This week in InfoSec takes us back to the time of Moore computing power Rant of the Week is a “nothing to see here” story from the outsourcers who handle government tech contracts worth billions Billy Big Balls is off the air today Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is musings from an old man
This week in InfoSec
With content liberated from the “today in infosec” twitter account and further afield
19th April 1965: Electronics magazine publishes an article by Gordon Moore, head of research and development for Fairchild Semiconductor and future co-founder of Intel, on the future of semiconductor components. In the article, Moore predicts that transistor density on integrated circuits will double every eighteen months for “at least” the next ten years. This theory will eventually come to be known as Moore’s Law and has largely held true to this day. Controversy exists over whether Moore’s Law remains applicable, however time will tell just how long Moore’s Law will continue to remain true.
19th April 2010: The OWASP Top 10 for 2010 was officially released.
https://twitter.com/todayininfosec/status/1251895022598803457
Rant of the Week
Background: Capita IT breach gets worse as Black Basta claims it's now selling off stolen data
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant.
A spokesperson for the London-based corporation, which has UK government contracts totaling £6.5 billion ($8 billion), originally said it hadn't yet confirmed if that data leak is legit.
"We are in constant contact with all relevant regulators and authorities. Our investigations have not yet been able to confirm any evidence of customer, supplier, or colleague data having been compromised."
They stated that once they’d finalised their own probe, Capita said it will "if necessary" inform all parties affected in the security breach.
"We have taken all appropriate steps to ensure the robustness of our systems and are confident in our ability to meet our service delivery commitments," the spokesperson said.
The technology outsourcer at first confirmed it had suffered an "IT issue" late last month, though didn't cop to it being a "cyber incident" until April 3.
Over the weekend, the Sunday Times claimed the IT breach was worse than Capita has admitted to date: Capita has played down fears that personal and corporate information was accessed, though it appears the miscreants who broke into the business have started selling off that very kind of data, said to be lifted from Capita's systems.
Capita has 'evidence' customer data was stolen in digital burglary
Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.
The British listed business, which has around £6.5 billion ($8.09 billion) in public sector contracts, updated the London Stock Exchange thursday morning to confirm the criminals breached its infrastructure on March 22 and remained inside until “interrupted” by the company on March 31.
“As a result of the interruption, the incident was significantly restricted, potentially affecting around 4 percent of Capita’s server estate. There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”
Billy Big Balls of the Week
We would have talked about “An earlier supply chain attack led to the 3CX supply chain attack, Mandiant says” if we were doing a BBB
Industry News
UK's SMEs to Benefit From New Cyber Advisors
WhatsApp, Signal Claim Online Safety Bill Threatens User Privacy and Safety
NSO Group's Pegasus Spyware Found on High-Risk iPhones
NCSC Warns of Destructive Russian Attacks on Critical Infrastructure
Police Escape $1.2m Fine For Secretly Recording Phone Calls
Recycled Network Devices Exposing Corporate Secrets
ChatGPT-Related Malicious URLs on the Rise
Daggerfly APT Targets African Telecoms Firm With New MgBot Malware
North Korean Hacker Suspected in 3CX Software Supply Chain Attack
Tweet of the Week