This week in InfoSec (08:56)

With content liberated from the “today in infosec” twitter account and further afield

2006: The http://wikileaks.org domain name was registered, though the first document wasn't posted to WikiLeaks until December.

Assange taken from Ecuador embassy in April 2019, since been staying at his majesty’s pleasure at Belmarsh.

2005: The Samy worm, the first self-propagating cross-site scripting worm, was released onto the mega-popular MySpace by 19-year-old Samy Kamkar (

@samykamkar

He's since made numerous impactful security and privacy field contributions. 

https://en.m.wikipedia.org/wiki/Samy_Kamkar

https://en.wikipedia.org/wiki/Samy_(computer_worm)

The worm itself was relatively harmless; it carried a payload that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page as well as send Samy a friend request. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability.[1]

2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault. 

https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.html

It took 960 hours (40 days) between Equifax finding out about the breach and warning the public.  Millions of people’s data in US, UK, and elsewhere stolen.

Rant of the Week (17:16) 

https://www.theregister.com/2023/10/04/onedrive_to_acquire_copilot_skills/

Microsoft is to overhaul OneDrive in a move that will bring Copilot to the cloud storage service and herd users towards the tool's web interface.

Inevitably, Copilot skills are due to arrive in OneDrive. Microsoft hopes these will help users find files and stay organized. Worryingly, in the example given, Copilot can move files around and create folders depending on its interpretation of the user's instructions. What could possibly go wrong?

Billy Big Balls of the Week (26:06)

EXCLUSIVE A four-hour system interruption in September at the Veterans Affairs Medical Center in Kansas City, Missouri has been attributed to a cat jumping on a technician's keyboard.

So we're told by a source, who heard the tale on one of the regular weekday calls held by the US government department with its CIO, during which recent IT problems are reviewed. We understand that roughly 100 people – contractors, vendors, and employees – participate in these calls at a time.

On a mid-September call, one of the participants explained that while a technician was reviewing the configuration of a server cluster, their cat jumped on the keyboard and deleted it. Or at least that's their story.

Kurt DelBene, assistant secretary for information and technology and CIO at the Department of Veterans Affairs, is said to have responded on the call with words to the effect that: "This is why I have a dog." There was laughter and not much more – it was a short incident report.

https://www.theregister.com/2023/10/05/hospital_cat_incident/

Industry News (31:30)

Apple Issues Emergency Patches for More Zero-Day Bugs

Record Numbers of Ransomware Victims Named on Leak Sites

CISA and NSA Tackle IAM Security Challenges in New Report

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

Critical Glibc Bug Puts Linux Distributions at Risk

US Government Proposes SBOM Rules for Contractors

China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns

GoldDigger Android Trojan Drains Victim Bank Accounts

LightSpy iPhone Spyware Linked to Chinese APT41 Group

Tweet of the Week (40:56)

https://twitter.com/infosecmo/status/1709289777973883000?s=61&t=UAjRqPj0iqNyKsG8ZaAiig

Come on! Like and bloody well subscribe!