Episode 168 - The Purple Pineapple Episode

The Host Unknown Podcast

Контент предоставлен Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.

8M ago 44:35

MP3•Главная эпизода

This week in InfoSec (09:32)

With content liberated from the “today in infosec” twitter account and further afield

18th September 2001: The Nimda worm was released. Utilising 5 different infection vectors, it became the most widespread virus/worm after only 22 minutes. $ echo "admin" | rev nimda

https://twitter.com/todayininfosec/status/1703760366688211041

16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan. 2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.

https://twitter.com/todayininfosec/status/1703169477548884296

Rant of the Week (14:55)

[We’re sympathetic of companies who get hacked and what they have to deal with, but there comes a time when they’re repeatedly hacked and you have to ask questions]:

T-Mobile app glitch let users see other people's account info

T-Mobile customers said they could see other peoples' account and billing information after logging into the company's official mobile application.

According to user reports on social media, the exposed information included customers' names, phone numbers, addresses, account balances, and credit card details like the expiration dates and the last four digits.

As first reported by The Verge, some of the customers affected by this issue could see the sensitive information of multiple other people while logged into their own accounts.

While a massive number of reports started surfacing earlier today on Reddit and Twitter, some T-Mobile customers also claimed that they've been experiencing this throughout the last two weeks.

"Reported this issue when it first popped up here on Reddit over 2 weeks ago and sent pics of the other person's info to their security team. No response, but wow, just wow," one customer said.

Nine data breaches since 2018

In May, T-Mobile disclosed the second data breach since the start of 2023 after hundreds of customers had their personal information exposed between late February and March after attackers hacked into the carrier's systems.

In January, the mobile carrier revealed another data breach after the sensitive info of 37 million customers was stolen using one of its Application Programming Interfaces (APIs).

Since 2018, T-Mobile has been hit by seven other data breaches:

In August 2018, attackers accessed the data of around 3% of all T-Mobile customers.
In 2019, T-Mobile exposed the account info of an undisclosed number of prepaid customers.
In March 2020, T-Mobile employees were affected by a breach exposing their personal and financial information.
In December 2020, threat actors accessed customer proprietary network info (phone numbers, call records).
In February 2021, an internal T-Mobile app was accessed by unknown attackers without authorization.
In August 2021, hackers brute-forced their way through T-Mobile's network following a breach of one of its testing environments.
In April 2022, the notorious Lapsus$ extortion gang breached T-Mobile's network using stolen credentials.

Billy Big Balls of the Week (23:31)

Singapore may split liability for phishing losses between banks and victims

Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams.

It is an answer to a common question these days: in a world of rampant payment and transfer scams, who is responsible?

Countries like Australia have also considered shared loss schemes. Meanwhile, the European Commission has proposed a "refund" to victims of certain types of fraud, including authorised push payment scams.

Starting next year, the UK will enforce mandatory reimbursement by banks to scam victims up to one million pounds – with the sending and receiving banks sharing the bill.

Singapore's minister of state Alvin Tan has a different view.

"There are some views that banks can easily absorb losses arising from individual scam cases. However, full restitution without due consideration of culpability is neither fair nor desirable," he told Parliament on Monday.

Industry News (33:01)

Caesars Entertainment Reveals Major Ransomware Breach

Pirated Software Likely Cause of Airbus Breach

TikTok Fined $368m For Child Data Privacy Offenses

Illegal Betting Ring Used Satellite Tech to Get Scoop on Results

Microsoft AI Researchers Leak 38TB of Private Data

Clorox Struggling to Recover From August Cyber-Attack

Threat Actor Claims Major TransUnion Data Breach

Finnish Authorities Shutter Dark Web Drugs Marketplace

International Criminal Court Reveals Security Breach

Tweet of the Week (41:32)

https://x.com/gabsmashh/status/1704875732282077244?s=20

Come on! Like and bloody well subscribe!

194 эпизодов

#Tech #Entrepreneur #Business #Comedy #Improv #Host Unknown #Andrew Agnes #Javvad Malik #This Week In Infosec #Cyber Security #Risk Management #Hackers #Cybersecurity #Rant Of The Week #Tweet Of The Week #Billy Big Balls Of The Week #InfoSec