This week in InfoSec  (08:19)

With content liberated from the “today in infosec” twitter account and further afield

31st Jan 2011 (13 years ago): Chris Russo reported a vulnerability to dating website PlentyOfFish's CEO Markus Frind's wife. Yada yada yada Markus Frind then accused Russo of extortion and emailed Russo's mother.  

https://techcrunch.com/2011/01/31/plentyoffish-ceo-we-were-hacked-almost-extorted-so-i-emailed-the-hackers-mom/

https://krebsonsecurity.com/2011/01/plentyoffish-com-hacked-blames-messenger/

Rant of the Week (13:56)

The TikTok Hearing Revealed That Congress Is the Problem

For some, the job on Thursday was casting the hearing's only witness, TikTok CEO Shou Zi Chew, as a stand-in for the Chinese government—in some cases, for communism itself—and then belting him like a side of beef. More than a few of the questions lawmakers put to Chew were vague, speculative, and immaterial to the allegations against his company. But the members of Congress asking those questions feigned little interest in Chew’s responses anyway. 

Attempts by Chew, a 40-year-old former Goldman Sachs banker, to elaborate on TikTok’s business practices were frequently interrupted, and his requests to remark on matters supposedly of considerable interest to members of Congress were blocked and occasionally ignored. These opportunities to get the CEO on record, while under oath, were repeatedly blown in the name of expediency and for mostly theatrical reasons. Chew, in contrast, was the portrait of patience, even when he was being talked over. Even when some lawmakers began asking and, without pause, answering their own questions.

The hearing might’ve been a flop, had lawmakers planned to dig up new dirt on TikTok, which is owned by China-based ByteDance, or even hash out what the company could do next to allay their concerns. But that wasn't the aim. The House Energy and Commerce Committee was gathered, it said, to investigate “how Congress can safeguard American data privacy and protect children from online harms.” And on that, the hearing revealed plenty.

Billy Big Balls of the Week (23:41)

ICBC Partners Wary to Resume Trading With Bank After Cyberattack

 Industrial & Commercial Bank of China Ltd., the world’s largest lender by assets, has been unable to convince some market participants that it’s safe to reconnect their computer networks to the bank’s US unit after a ransomware attack disrupted its systems, according to people familiar with the matter.

The attack, which was claimed by the Russia-linked LockBit cybercrime and extortion gang earlier this month, impeded trading in the $26 billion Treasury market and, the people said, it has left users of the bank’s US arm skittish about trading with the bank.

For its part, ICBC has told users that its US division is back online and operational, the people said. One person familiar with the hack and investigation said a reason the bank could get back online quickly was that a key part of its trading system was unaffected by the attack — a server that was more than 20 years old, made by now-defunct IT equipment maker Novell Inc.. That server contained much of the bank’s trading data and capabilities and is so old that LockBit’s ransomware didn’t work on it, the person said.

Industry News (35:28)

US Agencies Failure to Oversee Ransomware Protections Threaten White House Goals

US Thwarts Volt Typhoon Cyber Espionage Campaign Through Router Disruption

Interpol-Led Initiative Targets 1300 Suspicious IPs

Ivanti Releases Zero-Day Patches and Reveals Two New Bugs

Pump-and-Dump Schemes Make Crypto Fraudsters $240m

Google’s Bazel Exposed to Command Injection Threat

Tweet of the Week (41:51)

https://x.com/MikeIrvo/status/1752123455125016839?s=20

Come on! Like and bloody well subscribe!