This Week in InfoSec (08:04)

With content liberated from the “today in infosec” twitter account and further afield

8th July 2011: Space Rogue broadcast the final HNNCast. And with that, the Hacker News Network came to an end. Final broadcast: https://www.facebook.com/78983739181/videos/10150254277486182/ 
https://youtu.be/UdKyDqU1p-4

1st July 1979: The first Sony Walkman, the TPS-L2, goes on sale in Japan. It would go on sale in the US about a year later. By allowing owners to carry their personal music with them, the Walkman and their iconic headphones introduce a revolution in listening habits and popular culture at large.

Rant of the Week (17:12)

Rogue HackerOne employee steals bug reports to sell on the side

A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards.

The rogue worker had contacted about half a dozen HackerOne customers and collected bounties “in a handful of disclosures,” the company said on Friday.

HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports.

On June 22, HackerOne responded to a customer request to investigate a suspicious vulnerability disclosure through an off-platform communication channel from someone using the handle “rzlr.”

The customer had noticed that the same security issue had been previously submitted through HackerOne.

Bug collisions, where multiple researchers find and report the same security issue, are frequent; in this case, the genuine report and the one from the threat actor shared obvious similarities that prompted a closer look.

HackerOne’s investigation determined that one of its employees had access to the platform for over two months, since they joined the company on April 4th until June 23, and contacted seven companies to report vulnerabilities already disclosed through its system.

Billy Big Balls of the Week (23:42)

Apple’s new Lockdown Mode defends against government spyware

Apple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks.

Once enabled, the Lockdown Mode will provide Apple customers with messaging, web browsing, and connectivity protections designed to block mercenary spyware (like NSO Group's Pegasus) used by government-backed hackers to monitor their Apple devices after infecting them with malware.

Attackers' attempts to compromise Apple devices using zero-click exploits targeting messaging apps such as WhatsApp and Facetime or web browsers will get automatically blocked, seeing that vulnerable features like link previews will be disabled.

Industry News (33:14)

TikTok CEO Addresses US Security Concern

Software Supply Chain Attack Hits Thousands of Apps

Hive Ransomware Upgraded to Rust to Deliver More Sophisticated Encryption

APT Hacker Group Bitter Continues to Attack Military Targets in Bangladesh

North Korean Hackers Target US Health Providers With 'Maui' Ransomware

Marriott Plays Down 20GB Data Breach

FBI and MI5 Bosses Warn of “Massive” China Threat

Microsoft Updates Windows 11 Subsystem for Android to Introduce Support For VPN-Assigned IPs

Apple Announces 'Lockdown Mode' to Protect Journalists, Human Rights Workers From Spyware

Tweet of the Week (44:33)

https://twitter.com/alxbrsn/status/1544707673282723840

Ubisoft Accidentally Leaks Hundreds of Customer E-mail Addresses in Watch Dogs Marketing Snafu

Come on! Like and bloody well subscribe!