This week in InfoSec is a creepy crawly story of bugs as old as time Rant of the Week is evidence of party games darker side Billy Big Balls is pumping and dumping Industry News is the latest and greatest security news stories from around the world And Tweet of the Week is shocking evidence that UK adverts are not the best
This week in InfoSec (13:28)
With content liberated from the “today in infosec” twitter account and further afield
5th November 1993: Bugtraq was created by Scott Chasin as a full disclosure vulnerability reporting mailing list at the dawn of the World Wide Web. Bugtraq had an enormous influence on how orgs responded to vuln disclosure and paved the way for a shift which led to bug bounty programs.
https://twitter.com/todayininfosec/status/1853799779626578186
5th November 2007: Google introduces the Android platform, its mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.
https://thisdayintechhistory.com/11/05/android-introduced/
Rant of the Week (18:54)
Voted in America? This Site Doxed You
If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people.
Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process—simply voting—into a security and privacy threat.
Billy Big Balls of the Week (27:09)
Schneider Electric ransomware crew demands $125k paid in baguettes
https://www.theregister.com/2024/11/05/schneider_electric_cybersecurity_incident/
Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.
And yes, you read that right: payment in baguettes. As in bread.
Schneider Electric declined to answer The Register's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency.
A spokesperson, however, emailed us the following statement:
"Schneider Electric is investigating a cybersecurity incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilised to respond to the incident. Schneider Electric's products and services remain unaffected."
Industry News (33:18)
Google Cloud to Mandate Multifactor Authentication by 2025
IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks
Defenders Outpace Attackers in AI Adoption
UK Cybersecurity Wages Soar Above Inflation as Stress Levels Rise
NCSC Publishes Tips to Tackle Malvertising Threat
Canada Orders Shutdown of Local TikTok Branch Over Security Concerns
UK Regulator Urges Stronger Data Protection in AI Recruitment Tools
Interlock Ransomware Targets US Healthcare, IT and Government Sectors
Major Oilfield Supplier Hit by Ransomware Attack
Tweet of the Week (41:01)
