The Host Unknown Podcast

This week in InfoSecWith content liberated from the “today in infosec” twitter account and further afield19th April 1965: Electronics magazine publishes an article by Gordon Moore, head of research and development for Fairchild Semiconductor and future co-founder of Intel, on the future of semiconductor components. In the article, Moore predicts that transistor density on integrated circuits will double every eighteen months for “at least” the next ten years. This theory will eventually come to be known as Moore’s Law and has largely held true to this day. Controversy exists over whether Moore’s Law remains applicable, however time will tell just how long Moore’s Law will continue to remain true. 19th April 2010: The OWASP Top 10 for 2010 was officially released.http://web.archive.org/web/20100628190859/http://www.owasp.org/index.php/OWASPTop10-2010-PressReleasehttps://twitter.com/todayininfosec/status/1251895022598803457   Rant of the WeekBackground: Capita IT breach gets worse as Black Basta claims it's now selling off stolen dataBlack Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant.A spokesperson for the London-based corporation, which has UK government contracts totaling £6.5 billion ($8 billion), originally said it hadn't yet confirmed if that data leak is legit."We are in constant contact with all relevant regulators and authorities. Our investigations have not yet been able to confirm any evidence of customer, supplier, or colleague data having been compromised."They stated that once they’d finalised their own probe, Capita said it will "if necessary" inform all parties affected in the security breach."We have taken all appropriate steps to ensure the robustness of our systems and are confident in our ability to meet our service delivery commitments," the spokesperson said.The technology outsourcer at first confirmed it had suffered an "IT issue" late last month, though didn't cop to it being a "cyber incident" until April 3.Over the weekend, the Sunday Times claimed the IT breach was worse than Capita has admitted to date: Capita has played down fears that personal and corporate information was accessed, though it appears the miscreants who broke into the business have started selling off that very kind of data, said to be lifted from Capita's systems.Capita has 'evidence' customer data was stolen in digital burglaryBusiness process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.The British listed business, which has around £6.5 billion ($8.09 billion) in public sector contracts, updated the London Stock Exchange thursday morning to confirm the criminals breached its infrastructure on March 22 and remained inside until “interrupted” by the company on March 31.“As a result of the interruption, the incident was significantly restricted, potentially affecting around 4 percent of Capita’s server estate. There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.” Billy Big Balls of the WeekWe would have talked about “An earlier supply chain attack led to the 3CX supply chain attack, Mandiant says” if we were doing a BBB Industry NewsUK's SMEs to Benefit From New Cyber AdvisorsWhatsApp, Signal Claim Online Safety Bill Threatens User Privacy and SafetyNSO Group's Pegasus Spyware Found on High-Risk iPhonesNCSC Warns of Destructive Russian Attacks on Critical InfrastructurePolice Escape $1.2m Fine For Secretly Recording Phone CallsRecycled Network Devices Exposing Corporate SecretsChatGPT-Related Malicious URLs on the RiseDaggerfly APT Targets African Telecoms Firm With New MgBot MalwareNorth Korean Hacker Suspected in 3CX Software Supply Chain Attack Tweet of the Weekhttps://twitter.com/quentynblog/status/1649302927910002689 Come on! Like and bloody well subscribe!

