This week in InfoSec takes us on a trip down Infosec memory lane Rant of the Week takes phoning a friend to a new level Billy Big Balls says you can edit history to your liking Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week gives us applicable wisdom from Sun Tzu
This week in InfoSec (09:07)
With content liberated from the “today in infosec” twitter account and further afield
30th August 1999: The previously unknown group Hackers Unite claimed responsibility for disclosing a vulnerability in Hotmail that granted access to all of its roughly 50 million users' email accounts.
13 years later Microsoft rebranded Hotmail, renaming it Outlook.
https://twitter.com/todayininfosec/status/1300212717656121344
31st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities.
Jennifer Lawrence and Other Celebs Hacked as Nude Photos Circulate on the Web
https://twitter.com/todayininfosec/status/1300537361676283905
Rant of the Week (20:21)
Here's how 5 mobile banking apps put 300,000 users' digital fingerprints at risk
Massive amounts of private data – including more than 300,000 biometric digital fingerprints used by five mobile banking apps – have been put at risk of theft due to hard-coded Amazon Web Services credentials, according to security researchers.
Symantec's Threat Hunter Team said it discovered 1,859 publicly available apps, both Android and iOS, containing baked-in AWS credentials. That means if someone were to look inside the apps, they would have found the credentials in the code, and could potentially have used that to access the apps' backend Amazon-hosted servers and steal users' data. The vast majority (98 percent) were iOS apps.
In all, 77 percent of these apps contained valid AWS access tokens that allowed access to private AWS cloud services, the intelligence team noted in research published today.
Billy Big Balls of the Week (28:45)
Twitter starts testing an edit button, but you have to pay for it
Twitter is now testing its highly requested Edit Tweet feature. After years of memes and jokes, editable tweets will be available to some Twitter Blue subscribers later this month. The feature is currently undergoing “internal testing” and appears to mimic Facebook in its edit style, with a linked edit history for tweets that we saw in leaks earlier this year.
“Tweets will be able to be edited a few times in the 30 minutes following their publication,” according to a Twitter blog post. “Edited Tweets will appear with an icon, timestamp, and label so it’s clear to readers that the original Tweet has been modified.”
Industry News (36:45)
Cryptominer Disguised as Google Translate Targeted 11 Countries
Baker & Taylor's Systems Remain Offline a Week After Ransomware Attack
ICO Pursues Traffic Accident Data Thieves
UK Imposes Tough New Cybersecurity Rules for Telecom Providers
Evil Corp and Conti Linked to Cisco Data Breach, eSentire Suggests
Golang-based Malware Campaign Relies on James Webb Telescope's Image
Microsoft Finds Account Takeover Bug in TikTok
Standards Body Publishes Guidelines for IoT Security Testing
Apple Releases Update for iOS 12 to Patch Exploited Vulnerability
Tweet of the Week (43:42)
