This Week in InfoSec (09:55)

With content liberated from the “today in infosec” twitter account and further afield

31st March 1999: The hugely successful motion picture, The Matrix, is released on this day. Many call it a classic (ok, that’s me), many call it influential (ok, me again), but no one can deny that the impact it had on many aspects of our society from the emerging tech culture, to the movie industry, to science-fiction, to political thinking

25th March 2010: Albert Gonzales was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.

Sex, Drugs, and the Biggest Cybercrime of All Time

Rant of the Week (19:32)

Yale finance director stole $40m in computers to resell on the sly

A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.

https://www.dailymail.co.uk/news/article-10669329/Yale-School-Medicine-employee-stole-40-million-computers-electronics-school.html

Billy Big Balls of the Week (30:30)

Ubiquiti sues Krebs on Security for defamation

Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.

On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.

Apple and Meta shared data with hackers pretending to be law enforcement officials

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.

Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.

Industry News (37:24)

Dental Practice Fined for Sharing Patient Data on Social Media

Yandex is Sending iOS Users' Data to Russia

Attackers Steal $618m From Crypto Firm

New Research Claims Biden's Disclosure Deadlines Are Unrealistic

NCSC: Time to Rethink Russian Supply Chain Risks

Cyber-attack on California Healthcare Organization

New Version of PCI DSS Designed to Tackle Emerging Payment Threats

No Patch Available Yet for Critical SpringShell Bug

CISA Issues UPS Warning

Tweet of the Week (

https://twitter.com/AskAManager/status/1509246642364588040

https://twitter.com/HackingLZ/status/1509529191439425540

Come on! Like and bloody well subscribe!