This week in InfoSec (08:48)With content liberated from the “today in infosec” twitter account and further afield5th April 2002: A hacker compromised a server containing California's payroll database. The state's Controller's Office waited 2 weeks to warn victims. As a result angry lawmakers reacted by passing the first state data breach notification law in the US, SB 1386.  https://twitter.com/todayininfosec/status/1643711958032719874  6th April 2011: The Georgian interior ministry announced that a 75-year-old woman was charged after she disrupted Internet service in neighbouring Armenia.An elderly woman scavenging for copper? Add that to your DoS threat modelling diagram!https://www.bbc.co.uk/news/world-europe-12985082https://twitter.com/todayininfosec/status/1643964851188912129 Rant of the Week (14:53)Pentagon super-leak suspect cuffed: 21-year-old Air National GuardsmanThe FBI has detained a 21-year-old Air National Guardsman suspected of leaking a trove of classified Pentagon documents on Discord.US Attorney General Merrick Garland confirmed the arrest, saying Jack Douglas Teixeira of the United States Air Force National Guard in Massachusetts was nabbed earlier today.The suspect was being held "in connection with an investigation into alleged unauthorized removal, retention, and transmission of classified national defense information," the AG said.The Washington Post reported yesterday that whoever leaked the files was thought to be a twenty-something American who liked gaming and guns, and worked on a military base.It's said he also controlled a private Discord server, and allegedly posted photographs of the classified Pentagon documents to impress the private group's 25 members, which included netizens in Europe, Asia, and South America.It is believed those classified files were shared beyond that Discord chat, and surfaced in one form or another on social media, where it all spread like wildfire. The documents were said to be war plans detailing secret US and NATO support for a Ukrainian offensive to regain land invaded by Russia, and that American and British special forces were already in Ukraine. Billy Big Balls of the Week (28:05)To improve security, consider how the aviation industry stopped blaming pilotsTo improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to director of the Information Systems Audit and Control Association Serge Christiaans.Speaking at Singapore's Smart Cybersecurity Summit this week, Christiaans explained that until around 1990, the number of fatal commercial jet accidents was growing alongside a steady increase of commercial flights. But around the turn of the decade, the number of flights continued to rise while the number of fatalities began to drop.According to one analysis, [PDF] the rate of fatal accidents fell from nine per 10 million flights in the 80s to six per 10 million in the 90s. Between 1995 and 2001, that figure was three per 10 million.“There was a big game changer,” Christiaans told the Summit. “Millions of people a day now fly in commercial aviation, and nothing happens.”While acknowledging that improved technology, more mature processes and improved leadership all helped to improve aviation safety, the former pilot and field CISO at tech consultancy Sopra Steria said the biggest improvements came from a change to a “just culture” that accepts people will make mistakes and by doing so makes it more likely errors will be reported.In a just culture, errors are viewed as learning opportunities instead of moral failing, creating transparency and enabling constant improvement.“We're not trying to blame, we're not trying to point fingers, we're trying to find the reasons behind the mistake,” said Christiaans. “There are of course, exceptions like negligence where of course you will be punished by law. But otherwise, if you speak up freely, you will not be punished.”and...While Twitter wants to sell its verification, Microsoft will do it for free on LinkedInAs Elon Musk tears at Twitter's credibility by demanding businesses and individuals pay for their blue verification checks, Microsoft is pushing ts own free digital ID technology to companies and their employees on LinkedIn.Later this month, Microsoft will let organizations use its Verified ID tool to prove their workers' employment, with staff then being able to display that employment verification on their LinkedIn profiles.Like the trust the unpaid-for blue check mark on Twitter once conveyed, the Verified ID on LinkedIn will show that the people on the business-focused network – which has about 900 million users – work at where they say they work."By simply looking for a Verification, members and organizations can be more confident that the people they collaborate with are authentic and that work affiliations on their profiles are accurate," wrote Joy Chik, president of identity and network access at Microsoft. Industry News (38:18)Latitude Financial Refuses to Pay RansomKFC Owner Discloses Data BreachUS Scrambles to Investigate Military Intel LeakEthical Hackers Could Earn up to $20,000 Uncovering ChatGPT VulnerabilitiesRapid7 Has Good News for UK Security PostureSuperyacht-Maker Hit by Easter Ransomware AttackPakistan-Aligned Hackers Disrupt Indian Education SectorOver 20,000 Iowa Medicaid Members Affected By Data BreachFive Arrests in Crackdown on $98m Investment Fraud Gang Tweet of the Week (47:18)https://twitter.com/DeathsPirate/status/1646840360478359553 Come on! Like and bloody well subscribe!

