This week in InfoSec reminds us of Yahoo!’s history of backing the underdog Rant of the Week talks about the latest goings on at “Hackspace” Billy Big Balls makes the case for communism Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is TBC
This week in InfoSec (09:44)
With content liberated from the “today in infosec” twitter account and further afield
15th December 1995: AltaVista Launches
Developed by researchers at Digital Equipment Research Laboratories, the AltaVista search engine is launched. It was the first world wide web search service to gain significant popularity. One of the most popular search engines in the early world wide web, Google didn’t overtake AltaVista until 2001. AltaVista was eventually purchased by Yahoo! in 2003.
11th December 1989: Joseph Lewis Popp allegedly mailed floppy disks to the UK which were labelled "AIDS Information Introductory Diskette". Surprise! The AIDS trojan on the disks demanded $189 to "renew the licence" by sending payment to a post office box in Panama.
Rant of the Week (17:02)
Internal Note: [You’ll need to read this story first for background if you’re not familiar - Rackspace confirms ransomware attack behind days-long email meltdown]
On the 12th day of the Rackspace email disaster, it did not give to me …
… a working Exchange inbox tree
There's no end – or restored data – in sight for some Rackspace customers now on day 12 of the company's ransomware-induced hosted Exchange email outage.
In the service provider's most recent update, posted at 0844 Eastern Time on Wednesday, Rackspace said it had hired CrowdStrike to investigate the fiasco, and noted it continues "to make all of our internal and external resources available to provide support to the remaining Hosted Exchange customers."
Rackspace did not, however, say if or when it expects to recover people's data that was lost or scrambled when ransomware hit its systems – an attack that took down some of Rackspace's hosted Microsoft Exchange services on December 2. Since then, affected customers have been unable to get at their data held in the hosted service.
"We understand how important data recovery is to our customers," Rackspace wrote. "In ransomware attacks, data recovery efforts do necessarily take significant time, both due to the nature of the attack and need to follow additional security protocols. We will continue to keep you updated on these efforts."
Billy Big Balls of the Week (27:19)
SEC charges crew of social media influencers with $100m fraud
Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission (SEC) and Department of Justice (DoJ), who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in "fraudulent profits."
The suspects, all men in their twenties and thirties, were charged with conspiracy to commit securities fraud in connection with a long-running, social media-based "pump and dump" scheme, a recently unsealed Texas federal grand jury indictment [PDF] and an SEC complaint [PDF] revealed.
The SEC alleged the suspects used Twitter and Discord to manipulate exchange-traded stocks in a $100 million securities fraud scheme, detailing some pretty amusing excerpts from exchanges it claims took place between individuals in the group.
We're robbing f*cking idiots of their money. . .
The commission claimed the defendants sometimes discussed their scheme over Discord voice chats that they "believed were private, but which were in fact being recorded."
Here's something communism is good at: Making smartphones less annoying
This week the kings of the Middle Kingdom issued directives to address some of the biggest annoyances associated with smartphones applications: copycat apps and bloatware.
On Monday the Cyberspace Administration of China (CAC) launched a campaign it said would "rectify chaos" in smartphone apps by cracking down on several behaviors such as publication of "copycat apps" that use logos, pictures or text similar to existing apps to deceive users and potentially collect personal data and app subscription fees.
The CAC also also plans to rectify dodgy ranking practices, and apps that lure people in with sexually suggestive or vulgar home pages. Apps distributed by QR code, rather than through app stores, are also in trouble.
But wait, there's more! CAC will prevent auto downloads or installations without user consent. Apps that misrepresent their function or content are in the firing line as well.
As are apps that tempt users with promises of making money.
Excessive pop-ups, functions that serve as an obstacle to removing apps or forced renewals, and fake free trials are all on their way out.
In the usual style of the CAC, the regulator did not specify how it would accomplish its goals, instead using phrases like "severely punish," "strictly regulate," and "crack down."
Given the Authoritarian nature of the regime, though, these terms should be taken pretty much at face value.
Industry News (35:12)
North Korean Hackers Impersonate Researchers to Steal Intel
HSE Cyber-Attack Costs Ireland $83m So Far
Security Overlooked in Rush to Hybrid Working
Experts Warn ChatGPT Could Democratize Cybercrime
Uber Hit By New Data Breach After Attack on Third-Party Vendor
Twitter Addresses November Data Leak Claims
Signed Microsoft Drivers Used in Attacks Against Businesses
Loan Scam Campaign 'MoneyMonger' Exploits Flutter to Hide Malware
Senate Approves Bill Banning TikTok From US Government Devices
Tweet of the Week (44:05)