This week in InfoSec is about something leaky Rant of the Week is about trusting the machines with our most sensitive data Billy Big Balls has the dog eating our homework Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week something wonderfully Danish
This week in InfoSec (08:56)
With content liberated from the “today in infosec” twitter account and further afield
2006: The http://wikileaks.org domain name was registered, though the first document wasn't posted to WikiLeaks until December.
Assange taken from Ecuador embassy in April 2019, since been staying at his majesty’s pleasure at Belmarsh.
2005: The Samy worm, the first self-propagating cross-site scripting worm, was released onto the mega-popular MySpace by 19-year-old Samy Kamkar (
He's since made numerous impactful security and privacy field contributions.
https://en.m.wikipedia.org/wiki/Samy_Kamkar
https://en.wikipedia.org/wiki/Samy_(computer_worm)
The worm itself was relatively harmless; it carried a payload that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page as well as send Samy a friend request. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability.[1]
2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.
https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.html
It took 960 hours (40 days) between Equifax finding out about the breach and warning the public. Millions of people’s data in US, UK, and elsewhere stolen.
Rant of the Week (17:16)
https://www.theregister.com/2023/10/04/onedrive_to_acquire_copilot_skills/
Microsoft is to overhaul OneDrive in a move that will bring Copilot to the cloud storage service and herd users towards the tool's web interface.
Inevitably, Copilot skills are due to arrive in OneDrive. Microsoft hopes these will help users find files and stay organized. Worryingly, in the example given, Copilot can move files around and create folders depending on its interpretation of the user's instructions. What could possibly go wrong?
Billy Big Balls of the Week (26:06)
EXCLUSIVE A four-hour system interruption in September at the Veterans Affairs Medical Center in Kansas City, Missouri has been attributed to a cat jumping on a technician's keyboard.
So we're told by a source, who heard the tale on one of the regular weekday calls held by the US government department with its CIO, during which recent IT problems are reviewed. We understand that roughly 100 people – contractors, vendors, and employees – participate in these calls at a time.
On a mid-September call, one of the participants explained that while a technician was reviewing the configuration of a server cluster, their cat jumped on the keyboard and deleted it. Or at least that's their story.
Kurt DelBene, assistant secretary for information and technology and CIO at the Department of Veterans Affairs, is said to have responded on the call with words to the effect that: "This is why I have a dog." There was laughter and not much more – it was a short incident report.
https://www.theregister.com/2023/10/05/hospital_cat_incident/
Industry News (31:30)
Apple Issues Emergency Patches for More Zero-Day Bugs
Record Numbers of Ransomware Victims Named on Leak Sites
CISA and NSA Tackle IAM Security Challenges in New Report
Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers
Critical Glibc Bug Puts Linux Distributions at Risk
US Government Proposes SBOM Rules for Contractors
China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns
GoldDigger Android Trojan Drains Victim Bank Accounts
LightSpy iPhone Spyware Linked to Chinese APT41 Group
Tweet of the Week (40:56)
https://twitter.com/infosecmo/status/1709289777973883000?s=61&t=UAjRqPj0iqNyKsG8ZaAiig