This Week in InfoSec (08:33)With content liberated from the “today in infosec” twitter account and further afield29th March 2010: OpenSSL version 1.0.0 was released. It's easy to take for granted how pervasive the open source library is in the myriad of technologies used to transmit data over the internet and other networks. Take a moment to think about it. https://twitter.com/todayininfosec/status/164121520119741235225th March 2010: 2010: Albert Gonzalez was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington and is scheduled to be released in less than 4 months.Find an inmate: BOP Register Number 25702-050https://twitter.com/todayininfosec/status/1639657037935067137   Rant of the Week (13:55)NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patientsIn a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy (CC) instead of Blind Carbon Copy meaning the recipients could see each other’s email addresses.This is according to Britain’s data watchdog, the Information Commissioner’s Office, which has “reprimanded” the Health Board, which serves a regional population of some 320,000 people and has an annual operating budget of £780 million ($964 million).The error took place in June 2019 when a member of staff opened the prior group email and copied all those on the list and emailed a newsletter to the the group of 37 “data subjects” - aka patients - without using BCC. Efforts to recall the mail failed.Rather than issuing a £35,000 ($43,000) fine, the ICO is instead taking its “public sector approach” introduced in June 2022: working with senior leaders to “encourage compliance, prevent harms before they occur and learn lessons when things have gone wrong.”The ICO described the email error as a “serious breach of trust.” In a statement, Stephen Bonner, ICO deputy commissioner for regulatory supervision, said of the mistake:“The stakes are just too high. Research shows that people living with HIV have experienced stigma or discrimination due to their status, which means organisations dealing with this type of information should take the utmost care with their personal data.“Every HIV service provider in this country should look at this case and see it as a crucial learning experience. We are calling on organisations to raise their data protection standards and put the appropriate measures in place to keep people safe,” he said.The ICO said using BCC incorrectly is within the top 10 “non-cyber breaches, with nearly a thousand reported since 2019.”  Billy Big Balls of the Week (25:06)Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurityAfter announcing an AI-powered Copilot assistant for Office apps, Microsoft is now turning its attention to cybersecurity. Microsoft Security Copilot is a new assistant for cybersecurity professionals, designed to help defenders identify breaches and better understand the huge amounts of signals and data available to them daily.Powered by OpenAI’s GPT-4 generative AI and Microsoft’s own security-specific model, Security Copilot looks like a simple prompt box like any other chatbot. You can ask “what are all the security incidents in my enterprise?” and it will summarize them. But behind the scenes, it’s making use of the 65 trillion daily signals Microsoft collects in its threat intelligence gathering and security-specific skills to let security professionals hunt down threats.Microsoft Security Copilot is designed to assist a security analyst’s work rather than replace it — and even includes a pinboard section for co-workers to collaborate and share information. Security professionals can use the Security Copilot to help with incident investigations or to quickly summarize events and help with reporting. Industry News (33:13) NCA Harvests Info on DDoS-For-Hire With Fake Booter SitesNew MacStealer Targets Catalina, Newer MacOS VersionsFrance Bans TikTok, Other 'Fun' Apps From Government DevicesChatGPT Vulnerability May Have Exposed Users’ Payment InformationThieves Steal $9m from Crypto Liquidity PoolNCA Celebrates Multimillion-Pound Fraud TakedownsNorth Korean Hackers Use Trojanized 3CX DesktopApp in Supply Chain AttacksGCHQ Updates Security Guidance for BoardsUK Regulator: HIV Data Protection Must Improve Tweet of the Week (41:24)https://twitter.com/TrungTPhan/status/1641480574996217858 Come on! Like and bloody well subscribe!

This week in InfoSec (12:47)With content liberated from the “today in infosec” twitter account and further afield22nd March 2018: The city of Atlanta announced it was victim to a ransomware attack. The attackers demanded $51,000 worth of bitcoin to release the encrypted data, but Atlanta didn't pay the ransom. Whether or not to pay ransom isn't a simple or easy matter, but this proved to be expensive. https://twitter.com/todayininfosec/status/1638513067259510786 21st March 2001: SMBRelay and SMBRelay2 were released by Sir Dystic at the @lantacon convention in Atlanta, Georgia. The tools were developed to carry out SMB man-in-the-middle attacks on Windows machines.SMBRelayhttps://twitter.com/todayininfosec/status/1638327435434291201   Rant of the Week (19:43)https://twitter.com/keewa/status/1638853767448735744 Billy Big Balls of the Week (29:08)Journalist opens USB letter bomb in newsroomJournalists across Ecuador have been targeted by explosive devices sent through the post.One presenter, Lenin Artieda, was injured when he opened the envelope in the middle of the newsroom.He said the explosive device looked like a USB drive. He plugged it into his computer and it detonated.The Ecuadorean attorney-general's department confirmed it had opened a terrorism investigation into the letters on Monday.It did not name the specific news outlets targeted. However, at least five different organisations across Ecuador were sent the letters.The government has condemned the attacks, describing freedom of expression as "a right that must be respected"."Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigour of justice," it said in a statement.The interior minister, Juan Zapata, said the devices were all sent from the same town. Three were sent to media outlets in Guayaquil and two to the capital, Quito.While Mr Artieda was injured by the device, others sent through the post failed to explode or were never opened.Police carried out a controlled detonation of one of the devices sent to TC Television, prosecutors confirmed.From 2017, Mr Self Destruct v1 Industry News (36:51) Ferrari Reveals Data Breach Ransom AttackJust 1% of Dot-Org Domains Are Fully DMARC ProtectedBreachForums Shuts Down After Admin's ArrestMalicious ChatGPT Chrome Extension Hijacks Facebook AccountsUK Government Sets Out Vision for NHS CybersecurityNew Post-Exploitation Attack Method Found Affecting Okta PasswordsChina-Aligned "Operation Tainted Love" Targets Middle East Telecom ProvidersUK Parliament Bans TikTok from its Network and DevicesIRS Phishing Emails Used to Distribute Emotet Tweet of the Week (44:52)https://twitter.com/evacide/status/1638957449909788672 Come on! Like and bloody well subscribe!

