This week in InfoSec  (11:10)

With content liberated from the “today in infosec” twitter account and further afield

4th December 2013: Troy Hunt launched the free-to-search site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of  compromised records from hundreds of breaches.

https://twitter.com/todayininfosec/status/1864299155583127739    

5th December 1996: Julian Assange pleaded guilty to 25 of 31 hacking charges and related charges and was ordered to repay $2,100 to Australian National University. He had been arrested in 1994 for hacking crimes committed in 1991. The court case details weren't released until 2011.

https://twitter.com/todayininfosec/status/1864664694243434977

Rant of the Week (17:21)

Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

The number of security threats in the UK that hit the country's National Cyber Security Centre's (NCSC) maximum severity threshold has tripled compared to the previous 12 months.

Published Tuesday 3rd December, GCHQ's tech offshoot's 2024 review reveals that 12 incidents topped the NCSC's severity classification system out of a total 430 cases that required support from its Incident Management (IM) team between September 2023 and August 2024. The finding represents a 16 percent increase year-over-year.

The number of nationally significant incidents also rose from 62 last year to 89 in the latest data, six of which were caused by exploiting two Palo Alto and Cisco zero-days. This number includes the 12 deemed maximally severe and an undetermined number of attacks on the UK's central government.

Billy Big Balls of the Week (25:50)

Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware

A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.

Kirill Parubets was detained in Russia for 15 days after being accused of sending money to Ukraine, during which time the man was beaten and subjected to aggressive efforts to recruit him as an FSB informant on his contacts in Ukraine.

According to his account of the story, published with his consent by Toronto University's Citizen Lab and First Department legal organization, he says he was threatened with life imprisonment if he failed to comply with the recruitment drive.

In order to secure release, he agreed but before he was indoctrinated he and his wife fled the country. Always keep a second passport, if possible. 

Industry News (32:21)

Crypto.com Launches Massive $2m Bug Bounty Program

German Police Shutter Country’s Largest Dark Web Market

ENISA Launches First State of EU Cybersecurity Report

Wirral Hospital Recovery Continues One Week After Cyber Incident

FBI Warns GenAI is Boosting Financial Fraud