This Week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

10th August 1988: 34 years ago today, Dade Murphy aka Zero Cool crashed 1507 computers, causing a 7 point drop in the NY stock exchange. He was 11 and his family was fined $45,000. He was banned from touching a computer until he turned 18.

https://twitter.com/hakluke/status/1557242086423871488

6th August 2014: A hacker announced the theft of 40 GB of data from the maker of FinFisher spyware, then leaked the price list, client list, and more.

A Hacker Claims to Have Leaked 40GB of Docs on Government Spy Tool FinFisher

Top gov't spyware company hacked; Gamma's FinFisher leaked

https://twitter.com/todayininfosec/status/1158956449248108544

11th August 2015: A day after Oracle CSO Mary Ann Davidson posted a blog titled "No, You Really Can’t", security community blowback caused Oracle to remove the post.

No, you really can’t (Wayback Machine)

Oracle has this Modest Proposal, via its CSO

https://twitter.com/todayininfosec/status/1293374259637768194

Rant of the Week

Meta's chatbot says the company 'exploits people'

Meta's new prototype chatbot has told the BBC that Mark Zuckerberg exploits its users for money.

Meta says the chatbot uses artificial intelligence and can chat on "nearly any topic".

Asked what the chatbot thought of the company's CEO and founder, it replied "our country is divided and he didn't help that at all".

Meta said the chatbot was a prototype and might produce rude or offensive answers.

"Everyone who uses Blender Bot is required to acknowledge they understand it's for research and entertainment purposes only, that it can make untrue or offensive statements, and that they agree to not intentionally trigger the bot to make offensive statements," said a Meta spokesperson.

The chatbot, called BlenderBot 3, was released to the public on Friday.

The programme "learns" from large amounts of publicly available language data.

Billy Big Balls of the Week

Background:  Twilio discloses data breach after SMS phishing attack on employees

"On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials," Twilio said over the weekend.

"The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data."

The company also revealed the attackers gained access to its systems after tricking and stealing credentials from multiple employees targeted in the phishing incident.

To do that, they impersonated Twilio's IT department, asking them to click URLs containing "Twilio," "Okta," and "SSO" keywords that would redirect them to a Twilio sign-in page clone.

​

The SMS phishing messages baited Twilio's employees into clicking the embedded links by warning them that their passwords had expired or were scheduled to be changed.

BBB: Cloudflare: Someone tried to pull the Twilio phishing tactic on us too.  

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.

Twilio reported a breach after employees received phishing text messages claiming to be from the company's IT department. These fooled them into logging into a fake web page designed to look like Twilio's own sign-in page, using pretexts such as claiming they needed to change their passwords. The attackers were then able to use credentials supplied by the victims to log into the real site.

According to Cloudflare, it recorded a very similar incident late last month, which could suggest the two attacks may have originated from the same attacker or group.

Detailing the incident on its blog, the content delivery network claimed that no Cloudflare systems were compromised, but said it was "a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached."

Industry News

Meta Takes Action Against Cyber Espionage Operations Targeting Facebook in South Asia

Number of Firms Unable to Access Cyber-Insurance Set to Double

Smishing Attack Led to Major Twilio Breach

Health Adviser Fined After Illegally Accessing Medical Records

US Treasury Sanctions Virtual Currency Mixer For Connections With Lazarus Group

Predator Pleads Guilty After Targeting Thousands of Girls Online

Cyber-criminals Shift From Macros to Shortcut Files to Hack Business PCs, HP Reports

DeathStalker's VileRAT Continues to Target Foreign and Crypto Exchanges

Suspected $3m Romance Scammer Extradited to Japan

Tweet of the Week

https://twitter.com/mttaggart/status/1557399523575508993

Come on! Like and bloody well subscribe!