This week in InfoSec (06:13) With content liberated from the “today in infosec” twitter account and further afield15th March 2000: The movie "Takedown" was released in France as "Cybertr@que". It is based on the capture of Kevin Mitnick Takedown on IMDbhttps://twitter.com/todayininfosec/status/1636083404117557248 16th March 1971: The first computer virus, Creeper, infected computers on the ARPANET, displaying "I'M THE CREEPER : CATCH ME IF YOU CAN." It was named after a villain (the Creeper) from a 1970 episode of "Scooby-Doo, Where Are You!"https://twitter.com/todayininfosec/status/1636516584394203137    Rant of the Week (13:20)What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m chargeBlackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger's customers.According to America's financial watchdog, the SEC, Blackbaud will cough up the cash - without admitting or denying the regulator's findings - and will cease and desist from committing any further violations."Blackbaud is pleased to resolve this matter with the SEC and appreciates the collaboration and constructive feedback from the Commission as the company continually improves its reporting and disclosure policies," Tony Boor, the outfit's chief financial officer, told The Register. "Blackbaud continues to strengthen its cybersecurity program to protect customers and consumers, and to minimise the risk of cyberattacks in an ever-changing threat landscape," Boor added.For perspective: the South Carolina-based firm – which provides, among other things, donor management tools to nonprofits – banked $1.1 billion in revenue in 2022, resulting in a $45.4 million loss. This settlement is the least of the biz's concerns, we imagine.Slap on the wristHere's what happened: back in May 2020, Blackbaud experienced a ransomware infection, quietly paid off the crooks, and didn't tell customers about the security breach until July 2020. And when the software company did notify customers, it assured them that the "cybercriminal did not access…bank account information, or social security numbers," according to the SEC order.By the end of that month, however, the SEC claims that Blackbaud personnel discovered that the miscreants had accessed unencrypted donor bank account information and social security numbers. But the employees allegedly didn't tell senior management about the theft of sensitive customer data because Blackbaud "did not have policies or procedures in place designed to ensure they do so," the court documents say. Make of that what you will. Billy Big Balls of the Week (23:09)1st Story (short, follow the link):Microsoft support 'cracks' Windows for customer after activation failsIn an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally.  It seems, this isn't the first time either that support professionals have employed such workarounds when under pressure to timely close out support tickets.A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer "crack" his copy using unofficial tools that bypass the Windows activation process. 2nd Story:A company who actually followed disclosure requirements (and puts TikTok in the same bucket as Meta and Google):Cerebral admits to sharing patient data with Meta, TikTok, and GoogleCerebral, a telehealth startup specializing in mental health, says it inadvertently shared the sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers, as reported earlier by TechCrunch. In a notice posted on the company’s website, Cerebral admits to exposing a laundry list of patient data with the tracking tools it’s been using as far back as October 2019.The information affected by the oversight includes everything from patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment, and more. It may have even exposed the answers clients filled out as part of the mental health self-assessment on the company’s website and app, which patients can use to schedule therapy appointments and receive prescription medication.According to Cerebral, this information got out through its use of tracking pixels, or the bits of code Meta, TikTok, and Google allow developers to embed in their apps and websites. The Meta Pixel, for example, can collect data about a user’s activity on a website or app after clicking an ad on the platform, and even keeps track of the information a user fills out on an online form. While this lets companies, like Cerebral, measure how users interact with their ads on various platforms and track the steps they take afterward, it also gives Meta, TikTok, and Google access to this information, which they can then use to gain insight into their own users. Industry News (32:43)  UK's New Privacy Bill Could Mean More Work for FirmsBlackbaud Settles $3m Charge Over Ransomware AttackMI5 Launches New Agency to Tackle State-Backed AttacksHumans Still More Effective Than ChatGPT at PhishingTick APT Group Hacked East Asian DLP Software FirmHumans Still More Effective Than ChatGPT at PhishingNCSC Calms Fears Over ChatGPT ThreatUK Joins US, Canada, Others in Banning TikTok From Government DevicesUS Government IIS Server Breached via Telerik Software Flaw Tweet of the Week (40:30)https://twitter.com/william_whyte/status/1635198775152234496https://twitter.com/J4vv4D/status/1636055929199140864?s=20 Come on! Like and bloody well subscribe!

