This week in InfoSec (14:00)

With content liberated from the “today in infosec” twitter account and further afield

18th August 2003: The Nachi worm began infecting Windows computers with the goal of REMOVING the Blaster worm and patching the vulnerability exploited by both worms.   

Worm aims to eradicate Blaster

https://twitter.com/todayininfosec/status/1692616573524050259

26th August 2008: It was reported that a laptop on the International Space Station was infected by removable media containing the http://W32.Gammima.AG worm. Space. Where you don't want to be dealing with malware.

Malware detected at the International Space Station

https://twitter.com/todayininfosec/status/1298690676448735232

Rant of the Week (19:02)

Cellebrite asks cops to keep its phone hacking tech ‘hush hush’

For years, cops and other government authorities all over the world have been using phone hacking technology provided by Cellebrite to unlock phones and obtain the data within. And the company has been keen on keeping the use of its technology “hush hush.”

As part of the deal with government agencies, Cellebrite asks users to keep its tech — and the fact that they used it — secret, TechCrunch has learned. This request concerns legal experts who argue that powerful technology like the one Cellebrite builds and sells, and how it gets used by law enforcement agencies, ought to be public and scrutinized.

[That was this weeks Rant of the week]

Billy Big Balls of the Week (28:35)

Two teens were among those behind the Lapsus$ cyber-crime spree, jury finds

Two teenage members of the chaotic Lapsus$ cyber-crime gang helped compromise computer systems of Uber and Nvidia, and also blackmailed Grand Theft Auto maker Rockstar Games among other high-profile victims, a jury has decided.

At Southwark Crown Court in London, England, on Wednesday, Arion Kurtaj, 18, and a 17-year-old male who because of his age cannot be identified for legal reasons were found to have committed various crimes. Kurtaj was held in custody while the other was released on bail; both await sentencing.

This was an unusual case in that the jury was told not to find Kurtaj, who is autistic, guilty or not guilty as psychiatrists had earlier assessed that he was unfit to stand trial. Instead, the panel was asked to decided whether or not he did the things he was accused of.

The two teens, along with other Lapsus$ members, also broke into and attempted to extort telecoms giant BT, Microsoft, Samsung, Vodafone, fintech firm Revolut, and Okta during their crime spree between 2021 and 2022.

Industry News (36:23)

UK’s AI Safety Summit Scheduled For Early November

Police Insider Tipped Off Criminal Friend About EncroChat Bust

Tesla: Insiders Responsible For Major Data Breach

Cyber-Attack on Australian Utility Firm Energy One Spreads to UK Systems

Experian Pays $650,000 to Settle Spam Claims

WinRAR Vulnerability Affects Traders Worldwide

Sensitive Data of 10 Million at Risk After French Employment Agency Breach

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

FBI Flags $40M Crypto Cash-Out Plot By North Korean Hackers

Tweet of the Week (47:47)

https://twitter.com/securityweekly/status/1694705119793746015

Come on! Like and bloody well subscribe!