This week in InfoSec is a story about a friend to everyone Rant of the Week asks why nobody thought of this before Billy Big Balls is a mid-year 360 review of the Chinese government, by its citizens Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week focuses on Cyber Security Awareness Month
This week in InfoSec (09:48)
With content liberated from the “today in infosec” twitter account and further afield
8th October 2018: Google announced that it exposed the private info of hundreds of thousands of Google+ users between 2015 and 2018, only disclosing it 7 months after discovery because it was reported by The Wall Street Journal. Social network Google+ launched in 2011 and closed in 2019.
Google hid major Google+ security flaw that exposed users’ personal information
https://twitter.com/todayininfosec/status/1711159728552685667
16th October 1983: FBI agents raided homes of "young electronics buffs known as 'hackers'" in 6 states as part of an investigation of unauthorized intrusions into scores of large commercial and DoD computers. These teens included Lord Flathead - real name Tom Anderson, future MySpace founder.
https://twitter.com/todayininfosec/status/1712593589237076056
Rant of the Week (15:44)
Everest cybercriminals offer corporate insiders cold, hard cash for remote access
The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.
In a post at the top of its dark web victim blog, Everest said it will offer a "good percentage" of the profits generated from successful attacks to those who assist in its initial intrusion.
The group also promised to offer partners "full transparency" regarding the nature of each operation, as well as confidentiality about their role in the attack.
Everest is specifically looking for access to organizations based in the US, Canada, and Europe, and would accept remote access by a variety of means including TeamViewer, AnyDesk, and RDP.
Billy Big Balls of the Week (22:23)
Chinese citizens feel their government is doing a fine job with surveillance
Chinese residents are generally comfortable with widespread use of surveillance technology, according to a year-long project conducted by the Australian Strategic Policy Institute (ASPI) and an unnamed non-government research partner.
The project mainly investigated how state surveillance is conducted by Beijing and how the population of the People's Republic of China (PRC) perceives it. For the investigation, the researchers conducted media analysis, and an online survey of over 4,000 Chinese citizens.
Most respondents ranked their trust in central government positively – at an average of 7.3 on a scale out of 10. Businesses received a 6.7 rating. When it came to surveillance – by video, audio or internet activity – roughly half said they were comfortable.
As part of the project, ASPI provided a tool that could be considered quite subversive in China: an interactive website that provided access to uncensored non-Beijing information about deployed surveillance technologies and the agencies that run them. It consisted of five educational modules with quizzes at the end.
The website content was shaped by the survey results and reached over 55,000 users over the course of four months. It covered facial recognition, Wi-Fi probes, DNA surveillance, database management and surveillance cameras.
Industry News (28:08)
AWS to Mandate Multi-Factor Authentication from 2024
Blackbaud Settles Ransomware Breach Case For $49.5m
DNA Tester 23andMe Hit By Credential Stuffing Campaign
MGM Resorts Reveals Over $100M in Costs After Ransomware Attack
Air Europa Asks Customers to Cancel Cards After Breach
US Smashes Annual Data Breach Record With Three Months Left
European Police Hackathon Hunts Down Traffickers
Chinese APT ToddyCat Targets Asian Telecoms, Governments
California Enacts “Delete Act” For Data Privacy
Tweet of the Week (36:01)