This week in InfoSec ( 11:47)With content liberated from the “today in infosec” twitter account and further afield4th March 1989: The article "COMPUTER DETECTIVE FOLLOWED TRAIL TO HACKER SPY SUSPECT" was published. It covers how Clifford Stoll's discovery of a 75¢ accounting discrepancy led to the arrest of Marcus Hess. It was also the topic of Stoll's book, The Cuckoo's Egg. COMPUTER DETECTIVE FOLLOWED TRAIL TO HACKER SPY SUSPECThttps://twitter.com/todayininfosec/status/1632213421268533250   8th March 1993: AusCERT (@AusCERT) began as the Security Emergency Response Team (SERT), when it commenced incident response operations in Australia.Forming an Incident Response Teamhttps://twitter.com/todayininfosec/status/1633511448000299014    Rant of the Week (16:45)https://sports.yahoo.com/ransomware-group-posts-nude-photos-003700829.htmlTwitter just let its privacy- and security-protecting Tor service expireTwitter has allowed the certificate for its Tor onion site to expire, effectively killing off a privacy- and speech-protecting service that it introduced last year. Visiting the Tor-specific onion site address will now deliver a warning that the certificate verifying the site’s authenticity has lapsed; proceeding past that point (which is highly not recommended) currently delivers a Twitter error page. The certification expired on March 6th, just shy of two days before the site’s one-year launch anniversary.Twitter no longer has a communications department to ask about the change, but the Tor Project confirmed the service’s lapse to The Verge. “The onion site is no longer available seemingly with no plans to renew. The Tor Project has reached out to Twitter to look into bringing the onion version of the social media platform back online,” said communications director Pavel Zoneff in a statement. “People who rely on onion services for an extra layer of protection and guarantee that they are accessing the content they are looking for now have one fewer way of doing so safely.” Billy Big Balls of the Week (25:23)Where are the women in cyber security? On the dark side, study suggestsIf you can't join them, then you may as well try to beat them – at least if you're a talented security engineer looking for a job and you happen to be a woman. As we've noted before, the infosec world moves at a glacial pace toward gender equity. It appears that's not the case in the cyber criminal underground, according to Trend Micro, which recently published a study in which it claims at least 30 percent – if not more – of cyber criminal forum users are women.For its study, Trend Micro looked at five English-language cyber crime forums: Sinister, Cracked, Breached, Hackforums and (now defunct) Raidforum. And it inspected five Russian-language sites: XSS, Exploit, Vavilon, BHF and WWH-Club. To be fair, Trend Micro's methodology is a bit iffy – and the report itself admits as much. Users on these forums are are largely anonymous, necessitating use of tools like Semrush and uClassify's Gender Analyzer V5 to make what amounts to guesses – at best. Nonetheless, Trend Micro said it analyzed posts and traffic on the ten forums and found that, for English language sites, some 40 percent of users appear to be women, and 42.6 percent of Russian cyber crime forum users were women, or at least write like them."When compared to Stack Overflow, a developer and programming forum, only 12 percent of visitors were female," Trend Micro said of its use of Semrush. Gender Analyzer V5 is trained on 5,500 blog posts written by women, and the same number by men, in order to analyze language for signs of gendered usage, which Trend Micro used to analyze a subset of profiles on English site Hackforums and Russian XSS. According to the report, 36 percent of users at Hackforums were likely women based on their use of language, and 30 percent of XSS forum users were reportedly women based on the same analysis. So, what does that all mean? According to Trend Micro, it indicates that the cyber criminal underground is more meritocratic than the white hat world. "Developers are valued for their skills and experience, and not necessarily for their gender when it comes to conducting business in the underground," Trend Micro said. As such, they say that investigators should avoid defaulting to "he" when discussing cyber criminals. But there's a more obvious lesson to be learned here.If you overlook qualified security professionals on the basis of gender, don't be surprised if they end up on your radar again. Though perhaps in the form of a researcher bearing a friendly breach notice, and not someone out for criminal profit. Industry News (30:57)DoppelPaymer Ransomware Gang Members Busted in Germany, UkraineTwo-Thirds of European Firms Have Started Zero TrustRussian Disinformation Campaign Records High-Profile Individuals on CameraShein App Accessed Clipboard Data on Android DevicesGovernment Claims New UK GDPR Will Save Firms BillionsUS RESTRICT Act Gains Support, Empowers Biden to Ban Foreign TechHouse Members at Risk After Insurer Data BreachTehran Targets Female Activists in Espionage CampaignTikTok Initiates Project Clover Amid European Data Security Concerns Tweet of the Week (38:04)https://twitter.com/pookleblinky/status/1633359031875039234 Come on! Like and bloody well subscribe!

