This week in InfoSec is a story about vice presidential candidates using Yahoo! email Rant of the Week asks where we should draw the line on victims Billy Big Balls asks “won’t somebody think of the poor banks?” Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week queries a recent acquisition
This week in InfoSec (09:32)
With content liberated from the “today in infosec” twitter account and further afield
18th September 2001: The Nimda worm was released. Utilising 5 different infection vectors, it became the most widespread virus/worm after only 22 minutes. $ echo "admin" | rev nimda
https://twitter.com/todayininfosec/status/1703760366688211041
16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan. 2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.
https://twitter.com/todayininfosec/status/1703169477548884296
Rant of the Week (14:55)
[We’re sympathetic of companies who get hacked and what they have to deal with, but there comes a time when they’re repeatedly hacked and you have to ask questions]:
T-Mobile app glitch let users see other people's account info
T-Mobile customers said they could see other peoples' account and billing information after logging into the company's official mobile application.
According to user reports on social media, the exposed information included customers' names, phone numbers, addresses, account balances, and credit card details like the expiration dates and the last four digits.
As first reported by The Verge, some of the customers affected by this issue could see the sensitive information of multiple other people while logged into their own accounts.
While a massive number of reports started surfacing earlier today on Reddit and Twitter, some T-Mobile customers also claimed that they've been experiencing this throughout the last two weeks.
"Reported this issue when it first popped up here on Reddit over 2 weeks ago and sent pics of the other person's info to their security team. No response, but wow, just wow," one customer said.
Nine data breaches since 2018
In May, T-Mobile disclosed the second data breach since the start of 2023 after hundreds of customers had their personal information exposed between late February and March after attackers hacked into the carrier's systems.
In January, the mobile carrier revealed another data breach after the sensitive info of 37 million customers was stolen using one of its Application Programming Interfaces (APIs).
Since 2018, T-Mobile has been hit by seven other data breaches:
Billy Big Balls of the Week (23:31)
Singapore may split liability for phishing losses between banks and victims
Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams.
It is an answer to a common question these days: in a world of rampant payment and transfer scams, who is responsible?
Countries like Australia have also considered shared loss schemes. Meanwhile, the European Commission has proposed a "refund" to victims of certain types of fraud, including authorised push payment scams.
Starting next year, the UK will enforce mandatory reimbursement by banks to scam victims up to one million pounds – with the sending and receiving banks sharing the bill.
Singapore's minister of state Alvin Tan has a different view.
"There are some views that banks can easily absorb losses arising from individual scam cases. However, full restitution without due consideration of culpability is neither fair nor desirable," he told Parliament on Monday.
Industry News (33:01)
Caesars Entertainment Reveals Major Ransomware Breach
Pirated Software Likely Cause of Airbus Breach
TikTok Fined $368m For Child Data Privacy Offenses
Illegal Betting Ring Used Satellite Tech to Get Scoop on Results
Microsoft AI Researchers Leak 38TB of Private Data
Clorox Struggling to Recover From August Cyber-Attack
Threat Actor Claims Major TransUnion Data Breach
Finnish Authorities Shutter Dark Web Drugs Marketplace
International Criminal Court Reveals Security Breach
Tweet of the Week (41:32)
