Episode 144 - The Other Peoples Work Episode episode artwork

EPISODE · Mar 17, 2023 · 43 MIN

Episode 144 - The Other Peoples Work Episode

from The Host Unknown Podcast · host Thom Langford, Andrew Agnês, Javvad Malik

This week in InfoSec (06:13) With content liberated from the “today in infosec” twitter account and further afield15th March 2000: The movie "Takedown" was released in France as "Cybertr@que". It is based on the capture of Kevin Mitnick Takedown on IMDbhttps://twitter.com/todayininfosec/status/1636083404117557248 16th March 1971: The first computer virus, Creeper, infected computers on the ARPANET, displaying "I'M THE CREEPER : CATCH ME IF YOU CAN." It was named after a villain (the Creeper) from a 1970 episode of "Scooby-Doo, Where Are You!"https://twitter.com/todayininfosec/status/1636516584394203137    Rant of the Week (13:20)What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m chargeBlackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger's customers.According to America's financial watchdog, the SEC, Blackbaud will cough up the cash - without admitting or denying the regulator's findings - and will cease and desist from committing any further violations."Blackbaud is pleased to resolve this matter with the SEC and appreciates the collaboration and constructive feedback from the Commission as the company continually improves its reporting and disclosure policies," Tony Boor, the outfit's chief financial officer, told The Register. "Blackbaud continues to strengthen its cybersecurity program to protect customers and consumers, and to minimise the risk of cyberattacks in an ever-changing threat landscape," Boor added.For perspective: the South Carolina-based firm – which provides, among other things, donor management tools to nonprofits – banked $1.1 billion in revenue in 2022, resulting in a $45.4 million loss. This settlement is the least of the biz's concerns, we imagine.Slap on the wristHere's what happened: back in May 2020, Blackbaud experienced a ransomware infection, quietly paid off the crooks, and didn't tell customers about the security breach until July 2020. And when the software company did notify customers, it assured them that the "cybercriminal did not access…bank account information, or social security numbers," according to the SEC order.By the end of that month, however, the SEC claims that Blackbaud personnel discovered that the miscreants had accessed unencrypted donor bank account information and social security numbers. But the employees allegedly didn't tell senior management about the theft of sensitive customer data because Blackbaud "did not have policies or procedures in place designed to ensure they do so," the court documents say. Make of that what you will. Billy Big Balls of the Week (23:09)1st Story (short, follow the link):Microsoft support 'cracks' Windows for customer after activation failsIn an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally.  It seems, this isn't the first time either that support professionals have employed such workarounds when under pressure to timely close out support tickets.A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer "crack" his copy using unofficial tools that bypass the Windows activation process. 2nd Story:A company who actually followed disclosure requirements (and puts TikTok in the same bucket as Meta and Google):Cerebral admits to sharing patient data with Meta, TikTok, and GoogleCerebral, a telehealth startup specializing in mental health, says it inadvertently shared the sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers, as reported earlier by TechCrunch. In a notice posted on the company’s website, Cerebral admits to exposing a laundry list of patient data with the tracking tools it’s been using as far back as October 2019.The information affected by the oversight includes everything from patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment, and more. It may have even exposed the answers clients filled out as part of the mental health self-assessment on the company’s website and app, which patients can use to schedule therapy appointments and receive prescription medication.According to Cerebral, this information got out through its use of tracking pixels, or the bits of code Meta, TikTok, and Google allow developers to embed in their apps and websites. The Meta Pixel, for example, can collect data about a user’s activity on a website or app after clicking an ad on the platform, and even keeps track of the information a user fills out on an online form. While this lets companies, like Cerebral, measure how users interact with their ads on various platforms and track the steps they take afterward, it also gives Meta, TikTok, and Google access to this information, which they can then use to gain insight into their own users. Industry News (32:43)  UK's New Privacy Bill Could Mean More Work for FirmsBlackbaud Settles $3m Charge Over Ransomware AttackMI5 Launches New Agency to Tackle State-Backed AttacksHumans Still More Effective Than ChatGPT at PhishingTick APT Group Hacked East Asian DLP Software FirmHumans Still More Effective Than ChatGPT at PhishingNCSC Calms Fears Over ChatGPT ThreatUK Joins US, Canada, Others in Banning TikTok From Government DevicesUS Government IIS Server Breached via Telerik Software Flaw Tweet of the Week (40:30)https://twitter.com/william_whyte/status/1635198775152234496https://twitter.com/J4vv4D/status/1636055929199140864?s=20 Come on! Like and bloody well subscribe!

This week in InfoSec takes us back to a time when someone would have gotten away with it if it wasn’t for those damn kids Rant of the Week explores the cost of doing business Billy Big Balls thinks a 'crack' is worth a thousand support tickets Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is a worthy disclaimer

NOW PLAYING

Episode 144 - The Other Peoples Work Episode

0:00 43:17

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Host Unknown Podcast?

This episode is 43 minutes long.

When was this The Host Unknown Podcast episode published?

This episode was published on March 17, 2023.

What is this episode about?

This week in InfoSec (06:13) With content liberated from the “today in infosec” twitter account and further afield15th March 2000: The movie "Takedown" was released in France as "Cybertr@que". It is based on the capture of Kevin Mitnick Takedown on...

Can I download this The Host Unknown Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!