This week in InfoSec  (06:25)

With content liberated from the “today in infosec” twitter account and further afield

16th February 2010: Version 2.0 of the CWE/SANS Top 25 Most Dangerous Software Errors was released.

Take a look and decide which of these weaknesses have been eradicated over the last 14 years.

Web Archive

https://twitter.com/todayininfosec/status/1758712418601971748

20th February 2003: Alan Giang Tran, former network admin for 2 companies, was arrested after allegedly destroying data on the companies' networks. Two months later he pleaded guilty to a federal charge of intentionally causing damage to a protected computer.

https://twitter.com/todayininfosec/status/1760021831354896443

Rant of the Week (14:01)

Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data

Avast, the cybersecurity software company, is facing a $16.5 million fine after it was caught storing and selling customer information without their consent. The Federal Trade Commission (FTC) announced the fine on Thursday and said that it’s banning Avast from selling user data for advertising purposes.

From at least 2014 to 2020, Avast harvested user web browsing information through its antivirus software and browser extension, according to the FTC’s complaint. This allowed it to collect data on religious beliefs, health concerns, political views, locations, and financial status. The company then stored this information “indefinitely” and sold it to over 100 third parties without the knowledge of customers, the complaint says.

Billy Big Balls of the Week(25:02)
Husband 'made over a million' by eavesdropping on BP wife

The husband of a BP employee has been charged with insider trading in the US following claims he overheard details of calls made by his wife while working from home.

The US Securities and Exchange Commission alleged Tyler Loudon made $1.76m (£1.39m) in illegal profits.

The regulator claimed Mr Loudon heard several of his wife's conversations about BP's takeover of TravelCenters of America and bought shares in the firm.

BP has declined to comment.

The SEC said: "We allege that Mr Loudon took advantage of his remote working conditions and his wife's trust to profit from information he knew was confidential."

His wife - a mergers and acquisitions manager at BP - worked on the oil giant's takeover of TravelCenters. 

The SEC said Mr Loudon purchased 46,450 shares of TravelCenter's stock, without his wife's knowledge, before the deal was made public in February last year.

Following the announcement, TravelCenter's share price rose nearly 71% and Mr Loudon allegedly immediately sold all of his newly-bought shares for a profit, the SEC said.

Industry News (32:16)

Attacker Breakout Time Falls to Just One Hour

NCSC Sounds Alarm Over Private Branch Exchange Attacks

Biden Executive Order to Bolster US Maritime Cybersecurity

Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited

Chinese Duo Found Guilty of $3m Apple Fraud Plot

OWASP Releases Security Checklist for Generative AI Deployment

Russian-Aligned Network Doppelgänger Targets German Elections

Change Healthcare Cyber-Attack Leads to Prescription Delays

ICO Bans Serco Leisure's Use of Facial Recognition for Employee Attendance

Tweet of the Week (42:37)

https://twitter.com/lauriewired/status/1760751495073640705

Come on! Like and bloody well subscribe!