Categories


Authors

BTH News 02August2020

BTH News 02August2020

This Week In Cybersecurity

This week on Between the Hacks, data breaches galore, three arrested in the Twitter hack, will TikTok be banned?, the dumpster fire of the week and a nostalgic tool that’s useful and fun.


18-Company Data Breach

This week Between The Hacks reported on a trove of breach data posted by threat actors that included more than 386 million user records from 18 different startup companies. “Since July 21st, a seller of data breaches known as ShinyHunters has begun leaking the databases for free on a hacker forum known for selling and sharing stolen data” reported Bleeping Computer on July 28th.

Later in the week, Bleeping Computer posted an update on the breach collection as more of the startups have begun to disclose the breaches to the public. Bleeping Computer reported, “ShinyHunters told BleepingComputer that they released the databases for free to benefit the "community" and as they already made enough money from selling them in private sales.”


Arrests in Twitter Hack

For the past two week, Between the Hacks has reported on the developments with a Twitter hack [July 18th and July 26th]. This week we learned that arrests have been made. “Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam” according to KrebsOnSecurity.

The three individuals have been identified as, Nima “Rolex” Fazeli, a 22-year-old from Orlando, Fla., Mason “Chaewon” Sheppard, a 19-year-old from Bognor Regis, U.K., and the third individual arrested, and mastermind of the attack, was identified by NBC News affiliate in Tampa as 17-year-old Graham Clark.

For more details on how this attack occurred, read Brian Krebs article. ArsTechnica also has two informative articles on the topic [1 & 2].


IMG_0025.jpeg

TikTok ban?

The future of the hugely popular mobile app, TikTok is uncertain. Last week we learned that Microsoft is looking at a possible TikTok acquisition. However, The Wall Street Journal reported Saturday that Microsoft has “paused negotiations to buy the U.S. operations of the video-sharing app TikTok after President Trump said he opposed the deal.” Negotiations had been progressing for weeks before President Trump, claiming that TikTok's parent company ByteDance is mismanaging users' data, posing security risks to U.S. citizens.

On June 29th, the Indian government banned TikTok and 58 other Chinese mobile apps due to national security concerns. This comes after the Indian military clashed with Chinese forces in the region of Ladakh, in northern India, on June 15, this year, according to ZDNet.


DUMPSTER FIRE OF THE WEEK

dumpsterfire.png

The Dumpster Fire of the Week:

the UK cosmetic company, Avon

According to Infosecurity Magazine, researchers at SafetyDetectives found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption which leaked 19 million records including personally identifiable information (PII) on customers and potentially employees, including full names, dates of birth, home addresses, phone numbers, email and GPS coordinates.

Unlike most of the data breaches we read about, no social engineering, phishing or complicated hacking was needed to gain access as this was just a trove of sensitive data that was placed directly on the Internet with no protections.

You can read more at the Between The Hacks article entitled, Breach Week.


Tip of the Week

waybackmachine.jpeg

The Wayback Machine

This is not specifically a security tip but it is a pretty useful tool when you need it. The Wayback Machine is an archive of Internet-facing websites that is hosted and maintained by the Internet Archive, a non-profit library of millions of free books, movies, software, music, websites, and more. It allows a user to “go back in time” to see what a web page looked like at some point in the past.

To use the Wayback Machine, just point your browser to https://archive.org/web/web.php and type in a web address and you will see a calendar of snapshots of that website taken over the years. For example, here is a short blog that I wrote about the Heartbleed vulnerability in 2014. Or, maybe you want to see Microsoft’s web page from December 5, 1998. There are definitely practical reasons for using the Wayback Machine but I think most people will just find fun in the nostalgia of the archive.


Picture of the Week

SolutionMayEvadeYou.jpg
BTH News 08August2020

BTH News 08August2020

Breach Week

Breach Week