This week in Infosec

With content liberated from the “today in infosec” twitter account

14th August 2013: Affinity Health Plan was fined $1,215,780 for a HIPAA violation after a photocopier purchased by CBS for an investigatory report in 2010 revealed medical info.

At $1.2M, photocopy breach proves costly

https://twitter.com/todayininfosec/status/1294252352191565824  

17th August 2005: Jason Smathers, a former employee of AOL, was sentenced to 15 months in prison for selling screen names and email addresses of 92 million users to spammers.

Ex-AOL worker who stole e-mail list sentenced

Jason Smathers: Internet Criminal

https://twitter.com/todayininfosec/status/1295500512830394371

The Box incidental music © Charlie Langford

Rant of the Week

You can post LinkedIn jobs as almost ANY employer — so can attackers

Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of just about any employer—no verification needed.

And worse, the employer cannot easily take these down.

Now, that might be nothing new, but the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes.

The attackers can, for example, use this social engineering tactic to collect personal information and resumes from professionals who believe they are applying to a legitimate company, without realizing their data may be sold or used for phishing scams.

Billy Big Balls of the Week

Woman accessed ex-partner’s Alexa to torment his new girlfriend

Philippa Copleston-Warren terrified love rival by using smart device to switch lights on and off and tell her to get out of the house

Chelsea woman used Alexa to scold ex-lover’s new girlfriend

A management consultant from west London accessed the Alexa device at her ex-boyfriend’s home from more than 100 miles away to tell his new partner to get out of the house.

Philippa Copleston-Warren, 46, logged into an app linked to smart devices in the victim’s Lincolnshire home, and was able to see her ex’s new girlfriend on the property’s CCTV system.

Prosecutors said Copleston-Warren was able to tell the woman “to get out” and used the app to turn the bedside lights on and off.

At Isleworth crown court, Copelston-Warren admitted posting a naked photo of her ex-boyfriend on Facebook, accompanying it with the caption: “Do I look fat??? My daily question”.

[That was this weeks BILLY BIG BALLS]

[SEEN ON REDDIT] Thom:

Antivaxers Think Their ‘Pure’ Semen Will Skyrocket in Value

I’m going to retire as a “cum cow”

Industry News

"Jigsaw Puzzle" Phishing Attacks Use Morse Code to Hide

Cadbury Campaigns Against Cyber-bullying

Misconfigured Server Leaks US Terror Watchlist

Yik Yak Returns

Airline Employee Jailed for Spending Passengers’ Money

T-Mobile: 49 Million Customers Hit by Data Breach

JPMorgan Chase Notifies Customers of Data Breach

Coin Ninja CEO Admits Operating Darknet Bitcoin Mixer

Women Charged Over Sexually Exploitative Child Modeling Sites

Tweet of the Week

https://twitter.com/Kaipo_Rozwolf/status/1428426623091724289

OnlyFans Will Ban Pornography Starting in October, Citing Need to Comply With Financial Partners

Come on! Like and bloody well subscribe!