With Thom in New York, your favourite host, Andy, and his sidekick, Javvad, bring you unresearched opinions on security news from around the globe. This week in InfoSec takes us back to rioters preferred mode of secure communication Rant of the Week is a some monkey business deja vu Billy Big Balls is a competitive smackdown Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is why you should use Duck Duck Go
This week in InfoSec
With content liberated from the “today in infosec” twitter account and further afield
RIM introduces the BlackBerry. The original BlackBerry devices were not phones, but instead were the first mobile devices that could do real-time e-mail. They looked like big pagers. They way the story goes, the name “BlackBerry” came from the similarity that the buttons on the original device had to the surface of a blackberry fruit. Those crazy Canadians!
The US Supreme Court rules 5-4 that private use of home VCRs to tape TV programs for later viewing does not violate federal copyright laws. This ruling opens the floodgate for VCR sales, changing the landscape of TV watching forever.
Rant of the Week
Mailchimp 'fesses up to second digital burglary in five months
Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack.
This is the second data spill in five months and yet the company, bought by Intuit for $12 billion in September 2021, continues to tell customers – with a straight face – that it takes the "security of users' data seriously."
The latest digital burglary happened on January 11 when the resident security team spotted an "unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," the company blog states.
Billy Big Balls of the Week
Illegal Solaris darknet market hijacked by competitor Kraken
Solaris, a large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked it on January 13, 2022.
The Tor site of Solaris currently redirects to Kraken, while blockchain monitoring experts at Elliptic report no movements in the cryptocurrency addresses associated with the site after January 13, 2022.
Taking down competitors
Solaris was a Russian-speaking platform reportedly affiliated with Killnet, a pro-Kremlin hacktivist group that launched several DDoS attacks against organizations in the western world in 2022.
Elliptic has traced several donations from Solaris to Killnet, amounting to more than $44,000 worth of Bitcoin. The DDoS group presumably used this money to purchase more firepower for launching disruptive attacks.
In December 2022, Ukrainian cyber-intelligence analyst Alex Holden claimed to have breached Solaris and stolen $25,000, which was donated to a humanitarian charity in Ukraine.
While Solaris disputed the claims about the hack and called out the lack of evidence, Holden later released more details and leaked source code and databases allegedly associated with the marketplace.
On Friday, January 13, 2023, Kraken announced they had taken over Solaris' infrastructure, GitLab repository, and all project sources, thanks to "several huge bugs in the code."
Kraken's statement claims that it took them three days to steal the clear text passwords and keys stored in Solaris' servers, access its infrastructure located in Finland, and then download everything without anyone stopping them.
Finally, the attackers said they disabled Solaris' Bitcoin server, which aligns with Elliptic's observations in the blockchain.
European Businesses Admit Major Privacy Skills Gap
Nissan Supplier Leaked Data on Thousands of Customers
ChatGPT Creates Polymorphic Malware
1000 Shipping Vessels Impacted by Ransomware Attack
Over Four Billion People Affected By Internet Censorship in 2022
FTX: Over $400m Stolen from Bankrupt Exchange
Mailchimp Hit By Another Data Breach Following Employee Hack
ThreatModeler Makes DevSecOps More Accessible With New Marketplace
Roaming Mantis' Hacking Campaign Adds DNS Changer to Mobile App
Tweet of the Week
These are the Google searches Brian Walshe made before and after killing his wife Ana Walshe, according to prosecutors