This week in Infosec

20th February 2003: Alan Giang Tran, former network admin for 2 companies, was arrested after allegedly destroying data on the companies' networks. Two months later he pleaded guilty to a federal charge of intentionally causing damage to a protected computer.

Man arrested for allegedly shutting down employers' computers

https://twitter.com/todayininfosec/status/1627748857856593931

18th February 2008: 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets.

Burger King Twitter Account Hacked

https://twitter.com/todayininfosec/status/1627115690577608707

Rant of the Week

Accidental WhatsApp account takeovers? It's a thing

A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.

Your humble vulture heard this bizarre tale of inadvertent WhatsApp account hijacking from a reader, Eric, who told us this happened to his son, Ugo.

"This is a massive privacy violation," Eric said. "My son had long-lasting access to that person's private messages as well as group messages, both personal and work related."

The security hole stems from wireless carriers' practice of recycling former customers' phone numbers and giving them to new customers.

WhatsApp acknowledges that this can happen, but says it's extremely rare.

Billy Big Balls

GoDaddy: Hackers stole source code, installed malware in multi-year breach

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.

The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.

Industry News

Norway Seizes Millions in North Korean Crypto

FBI "Contains" Cyber-Incident on its Network

GoDaddy Announces Source Code Stolen and Malware Installed in Breach

Ransomware Gang Seeks to Exploit Victims' Insurance Coverage

City Fund Managers Jailed for $8m Fraud

Hydrochasma Group Targets Asian Medical and Shipping Sectors

Phishing Sites and Apps Use ChatGPT as Lure

ICO Calls on Accountants to Improve SME Data Protection

Hackers Use S1deload Stealer to Target Facebook, YouTube Users

Tweet of the Week

https://twitter.com/unusual_whales/status/1628898963087851521?s=20 

Come on! Like and bloody well subscribe!