This week in InfoSec (13:28)

With content liberated from the “today in infosec” twitter account and further afield

5th November 1993: Bugtraq was created by Scott Chasin as a full disclosure vulnerability reporting mailing list at the dawn of the World Wide Web. Bugtraq had an enormous influence on how orgs responded to vuln disclosure and paved the way for a shift which led to bug bounty programs.

https://twitter.com/todayininfosec/status/1853799779626578186  

5th November 2007: Google introduces the Android platform, its mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.

https://thisdayintechhistory.com/11/05/android-introduced/

Rant of the Week (18:54)  

Voted in America? This Site Doxed You

If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people.

Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process—simply voting—into a security and privacy threat.

Billy Big Balls of the Week (27:09)

Schneider Electric ransomware crew demands $125k paid in baguettes

https://www.theregister.com/2024/11/05/schneider_electric_cybersecurity_incident/

Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.

And yes, you read that right: payment in baguettes. As in bread.

Schneider Electric declined to answer The Register's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency. 

A spokesperson, however, emailed us the following statement:

"Schneider Electric is investigating a cybersecurity incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilised to respond to the incident. Schneider Electric's products and services remain unaffected."

Industry News (33:18)

Google Cloud to Mandate Multifactor Authentication by 2025

IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks

Defenders Outpace Attackers in AI Adoption

UK Cybersecurity Wages Soar Above Inflation as Stress Levels Rise

NCSC Publishes Tips to Tackle Malvertising Threat

Canada Orders Shutdown of Local TikTok Branch Over Security Concerns

UK Regulator Urges Stronger Data Protection in AI Recruitment Tools

Interlock Ransomware Targets US Healthcare, IT and Government Sectors

Major Oilfield Supplier Hit by Ransomware Attack

Tweet of the Week (41:01)

https://twitter.com/fesshole/status/1854832499714576399

Come on! Like and bloody well subscribe!