This week in InfoSec is the O.G. credential dump Rant of the Week warns that we don’t even know what we don’t know Billy Big Balls is a reminder to always keep a second passport Industry News is the latest and greatest security news stories from around the world And Tweet of the Week reminds us that while an eagle soars, a hawk tuahs
This week in InfoSec (11:10)
With content liberated from the “today in infosec” twitter account and further afield
4th December 2013: Troy Hunt launched the free-to-search site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches.
https://twitter.com/todayininfosec/status/1864299155583127739
5th December 1996: Julian Assange pleaded guilty to 25 of 31 hacking charges and related charges and was ordered to repay $2,100 to Australian National University. He had been arrested in 1994 for hacking crimes committed in 1991. The court case details weren't released until 2011.
https://twitter.com/todayininfosec/status/1864664694243434977
Rant of the Week (17:21)
Severity of the risk facing the UK is widely underestimated, NCSC annual review warns
The number of security threats in the UK that hit the country's National Cyber Security Centre's (NCSC) maximum severity threshold has tripled compared to the previous 12 months.
Published Tuesday 3rd December, GCHQ's tech offshoot's 2024 review reveals that 12 incidents topped the NCSC's severity classification system out of a total 430 cases that required support from its Incident Management (IM) team between September 2023 and August 2024. The finding represents a 16 percent increase year-over-year.
The number of nationally significant incidents also rose from 62 last year to 89 in the latest data, six of which were caused by exploiting two Palo Alto and Cisco zero-days. This number includes the 12 deemed maximally severe and an undetermined number of attacks on the UK's central government.
Billy Big Balls of the Week (25:50)
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.
Kirill Parubets was detained in Russia for 15 days after being accused of sending money to Ukraine, during which time the man was beaten and subjected to aggressive efforts to recruit him as an FSB informant on his contacts in Ukraine.
According to his account of the story, published with his consent by Toronto University's Citizen Lab and First Department legal organization, he says he was threatened with life imprisonment if he failed to comply with the recruitment drive.
In order to secure release, he agreed but before he was indoctrinated he and his wife fled the country. Always keep a second passport, if possible.
Industry News (32:21)
Crypto.com Launches Massive $2m Bug Bounty Program
German Police Shutter Country’s Largest Dark Web Market
ENISA Launches First State of EU Cybersecurity Report
Wirral Hospital Recovery Continues One Week After Cyber Incident
FBI Warns GenAI is Boosting Financial Fraud
Europol Dismantles Major Online Fraud Platform in Major Blow to Fraudsters
Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client
Romania Exposes TikTok Propaganda Campaign Supporting Pro-Russian Candidate
FCC Proposes Stricter Cybersecurity Rules for US Telecoms
Tweet of the Week (43:43)
https://twitter.com/McGrewSecurity/status/1865050788369772974