DiscoverThe Host Unknown PodcastEpisode 192 - The Unedited Episode
Episode 192 - The Unedited Episode

Episode 192 - The Unedited Episode

Update: 2024-05-08
Share

Description

This week in InfoSec  

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000. 

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

 

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.

The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

 

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."

The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity. 

 

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

 

Tweet of the Week 

https://twitter.com/summer__heidi/status/1783829402574639187


Come on! Like and bloody well subscribe!

Comments 
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 192 - The Unedited Episode

Episode 192 - The Unedited Episode

Javvad Malik, Thom Langford, Andrew Agnês