This week in InfoSec proves that 3 years is “a reasonable amount of time” Rant of the Week is a traditional hospital pass Billy Big Balls stretches the cooking analogy to the breaking point Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is proof that there is no such thing as paranoia, someone really is watching you
This week in InfoSec (06:40)
23rd November 2011: KrebsonSecurity reported that Apple took over 3 years to fix the iTunes software update process vulnerability which the FinFisher remote spying Trojan exploited. Evilgrade toolkit author Francisco Amato had reported it to Apple in 2008.
Apple Took 3+ Years to Fix FinFisher Trojan Hole
https://twitter.com/todayininfosec/status/1727687798017106025
12th November 2009: John Matherly announced the public beta launch of Shodan (@shodanhq) - the first search engine for internet-connected devices.
https://twitter.com/todayininfosec/status/1727462790330232951
Rant of the Week (10:51)
Former infosec COO pleads guilty to attacking hospitals to drum up business
An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.
Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics – a provider to healthcare institutions, among others – admitted that in September 2018 he rendered the Ascom phone system of Gwinnett Medical Center inoperable.
Gwinnett Medical Center operates hospitals in Duluth and Lawrenceville and the deliberate disablement of the Ascom phone system meant the main communication line between doctors and nurses was unavailable to them.
More than 200 phones were taken offline, which were used for internal communications, including "code blue" incidents that often relate to cardiac or respiratory emergencies.
Billy Big Balls of the Week (18:52)
UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners
The UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.
At question are advertising cookies, where users should be able to "Accept All" advertising cookies or reject them. Users will still see adverts regardless of their selection, but rejecting advertising cookies means ads must not be tailored to the person browsing.
However, the ICO noted that: "Some websites do not give users fair choices over whether or not to be tracked for personalized advertising." This is despite guidance issued in August regarding harmful designs that can trick users into giving up more personal information than intended.
A few months on, the ICO has upped the ante. It has now given 30 days' notice to companies running many of the UK's most visited sites that they must comply with data protection regulations or face enforcement action.
Industry News (26:16)
Cybersecurity Executive Pleads Guilty to Hacking Hospitals
Regulator Issues Privacy Ultimatum to UK’s Top Websites
Microsoft Launches Defender Bug Bounty Program
Why Ensuring Supply Chain Security in the Space Sector is Critical
British Library: Ransomware Attack Led to Data Breach
North Korea Blamed For CyberLink Supply Chain Attacks
US Seizes $9m From Pig Butchering Scammers
North Korean Software Supply Chain Threat is Booming, UK and South Korea Warn
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
Tweet of the Week (32:28)