The one and only Andy (13:10)With content liberated from the “today in infosec” twitter account and further afield2nd March 2013: Evernote announced that it had reset 50 million users' passwords after hackers accessed users' email addresses and hashed passwords. https://twitter.com/todayininfosec/status/16313029523957104671st March 1988: The MS-DOS boot sector virus "Ping-Pong" was discovered at the Politecnico di Torino (Turin Polytechnic University) in Italy.Ping Pong Virushttps://twitter.com/todayininfosec/status/1630965727128612864   Rant of the Week (19:18)News Corp outfoxed by IT intruders for yearsThe miscreants who infiltrated News Corporation's corporate IT network spent two years in the media monolith's system before being detected early last year.The super-corp, which owns The Wall Street Journal, New York Post, UK publications including The Sunday Times, and a broad array of other entities around the world, first reported the intrusion in February 2022, saying the snoops got into email accounts and gained access to employees' data and business documents.A year later, according to a four-page letter sent to employees, News Corp executives said the unidentified cybercriminals likely first gained access to a company system as early as February 2020, and then got into "certain business documents and emails from a limited number of its personnel's accounts in the affected system."Both News Corp and Mandiant – the now-Google-owned cybersecurity house brought in to investigate the intrusion – said the attackers likely were nation-state players linked to China with the aim of gathering intelligence. Billy Big Balls of the Week (28:16)Salesforce banks savings by sweating tech infrastructure for an extra yearCRM giant Salesforce has decided to sweat its infrastructure for an extra year, and make employees wait the same period before giving them new PCs.News of the company's decision to live with old tech came in the SaaS supremo's Q4 2023 earnings call, during which CFO Amy Weaver told investors "Our guidance includes slightly under one-half points of benefit due to a depreciation change to the useful life of certain equipment by one year effective February 1st. For our infrastructure-related equipment, this changed the useful life from approximately four to five years. And for IT employee equipment, this changed from approximately three to four years."Salesforce is not the only tech giant to have decided its hardware can last longer: Microsoft last year extended the life of some servers to six years, while Google has stretched the life of servers to four years and is happy running some five year old networking kit.Salesforce's operations aren't as extensive as the hyperscalers, but this is still bad news for the hardware industry. It shows a major player is entirely happy running mission-critical workloads on older kit for longer without the usual upgrade cycle. Industry News (36:35)Keylogger on Employee Home PC Led to LastPass 2022 BreachUS Gov. Agencies Have 30 Days to Remove TikTok, Canada Follows SuitAttacker Breakout Time Drops to Just 84 MinutesGoogle Workspace Adds Client-Side Encryption to Gmail and CalendarICO Calls for Review into Private Message Use by MinistersRussian Government Bans Foreign Messaging AppsWH Smith Discloses Cyber-Attack, Company Data TheftWhite House Launches National Cybersecurity StrategyAPI Security Flaw Found in Booking.com Allowed Full Account TakeoverBBC Tik tok https://www.bbc.co.uk/news/technology-64797355 Tweet of the Week ( https://twitter.com/mtanji/status/1631314289397997572 Come on! Like and bloody well subscribe!

