This week in InfoSec talks about the man behind the PCI-DSS raison d'être Rant of the Week is a story about terrible asset management Billy Big Balls is a company taking on a real life Billy Big Balls Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week talks about inflation
This Week in InfoSec (09:55)
With content liberated from the “today in infosec” twitter account and further afield
31st March 1999: The hugely successful motion picture, The Matrix, is released on this day. Many call it a classic (ok, that’s me), many call it influential (ok, me again), but no one can deny that the impact it had on many aspects of our society from the emerging tech culture, to the movie industry, to science-fiction, to political thinking
25th March 2010: Albert Gonzales was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.
Sex, Drugs, and the Biggest Cybercrime of All Time
Rant of the Week (19:32)
Yale finance director stole $40m in computers to resell on the sly
A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.
Billy Big Balls of the Week (30:30)
Ubiquiti sues Krebs on Security for defamation
Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.
On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.
Apple and Meta shared data with hackers pretending to be law enforcement officials
Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.
Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.
Industry News (37:24)
Dental Practice Fined for Sharing Patient Data on Social Media
Yandex is Sending iOS Users' Data to Russia
Attackers Steal $618m From Crypto Firm
New Research Claims Biden's Disclosure Deadlines Are Unrealistic
NCSC: Time to Rethink Russian Supply Chain Risks
Cyber-attack on California Healthcare Organization
New Version of PCI DSS Designed to Tackle Emerging Payment Threats
No Patch Available Yet for Critical SpringShell Bug
Tweet of the Week (
https://twitter.com/AskAManager/status/1509246642364588040
