‘Satanic’ data thief hits 350M Hot Topic shoppers • The Register - HotTopic, Torrid, and Lunchbox shoppers (around 350m) of them have had a few bits of info stolen; names, emails, physical addresses, dates of birth, last four digits of customers’ credit cards, card types, hashed expiration dates, and account holder names. Likely just watch out for My Neighbor Totoro-themed phishes and you’ll be ok.
U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign Iranian hackers act as brokers selling critical infrastructure access - US and Allies are warning that Iran has ran a year long campaign to break into water, waste-water, electrical plants, government, healthcare, and telecom systems to serve as an Initial Access Broker, selling credentials to other nations, threat actors, etc… These IAB’s aren’t damaging the networks, simply staging an maintaining a presence on the network until it can be sold or made useful.
RSS or Really Simple Syndication is a protocol left over from the early days of the second internet. Adopted widely in the early 2000s, RSS became a privacy conscious way for users to get updated information from disparate news sources, blogs, content creators, and the like without having to visit individual sites. An interested reader could simply drop an RSS link into an aggregator and curate an “OPML” file of interesting blogs, video content creators, news channels, and other interesting content. Simply subscribe, with no login, no sign-ups, and wait for the content to role in. The OPML file would be managed by the aggregator and with a single click (or pop-up notification), users could find all the new content they were interested in.
This post began as a diatribe by myself to an invisible audience in my travel journal. My infant daughter (Nibble,1f) is on vacation with us and has been eating copious amounts of Greek Yogurt to help combat the diarrhea caused by an antibiotic, cefdinir. In my musings, I wandered what it would have been like to travel with an infant suffering an ear infection with little to soothe her than the ineffective and near-witchcraft style medicine available prior to the age of antibiotics. I then began to write about what medicine may be like in the future and realized that along our current trajectory the Star-Trek-esque future we hope for likely isn’t a possibility.
Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (thehackernews.com) - Google will now allow their Pixel phones to be configured to ignore 2G downgrade attacks caused by Stingrays (cell-site simulators) and other devices that emulate a cellular baseband (tower) controlled by their service provider. This will prevent attacks like those performed by Intellexa and Predator using the Triton malware. This will also prevent SMS Blasting which bypass carrier spam protections.
Data watchdog fines Clearview AI $33M • The Register - Clearview scrapes photos from all over the internet, adds them to its database, then sells the data to advertisers and governments, some who use it without appropriate legal permissions (think 4th amendment/warrantless surveillance issues)
Spamouflage trolls pretend to be American patriots on X • The Register - #China - People’s Republic of China propaganda crew ramps up X and TikTok work claiming to be American citizens and “frustrated Conservatives”. The threat actor group is using AI generated content of Pres. Biden, VP Harris, and fmr Pres. Trump. Overall, users are able to identify that something isn’t “right” about the accounts, though the propagandist are getting better.
Recently I read a great article called Try to Fix It One Level Deeper by Alex Kladov, in which he discusses a unique (to me) approach to squashing software bugs. Instead of just fixing the bug at hand, Alex encourages the reader, and his team to dig one level deeper. Really determine why the bug exists at all. Is this parameter really being mishandled? Or should we even be asking for this parameter?
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide (thehackernews.com) - Hardware backdoor means even with appropriate controls, threat actors can still attack hotel and office doors around the globe. The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes.
CISA warns of Jenkins RCE bug exploited in ransomware attacks (bleepingcomputer.com) - Jenkins vulnerabilities from January being used by threat actors for Remote Code Execution. Patches should be applied in every environment. Exploitation of this vuln and proof of concepts hit the web less than 48hrs after the issue was identified.
A number of companies I’ve worked for have security tools in place, but they’re almost always half-configured, half-utilized, and no one has a good idea what’s missing or what should be there. Luckily, there’s a solution, or at least a tool that can help us move towards a solution.