates fake news among most pressing cyber threatsThis story in a meme:Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet – both in terms of attacks and the dissemination of fake news.The new article reiterates Xi Jinping's thoughts on network and cyber power, which boil down to a recognition of the internet's central role in almost all aspects of modern life and the subsequent need for security and governance.In China governance includes restrictions on free speech and detection and deletion of information felt to be incorrect. Or as minister Chen put it, after machine translation: "The internet has increasingly become the source, conductor, and amplifier of various risks. A small incident can become a whirlpool of public opinion. Some rumours can easily turn a 'storm in a teacup' into a 'tornado' in real society."Chen's article rates "increasingly fierce competition between great powers in cyberspace" as the most significant competitive threat China faces in the digital domain. He accused rivals of using "so-called 'risk removal' as an excuse and using ideology as a standard to create technology 'small circles' such as 'Clean Network' and 'Chip Alliance,' and even expanded the use of policy tools such as export controls, security reviews, and restricted exchanges."The minister argues such initiatives are motivated by other nations' desire to cement technology leadership positions and build monopolies, rather than genuine concerns. Industry News (30:07)UK-US Confirm Agreement for Personal Data TransfersUS Government IT Staffer Arrested on Espionage ChargesHalf of Cyber-Attacks Go UnreportedNCSC Launches Cyber Incident Exercise SchemeAttacks on European Financial Services Double in a YearRegulator Warns Breaches Can Cost LivesUS and Japan Warn of Chinese Router AttacksUS Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber-AttacksBooking.com Customers Targeted in Major Phishing Campaign Tweet of the Week (37:51)https://twitter.com/SoVeryBritish/status/1707463344016306453 Come on! Like and bloody well subscribe!