Saturday, May 23, 2020


What are the signs of a hack in progress? Take Computer Security 101 for most of the answers. It’s not hard, but you have to manage it correctly. (I have recommended this site to my students)
Mathway investigates data breach after 25M records sold on dark web
A data breach broker is selling a database that allegedly contains 25 million Mathway user records on a dark web marketplace.
Mathway is a calculator that allows users to type in math questions and receive an answer for free through their website or via Android and iOS apps.
The Mathway app is top-rated, with over 10 million installs on Android and ranked as #4 under education in the Apple Store.
This week, a data breach seller known as Shiny Hunters began to publicly sell an alleged Mathway database on a dark web marketplace for $4,000.
In a sample of the database shared with BleepingComputer, the most concerning of the exposed data are the email addresses and hashed passwords. Otherwise, the data is mostly what appears to be system data.
If you use Mathway and want to check if your account is part of this breach, you can use Cyble's AmIBreached data breach lookup service.


(Related)
As hackers sell 8 million user records, Home Chef confirms data breach
Meal kit and food delivery company Home Chef has confirmed that hackers breached its systems, making off with the personal information of customers.
Quite how the hackers breached Home Chef’s systems is unclear. In its own FAQ about the security breach, the business shares no details other than to say that it “recently learned of a data security incident impacting select customer information.”
However, earlier this month – weeks before Home Chef went public about its security breach – Bleeping Computer reported that the company was one of eleven whose breached data was being offered for sale on a dark web marketplace.


(Related) Some of those signs… Do you know what is ‘normal’ for your employees?
Flight risk’ employees involved in 60% of insider cybersecurity incidents
According to the Securonix 2020 Insider Threat Report, published on Wednesday, "flight risk" employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a job, often change their behavioral patterns from two months to two weeks before conducting an insider attack.
Securonix says that the exfiltration of sensitive data continues to be the most common insider threat, often taking place via email transfers or web uploads to cloud storage services including Box and Dropbox. This attack vector is followed by privileged account abuse.
After examining hundreds of insider incidents across different industry verticals, the cybersecurity firm said that roughly 80% of flight risk employees will try to take proprietary data with them.
In total, 43.75% of insiders forwarded content to personal emails; 16% abused cloud collaboration privileges and 10% performed downloads of aggregated data during attacks analyzed in the report. Unauthorized USB and removable storage devices are also commonly used to swipe data.




A couple of reasons why hacking is an interesting hobby. It’s cheap and often undetectable.
Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications
An Oxford University-based security researcher says he used £270 ($300) of home television equipment to capture terabytes of real-world satellite traffic — including sensitive data from “some of the world’s largest organisations.”
James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August.
Pavur will also demonstrate that, “under the right conditions” attackers can hijack active sessions via satellite link, a session overview reveals.
A synopsis warns hat these communications can be spied on “from thousands of miles away with virtually no risk of detection”.
While full details of the attack will not be revealed until the Black Hat conference, an 2019 conference paper published by Pavur gives a sneak peak into some of the challenges of security in the satellite communications space.
It appears to boil down in large part to the absence of encryption-in-transit for satellite-based broadband communications.




Forewarned is forearmed?
Understanding the “World of Geolocation Data”
How is location data generated from mobile devices, who gets access to it, and how? As debates over companies and public health authorities using device data to address the current global pandemic continue, it is more important than ever for policymakers and regulators to understand the practical basics of how mobile operating systems work, how apps request access to information, and how location datasets can be more or less risky or revealing for individuals and groups. Today, Future of Privacy Forum released a new infographic, “The World of Geolocation Data” that explores these issues.




A podcast.
KEEPING THE RUSSIANS OUT, THE AMERICANS IN, AND THE COMPUTERS DOWN?’ ERIK LIN-GREENBERG ON HIS ARTICLE “ALLIES AND ARTIFICIAL INTELLIGENCE”
In this episode of Horns of a Dilemma, Doyle Hodges, executive editor of the Texas National Security Review, talks with Dr. Erik Lin-Greenberg about his article, “Allies and Artificial Intelligence: Obstacles to Operations and Decision-Making,” which is featured in Volume 3 Issue 2 of TNSR. Dr. Lin-Greenberg is a post-doctoral fellow at the University of Pennsylvania’s Perry World House and an incoming assistant professor of political science at the Massachusetts Institute of Technology. His research examines how military technology affects conflict dynamics in the regulation of the use of force and how remote warfighting technologies, like drones and cyber warfare, shape crisis escalation. He also explores how technology influences alliance relationships and public attitudes toward the use of force.




Why? I have a hard time understanding the political mindset. Why not use every tool in the toolbox?
Who’s advising Joe Biden on tech policy? No one in particular.
The presumptive Democratic nominee does not have a top adviser focused on tech policy, according to campaign materials and party veterans, including some who have offered informal advice to Biden on tech.
The lack of tech leadership in the campaign marks a contrast with his Democratic predecessors, as well as some of Biden's competitors in the Democratic primary, and reflects a belief that issues like online misinformation, privacy regulation and alleged anticompetitive behavior by tech's giants will not be pivotal to unseating President Trump. To some advocates for reforming the tech industry, though, Biden — whose written policy prescriptions largely avoid venturing into tech — is missing an opportunity to lead in areas that have gained new prominence and urgency.



No comments: