This week in InfoSec (13:28)
With content liberated from the “today in infosec” twitter account and further afield
5th November 1993: Bugtraq was created by Scott Chasin as a full disclosure vulnerability reporting mailing list at the dawn of the World Wide Web. Bugtraq had an enormous influence on how orgs responded to vuln disclosure and paved the way for a shift which led to bug bounty programs.
https://twitter.com/todayininfosec/status/1853799779626578186
5th November 2007: Google introduces the Android platform, its mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.
https://thisdayintechhistory.com/11/05/android-introduced/
Rant of the Week (18:54)
Voted in America? This Site Doxed You
If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people.
Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process—simply voting—into a security and privacy threat.
Billy Big Balls of the Week (27:09)
Schneider Electric ransomware crew demands $125k paid in baguettes
https://www.theregister.com/2024/11/05/schneider_electric_cybersecurity_incident/
Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.
And yes, you read that right: payment in baguettes. As in bread.
Schneider Electric declined to answer The Register's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency.
A spokesperson, however, emailed us the following statement:
"Schneider Electric is investigating a cybersecurity incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilised to respond to the incident. Schneider Electric's products and services remain unaffected."
Industry News (33:18)
Google Cloud to Mandate Multifactor Authentication by 2025
IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.