Artwork

Konten disediakan oleh Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !

Episode 162 - The Do Not Google It Episode

48:46
 
Bagikan
 

Manage episode 372505039 series 2706360
Konten disediakan oleh Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.

This week in InfoSec (05:54)

With content liberated from the “today in infosec” twitter account and further afield

18th July 2011: Microsoft Hotmail announced that it would be banning very common passwords such as "123456" and "ilovecats".

https://twitter.com/todayininfosec/status/1416957326205100035

27th July 1990: The case of United States v. Riggs was decided. Robert J. Riggs (Prophet) had stolen the E911 file from BellSouth, then co-defendant Craig Neidorf (Knight Lightning) had published it in Phrack. The file was neither valuable nor confidential.

https://twitter.com/todayininfosec/status/1287768573310533633

Rant of the Week (16:59)

VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees.

The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally uploaded a .csv file of customer info to VirusTotal itself, said Emiliano Martinez, tech lead of the Google-owned malware analysis site.

"This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators," Martinez wrote in a Friday disclosure.

"We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting."

The employee had this list in the first place because the customer data was "critical to their role," we're told.

For those who don't know: VirusTotal allows netizens to – among other things – upload files, or submit a URL to one, and the site runs the material through various malware-scanning engines to see if anything malicious is detected or identified. Premium subscribers can also download uploaded samples, and thus that's how the uploaded .csv file of customer info was accidentally leaked.

https://www.bbc.co.uk/news/uk-politics-66333488

Billy Big Balls of the Week (24:01)

Crooks pwned your servers? You've got four days to tell us, SEC tells public companies

Public companies that suffer a computer crime likely to cause a "material" hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission.

The SEC proposed the changes last March, and on Wednesday the financial watchdog voted to adopt the requirements [PDF]. The rules, which take effect 30 days after being signed into the Federal Register later this year, will require publicly traded firms to openly disclose in a new section (Item 1.05) of Form 8-K any cybersecurity incident that has a material impact on their business.

Companies must make this determination "without reasonable delay," according to the new rules. If they decide a security breach is material, then they have four days to submit an Item 1.05 Form 8-K report detailing the material impact of the incident's "nature, scope, and timing," plus any impact or likely impact on the business. Those 8-K forms are made public by the SEC.

It is that time of the show where we head to our news sources over at the Infosec PA newswire who have been very busy bringing us the latest and greatest security news from around the globe!

Industry News (30:05)

Booz Allen Pays $377m to Settle Government Fraud Case

Cyber-Attack Strikes Norwegian Government Ministries

Industry Coalition Calls For Enhanced Network Resilience

Dark Web Markets Offer New FraudGPT AI Tool

Group-IB Founder Sentenced in Russia to 14 Years for Treason

SEC Wants Cyber-Incident Disclosure Within Four Days

Supply Chain Attack Hits NHS Ambulance Trusts

NCSC Publishes New Guidance on Shadow IT

OpenAI, Microsoft, Google and Anthropic Form Body to Regulate AI

https://www.outkick.com/robot-pizza-start-up-shuts-down-because-they-couldnt-keep-cheese-from-sliding-off/

Tweet of the Week (42:02)

https://twitter.com/hilare_belloc/status/1683797122628321280

Come on! Like and bloody well subscribe!

  continue reading

209 episode

Artwork
iconBagikan
 
Manage episode 372505039 series 2706360
Konten disediakan oleh Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.

This week in InfoSec (05:54)

With content liberated from the “today in infosec” twitter account and further afield

18th July 2011: Microsoft Hotmail announced that it would be banning very common passwords such as "123456" and "ilovecats".

https://twitter.com/todayininfosec/status/1416957326205100035

27th July 1990: The case of United States v. Riggs was decided. Robert J. Riggs (Prophet) had stolen the E911 file from BellSouth, then co-defendant Craig Neidorf (Knight Lightning) had published it in Phrack. The file was neither valuable nor confidential.

https://twitter.com/todayininfosec/status/1287768573310533633

Rant of the Week (16:59)

VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees.

The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally uploaded a .csv file of customer info to VirusTotal itself, said Emiliano Martinez, tech lead of the Google-owned malware analysis site.

"This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators," Martinez wrote in a Friday disclosure.

"We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting."

The employee had this list in the first place because the customer data was "critical to their role," we're told.

For those who don't know: VirusTotal allows netizens to – among other things – upload files, or submit a URL to one, and the site runs the material through various malware-scanning engines to see if anything malicious is detected or identified. Premium subscribers can also download uploaded samples, and thus that's how the uploaded .csv file of customer info was accidentally leaked.

https://www.bbc.co.uk/news/uk-politics-66333488

Billy Big Balls of the Week (24:01)

Crooks pwned your servers? You've got four days to tell us, SEC tells public companies

Public companies that suffer a computer crime likely to cause a "material" hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission.

The SEC proposed the changes last March, and on Wednesday the financial watchdog voted to adopt the requirements [PDF]. The rules, which take effect 30 days after being signed into the Federal Register later this year, will require publicly traded firms to openly disclose in a new section (Item 1.05) of Form 8-K any cybersecurity incident that has a material impact on their business.

Companies must make this determination "without reasonable delay," according to the new rules. If they decide a security breach is material, then they have four days to submit an Item 1.05 Form 8-K report detailing the material impact of the incident's "nature, scope, and timing," plus any impact or likely impact on the business. Those 8-K forms are made public by the SEC.

It is that time of the show where we head to our news sources over at the Infosec PA newswire who have been very busy bringing us the latest and greatest security news from around the globe!

Industry News (30:05)

Booz Allen Pays $377m to Settle Government Fraud Case

Cyber-Attack Strikes Norwegian Government Ministries

Industry Coalition Calls For Enhanced Network Resilience

Dark Web Markets Offer New FraudGPT AI Tool

Group-IB Founder Sentenced in Russia to 14 Years for Treason

SEC Wants Cyber-Incident Disclosure Within Four Days

Supply Chain Attack Hits NHS Ambulance Trusts

NCSC Publishes New Guidance on Shadow IT

OpenAI, Microsoft, Google and Anthropic Form Body to Regulate AI

https://www.outkick.com/robot-pizza-start-up-shuts-down-because-they-couldnt-keep-cheese-from-sliding-off/

Tweet of the Week (42:02)

https://twitter.com/hilare_belloc/status/1683797122628321280

Come on! Like and bloody well subscribe!

  continue reading

209 episode

Todos los episodios

×
 
Loading …

Selamat datang di Player FM!

Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.

 

Panduan Referensi Cepat