What
are the signs of a hack in progress? Take Computer Security 101 for
most of the answers. It’s not hard, but you have to manage it
correctly. (I have recommended this site to my students)
Mathway
investigates data breach after 25M records sold on dark web
A
data breach broker is selling a database that allegedly contains 25
million Mathway user records on a dark web marketplace.
Mathway
is a calculator that allows users to type in math questions and
receive an answer for free through their website or via Android and
iOS apps.
The
Mathway app is top-rated, with over 10 million installs on Android
and ranked as #4 under education in the Apple Store.
… This
week, a data breach seller known as Shiny Hunters began to publicly
sell an alleged Mathway database on a dark web marketplace for
$4,000.
In
a sample of the database shared with BleepingComputer, the most
concerning of the exposed data are the email addresses and hashed
passwords. Otherwise, the data is mostly what appears to be system
data.
… If
you use Mathway and want to check if your account is part of this
breach, you can use Cyble's AmIBreached
data
breach lookup service.
(Related)
As
hackers sell 8 million user records, Home Chef confirms data breach
Meal
kit and food delivery company Home Chef has confirmed that hackers
breached its systems, making off with the personal information of
customers.
Quite
how the hackers breached Home Chef’s systems is unclear. In its
own FAQ
about
the security breach, the business shares no details other than to say
that it “recently learned of a data security incident impacting
select customer information.”
However,
earlier this month – weeks before Home Chef went public about its
security breach – Bleeping
Computer reported
that
the
company was one of eleven whose breached data was being offered for
sale on a dark web marketplace.
(Related)
Some of those signs… Do you know what is ‘normal’ for your
employees?
‘Flight
risk’ employees involved in 60% of insider cybersecurity incidents
… According
to the Securonix 2020 Insider
Threat Report,
published on Wednesday, "flight risk" employees, generally
deemed to be individuals on the verge of resigning or otherwise
leaving a job, often
change their behavioral patterns from two months to two weeks before
conducting an insider attack.
… Securonix
says that the exfiltration of sensitive data continues to be the most
common insider threat, often taking place via email transfers or web
uploads to cloud storage services including Box and Dropbox. This
attack vector is followed by privileged account abuse.
After
examining hundreds of insider incidents across different industry
verticals, the cybersecurity firm said that roughly 80% of flight
risk employees will try to take proprietary data with them.
In
total, 43.75% of insiders forwarded content to personal emails; 16%
abused cloud collaboration privileges and 10% performed downloads of
aggregated data during attacks analyzed in the report. Unauthorized
USB and removable storage devices are also commonly used to swipe
data.
A
couple of reasons why hacking is an interesting hobby. It’s cheap
and often undetectable.
Hacker
Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite
Communications
An
Oxford University-based security researcher says he used £270 ($300)
of home television equipment to capture terabytes of real-world
satellite traffic — including sensitive data from “some of the
world’s largest organisations.”
James
Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the
attack in a session at the Black Hat security conference in early
August.
Pavur
will also demonstrate that, “under the right conditions”
attackers can hijack active sessions via satellite link, a session
overview
reveals.
… A
synopsis warns hat these communications can be spied on “from
thousands of miles away with virtually
no risk of detection”.
While
full details of the attack will not be revealed until the Black Hat
conference, an 2019 conference paper published by Pavur gives a sneak
peak into some of the challenges of security in the satellite
communications space.
It
appears to boil down in large part to the absence
of encryption-in-transit for satellite-based broadband
communications.
Forewarned
is forearmed?
Understanding
the “World of Geolocation Data”
How
is location data generated from mobile devices, who gets access to
it, and how? As debates over companies and public health authorities
using device data to address the current global pandemic continue, it
is more important than ever for policymakers and regulators to
understand the practical basics of how mobile operating systems work,
how apps request access to information, and how location datasets can
be more or less risky or revealing for individuals and groups.
Today, Future of Privacy Forum released a new infographic, “The
World of Geolocation Data” that explores these issues.
A podcast.
‘KEEPING
THE RUSSIANS OUT, THE AMERICANS IN, AND THE COMPUTERS DOWN?’ ERIK
LIN-GREENBERG ON HIS ARTICLE “ALLIES AND ARTIFICIAL INTELLIGENCE”
In
this episode of Horns of a Dilemma, Doyle Hodges, executive editor of
the Texas
National Security Review,
talks with Dr. Erik Lin-Greenberg about his article, “Allies
and Artificial Intelligence: Obstacles to Operations and
Decision-Making,” which is featured in Volume 3 Issue 2 of
TNSR.
Dr. Lin-Greenberg is a post-doctoral fellow at the University of
Pennsylvania’s Perry World House and an incoming assistant
professor of political science at the Massachusetts Institute of
Technology. His research examines how military technology affects
conflict dynamics in the regulation of the use of force and how
remote warfighting technologies, like drones and cyber warfare, shape
crisis escalation. He also explores how technology influences
alliance relationships and public attitudes toward the use of force.
Why?
I have a hard time understanding the political mindset. Why not use
every tool in the toolbox?
Who’s
advising Joe Biden on tech policy? No one in particular.
The
presumptive Democratic nominee does not have a top adviser focused on
tech policy, according to campaign materials and party veterans,
including some who have offered informal advice to Biden on tech.
The lack of
tech leadership in the campaign marks a contrast with his Democratic
predecessors, as well as some of Biden's competitors in the
Democratic primary, and reflects a belief that issues like online
misinformation, privacy regulation and alleged anticompetitive
behavior by tech's giants will not be pivotal to unseating President
Trump. To some advocates for reforming the tech industry, though,
Biden — whose written policy prescriptions largely avoid venturing
into tech — is missing an opportunity to lead in areas that have
gained new prominence and urgency.