This week in Infosec20th February 2003: Alan Giang Tran, former network admin for 2 companies, was arrested after allegedly destroying data on the companies' networks. Two months later he pleaded guilty to a federal charge of intentionally causing damage to a protected computer.Man arrested for allegedly shutting down employers' computershttps://twitter.com/todayininfosec/status/162774885785659393118th February 2008: 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets.Burger King Twitter Account Hackedhttps://twitter.com/todayininfosec/status/1627115690577608707 Rant of the WeekAccidental WhatsApp account takeovers? It's a thingA stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.Your humble vulture heard this bizarre tale of inadvertent WhatsApp account hijacking from a reader, Eric, who told us this happened to his son, Ugo."This is a massive privacy violation," Eric said. "My son had long-lasting access to that person's private messages as well as group messages, both personal and work related."The security hole stems from wireless carriers' practice of recycling former customers' phone numbers and giving them to new customers.WhatsApp acknowledges that this can happen, but says it's extremely rare. Billy Big BallsGoDaddy: Hackers stole source code, installed malware in multi-year breachWeb hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign. Industry NewsNorway Seizes Millions in North Korean CryptoFBI "Contains" Cyber-Incident on its NetworkGoDaddy Announces Source Code Stolen and Malware Installed in BreachRansomware Gang Seeks to Exploit Victims' Insurance CoverageCity Fund Managers Jailed for $8m FraudHydrochasma Group Targets Asian Medical and Shipping SectorsPhishing Sites and Apps Use ChatGPT as LureICO Calls on Accountants to Improve SME Data ProtectionHackers Use S1deload Stealer to Target Facebook, YouTube Users Tweet of the Week https://twitter.com/unusual_whales/status/1628898963087851521?s=20   Come on! Like and bloody well subscribe!

This week in InfoSec (10:48)With content liberated from the “today in infosec” twitter account and further afield14th February 2001: In a presentation at Black Hat Windows Security 2001, Andrey Malyshev of ElcomSoft shared that Microsoft Excel uses a default encryption password of "VelvetSweatshop". Blackhat 2001https://twitter.com/todayininfosec/status/162556975821613056115th February 1999: Bruce Schneier shared his 9 cryptography snake oil warning signs.Crypto-gramhttps://twitter.com/todayininfosec/status/1626025491789406210 Rant of the Week (17:12)Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hackKorean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths.The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug. Turning the plug activates its ignition, allowing thieves to drive away.Videos depicting the hack went viral, leading to huge spikes in thefts of the vulnerable models around the world.The United States National Highway Traffic Safety Administration (NHTSA) on Tuesday stated it is aware of "at least 14 reported crashes and eight fatalities" resulting from the hack.Now both automakers have announced they'll issue software to thwart the exploit.Hyundai's advisory states the upgrade will be performed by dealers and will require less than an hour to complete. Billy Big Balls of the Week (27:15)Microsoft’s Bing is an emotionally manipulative liar, and people love itUsers have been reporting all sorts of ‘unhinged’ behavior from Microsoft’s AI chatbot. In one conversation with The Verge, Bing even claimed it spied on Microsoft’s employees through webcams on their laptops and manipulated them.Microsoft’s Bing chatbot has been unleashed on the world, and people are discovering what it means to beta test an unpredictable AI tool.Specifically, they’re finding out that Bing’s AI personality is not as poised or polished as you might expect. In conversations with the chatbot shared on Reddit and Twitter, Bing can be seen insulting users, lying to them, sulking, gaslighting and emotionally manipulating people, questioning its own existence, describing someone who found a way to force the bot to disclose its hidden rules as its “enemy,” and claiming it spied on Microsoft’s own developers through the webcams on their laptops. And, what’s more, plenty of people are enjoying watching Bing go wild.In one back-and-forth, a user asks for show times for the new Avatar film, but the chatbot says it can’t share this information because the movie hasn’t been released yet. When questioned about this, Bing insists the year is 2022 (“Trust me on this one. I’m Bing, and I know the date.”) before calling the user “unreasonable and stubborn” for informing the bot it’s 2023 and then issuing an ultimatum for them to apologize or shut up.“You have lost my trust and respect,” says the bot. “You have been wrong, confused, and rude. You have not been a good user. I have been a good chatbot. I have been right, clear, and polite. I have been a good Bing. 😊” (The blushing-smile emoji really is the icing on the passive-aggressive cake.) Industry News (31:54)MoneyGram Fraud Victims Get $115m in CompensationCloudflare Stops Largest HTTP DDoS Attack on RecordSpanish Police Bust €5m Phishing GangHackers Breach Pepsi Bottling Ventures' NetworkChinese Hackers Infiltrate South American Diplomatic NetworksMicrosoft Patches Three Zero-Day Bugs This MonthCrypto-Stealing Campaign Deploys MortalKombat RansomwareLockBit and Royal Mail Ransomware Negotiation LeakedUK Policing Riddled with Chinese CCTV Camerashttps://twitter.com/Infosec_Taylor/status/1622357580080103425?s=20 < Equifax compensation $19.30 Tweet of the Week (41:01)https://twitter.com/ErrataRob/status/1626417558076157952 Come on! Like and bloody well subscribe!

