Episode 156 - The Smashing Security Takeover Episode
This week in InfoSec (12:01)
With content liberated from the “today in infosec” twitter account and further afield
12th June 1989: Callers to a Florida probation office were connected to a phone sex line. Southern Bell officials said it was the first time their switching equipment had been reprogrammed by a hacker.
https://twitter.com/todayininfosec/status/1668417281112637441
15th June 2004: The first mobile phone virus, Cabir, was discovered. It infected devices running the Symbian OS and spread via Bluetooth. 68% of you are thinking "Symbian OS? Never heard of it."
Learn how it got its name and how it spread in a stadium in Finland:
https://twitter.com/todayininfosec/status/1669380905662545921
Rant of the Week (21:09)
Capita wins £50M fraud reporting contract with City of London cops
Capita, which is still dealing with a digital break-in that exposed customers' data to criminals, has scored a £50 million contract with the City of London police to run contact and engagement services for the force's fraud reporting service.
The five-year agreement kicks off in 2024 and the territorial cops responsible for law enforcement in the financial district of the capital (aka the "square mile," – the Met looks after Greater London) have an option to extend it for a further two years, should they wish to do so.
The work will see Capita provide an "end-to-end customer management process" to potential victims of fraud when they contract the service. The current iteration receives upwards of 350,000 calls and 2.3m unique visits to the website annually.
In a statement, Capita pledged to "deploy" its "customer experience model for identifying, managing and monitoring customers using data and specialist coaching to support potential victims of crime."
EU boss Breton: There's no Huawei that Chinese comms kit is safe to use in Europe
European Commission's own networks to toss Middle Kingdom boxes amid calls for total replacement
European commissioner Thierry Breton wants Huawei and ZTE barred throughout the EU, and revealed plans to remove kit made by the Chinese telecom vendors from the Commission's internal networks.
"We cannot afford to maintain critical dependencies that could become a weapon against our interests," he declared in a Thursday speech.
The Chinese vendors' presence in foreign networks has been a point of concern for years.
There are concerns that backdoors in Huawei equipment could allow China to spy on foreign nations, given Chinese law requires local businesses to share info with Beijing. However,
Huawei has repeatedly rejected the claims of backdoors, insisted it follows the law of the land wherever it operates, and denied that Chinese laws would see it sell out customers.
Those protestations haven't stopped the US, UK, and at least ten EU countries from banning the manufacturer's kit from their networks. ZTE has also run afoul of regulators.
Billy Big Balls of the Week (32:17)
US mother gets call from ‘kidnapped daughter’ – but it’s really an AI scam
After being scammed into thinking her daughter was kidnapped, an Arizona woman testified in the US Senate about the dangerous side of artificial intelligence technology when in the hands of criminals.
Jennifer DeStefano told the Senate judiciary committee about the fear she felt when she received an ominous phone call on a Friday last April.
Thinking the unknown number was a doctor’s office, she answered the phone just before 5pm on the final ring. On the other end of the line was her 15-year-old daughter – or at least what sounded exactly like her daughter’s voice.
Industry News (42:07)
Data Flows Between UK and US to be Simplified Under New Agreement
Ofcom Latest MOVEit Victim as Exploit Code Released
GMicrosoft Pays $20m to Settle Another FTC COPPA Case
No Zero-Days but PGM Flaws Cause Patch Tuesday Concern
MFA Bypass Kits Account For One Million Monthly Messages
Europol Warns of Metaverse and AI Terror Threat
EU Passes Landmark Artificial Intelligence Act
Malicious Actors Exploit GitHub to Distribute Fake Exploits
LockBit Makes $91m From US Victims in Two Years
Tweet of the Week (50:49)
https://twitter.com/InfoSecSherpa/status/1062036305146724354
https://twitter.com/fesshole/status/1662495137992175617
Come on! Like and bloody well subscribe!
