Andy and his deadweight side kicks return for another week with a terribly edited show. This week in InfoSec reminisces about some old-school cyber vandalism Rant of the Week discusses the potential to be added to be accidentally added to a group chat Billy Big Balls laughs at the average 207 day time to detection Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is more distressing news of layoffs
This week in Infosec
20th February 2003: Alan Giang Tran, former network admin for 2 companies, was arrested after allegedly destroying data on the companies' networks. Two months later he pleaded guilty to a federal charge of intentionally causing damage to a protected computer.
Man arrested for allegedly shutting down employers' computers
https://twitter.com/todayininfosec/status/1627748857856593931
18th February 2008: 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets.
Burger King Twitter Account Hacked
https://twitter.com/todayininfosec/status/1627115690577608707
Rant of the Week
Accidental WhatsApp account takeovers? It's a thing
A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.
Your humble vulture heard this bizarre tale of inadvertent WhatsApp account hijacking from a reader, Eric, who told us this happened to his son, Ugo.
"This is a massive privacy violation," Eric said. "My son had long-lasting access to that person's private messages as well as group messages, both personal and work related."
The security hole stems from wireless carriers' practice of recycling former customers' phone numbers and giving them to new customers.
WhatsApp acknowledges that this can happen, but says it's extremely rare.
Billy Big Balls
GoDaddy: Hackers stole source code, installed malware in multi-year breach
Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.
The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.
Industry News
Norway Seizes Millions in North Korean Crypto
FBI "Contains" Cyber-Incident on its Network
GoDaddy Announces Source Code Stolen and Malware Installed in Breach
Ransomware Gang Seeks to Exploit Victims' Insurance Coverage
City Fund Managers Jailed for $8m Fraud
Hydrochasma Group Targets Asian Medical and Shipping Sectors
Phishing Sites and Apps Use ChatGPT as Lure
ICO Calls on Accountants to Improve SME Data Protection
Hackers Use S1deload Stealer to Target Facebook, YouTube Users
Tweet of the Week
https://twitter.com/unusual_whales/status/1628898963087851521?s=20