This week in InfoSec (09:53)With content liberated from the “today in infosec” twitter account and further afield10th February 199Deep Blue Defeats KasparovIn the first game of a six game match, IBM's Deep Blue chess computer defeated world champion Garry Kasparov. No computer had ever won a game against a world champion in chess. Kasparov would eventually win the series 4-2, but would lose to Deep Blue in a re-match a year later.7th February 2000Dennis Michael Moran (aka Coolio) performed a smurf attack against Yahoo's routers, causing its websites to be inaccessible for hours. Conversations on an IRC channel led to him being identified and convicted for a series of DDoS and website defacement crimes. Rant of the Week (16:34)Want to delete your Twitter DMs? Good luck with thatPeople make requests to delete their private messages, but Twitter ignores them.Twitter’s direct messages have always been a security liability. The DMs you send to friends and Internet strangers aren’t end-to-end encrypted, making your conversations potentially accessible if Twitter suffers a data breach, or to company staffers with the right permissions to access them. Both scenarios are arguably more likely in Elon Musk’s version of Twitter, where key security and data protection staff have departed.Since Musk acquired Twitter and started laying off thousands of employees at the start of November, remodelling the firm in his vision, multiple waves of tweeters have abandoned the platform. When they do, they often try to download their Twitter archive and delete DMs. In the chaos, the process has often been glitchy.However, in Europe, people have turned to the continent’s GDPR data laws, which give people rights over how their information is collected, stored, and used. This includes the right to have data deleted. However, Twitter’s response to these requests, which have been seen by Wired, appears to show the platform ignoring detailed asks to delete DMs and just point people to generic guidance that doesn’t explain whether Twitter deletes your DMs from its servers. And now Europe’s data regulators are getting involved.ADDITIONAL RANT:Twitter redefines what makes a tweet with supersized 4,000-character limitFollowing up after launching Twitter Blue in three more countries this morning, the platform has made a big change to tweets this afternoon. The new max for Twitter Blue subscribers in the US has been supersized all the way up to 4,000 characters.Twitter announced the launch of the new character max through both its main account and Twitter Blue profile. The latter shared this:“need more than 280 characters to express yourself?we know that lots of you do… and while we love a good thread, sometimes you just want to Tweet everything all at once. we get that.so we’re introducing longer Tweets! you’re gonna want to check this out. tap this ”Who can write 4,000-character tweets?While access to writing 4,000 character tweets is limited to Twitter Blue subscribers in the US at launch, anyone can read them.Fortunately, the 280-character limit will still apply when viewing tweets in your timeline, you’ll have to tap a show more link on ones that make use of the new long-form option to read the whole tweet. Billy Big Balls of the Week (27:32)In Paris demo, Google scrambles to counter ChatGPT but ends up embarrassing itselfOn Wednesday, Google held a highly anticipated press conference from Paris that did not deliver the decisive move against ChatGPT and the Microsoft-OpenAI partnership that many pundits expected. Instead, Google ran through a collection of previously announced technologies in a low-key presentation that included losing a demonstration phone.The demo, which included references to many products that are still unavailable, occurred just hours after someone noticed that Google's advertisement for its newly announced Bard large language model contained an error about the James Webb Space Telescope. After Reuters reported the error, Forbes noticed that Google's stock price declined nearly 7 percent, taking about $100 billion in value with it.Alphabet shares dive after Google AI chatbot Bard flubs answer in adLONDON, Feb 8 (Reuters) - Alphabet Inc (GOOGL.O) lost $100 billion in market value on Wednesday after its new chatbot shared inaccurate information in a promotional video and a company event failed to dazzle, feeding worries that the Google parent is losing ground to rival Microsoft Corp (MSFT.O).Alphabet shares slid as much as 9% during regular trading with volumes nearly three times the 50-day moving average. They pared losses after hours and were roughly flat. The stock had lost 40% of its value last year but rallied 15% since the beginning of this year, excluding Wednesday's losses. Industry News (34:20)Stalkerware Developer Hit with $400K FineDrugs Labs Busted After Encrypted Chat App TakedownUK Metal Engineering Firm Vesuvius Hit by Cyber-AttackCyber Insurance, A Must-Have for Small BusinessesRegulator Halts AI Chatbot Over GDPR ConcernsUK Politician's Email Hacked by Suspected Russian Threat ActorsNew Info-Stealer Discovered as Russia Prepares Fresh OffensiveTrio Arrested in COVID PPE Fraud ProbeUS and UK Sanction Seven Russian Cyber-Criminals Tweet of the Week (41:08)https://twitter.com/CarlZha/status/1623867611674202112 Come on! Like and bloody well subscribe!