Episode 34. Andy sees a squirrel, Jav gets angered by a random friendly stranger, and Thom takes delivery of the wrong colour MacBook Pro. Oh the humanity! This week in Infosec Tweet of the Week Billy Big Balls Rant of the week Jav’s new feature Will we have a Little people today?
Trigger warning, this episode is over an hour long; do not time anything with the length of this episode.
This Week in InfoSec
21st November 2008: The Conficker worm was first discovered. It spread quickly by exploiting a vulnerability that was addressed via the patch described in Microsoft's out-of-band bulletin MS08-067 four weeks prior. It infected millions of computers, at the time more than any worm since 2003.
https://twitter.com/todayininfosec/status/1330292959766573056?s=20
22nd November 1987: Chicago TV stations WGN and WTTW had their signals overridden in 2 separate incidents by a man in a Max Headroom mask. To this day, the perpetrator is unknown. The second incident was...uh...wow...just wow. It's a must-watch. Video: https://youtu.be/tWdgAMYjYSs
https://allthatsinteresting.com/max-headroom-hack
https://twitter.com/todayininfosec/status/1330512600539521027?s=20
24th November 2014: The Washington Post published an article which included a picture of TSA master keys. As a result, a short time later functional keys were 3-d printed using the [unblurred] key patterns displayed in the picture. https://www.washingtonpost.com/local/trafficandcommuting/where-oh-where-did-my-luggage-go/2014/11/24/16d168c6-69da-11e4-a31c-77759fc1eacc_story.html
https://twitter.com/todayininfosec/status/1331385955916402690?s=20
Tweet of the Week
https://twitter.com/geoffbelknap/status/1331690657170157568?s=20
An outage with Amazon's web infrastructure left smart-home enthusiasts unable to use basic household items.
Amazon Web Services is a huge part of the company's business and the backbone of the internet's most popular sites and services.
A widespread US outage late on Wednesday disrupted many of those services.
Robot vacuums and smart doorbells suddenly stopped working in people's homes.
https://www.bbc.co.uk/news/technology-55087054
I Cut the 'Big Five' Tech Giants From My Life. It Was Hell
https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194
Billy Big Balls
A Hacker Nearly Stole $8 Million From An Aussie Hedge Fund Using A Fake Zoom Invite
A fake Zoom invite has led to the demise of a successful Sydney-based hedge fund and nearly cost it $8.7million after a hacker was able to send off fake invoices on behalf of the firm.
On Monday, the AFR reported that Levitas Capital was forced to close after its major client Australian Catholic Super withdrew its funds in the wake of the September cyber attack.
The hedge fund's cyber investigators have pinpointed a fake Zoom invite opened by one of the fund's cofounders Michael Fagan or Michael Brookes.
Industry News
Microsoft Announces Pluton Processor for Better Hardware Security
#ISSE2020: Focus on 2020's Crypto Successes Rather than Efforts to Break it
NCSC Issues Warning About Expected #BlackFriday Scams
#COVID19 Drives Massive Multi-Cloud Adoption
Fines Less of a Concern than Reputational Damage for Public Sector Security
Home Depot Settles with US States Over 2014 Data Breach
DDoS Attacks Against Online Retailers Increase Four-Fold During Pandemic
Defining Codes of Conduct to Enable Post Brexit GDPR Compliance
GDPR Has Had Successes, Requires Public Knowledge of Data Spread
Javvad's Weekly News
Up to 350,000 Spotify Users Targeted by Credential Stuffers
Beware of Black Friday Deals That Are Too Good To Be True
Data Breach of Online Kids’ Game Exposed Personal Data of 46 Million Parents and Children
Spotify Hit by Credential Stuffing Attack, 300K+ Accounts Vulnerable
Fraud Operation Targets Spotify Users With Leaked Database
Thom calling it:
Manchester United Investigating Cybersecurity Incident
UK Football Club Says No Evidence of Fan Data Being Breached
https://www.databreachtoday.eu/manchester-united-investigating-cybersecurity-incident-a-15438
Rant of the Week
Leaked docs from inside Amazon’s Global Security Operations Center reveal company’s use of Pinkerton operatives—private intel—to spy on workers and the extensive monitoring of labor unions, environmental activists, and other social movements
https://twitter.com/josephfcox/status/1330924178875109376?s=20
The Little People
This week we are joined by the opinionated but equally correct Tricia Howard @TriciaKicksSaaS