A quick Saturday digest of cybersecurity news articles from other sources.
A leaky database spilled 2FA codes for the world’s tech giants (3 minute read)
A database belonging to YX International, which routes millions of SMS messages daily, was left exposed online without a password. The database contained sensitive one-time passcodes that grant access to accounts on Facebook, Google, and TikTok. The company secured the database after being contacted by a security researcher.
Hackers Stole ‘Sensitive’ Data From Taiwan Telecom Giant: Ministry (3 minute read)
Taiwan’s defense ministry has confirmed that hackers stole sensitive military and government documents from Chunghwa Telecom and sold them online. The breach, initially reported by TVBS, included 1.7TB of data that the hackers claim contains contracts and information from the armed forces, foreign ministry, and coast guard.
A Killswitch For AI … Daisy, Daisy? (5 minute read)
As AI advances, serious questions arise about its potential impacts on society. Could it destroy civilization, turn us into zombies, or view humans as we view dogs? While AI poses risks, thoughtful regulation and ethical development can help realize benefits and avoid pitfalls depicted in sci-fi like 2001: A Space Odyssey with HAL. This post dives into the current ways we are preparing against AI as a society.
Airbnb scam sends you to a fake Tripadvisor site, takes your money
One of our researchers was targeted by a scammer advertising on Airbnb and hosting a fake Tripadvisor website.
CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware
02/29/2024 12:15 PM EST
Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February 2024.
Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars.
CISA, the FBI, and MS-ISAC encourages critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Phobos ransomware and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage and the updated #StopRansomware Guide.
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin
Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, “the largest information-gathering enterprise ever conceived by man.”
In 2019, technologist Mike Yeagley warned U.S. national security agencies that location data from apps like Grindr could reveal sensitive information about government employees.
Yeagley showed how he could use geofencing to identify devices likely belonging to Pentagon and intelligence agency staff by tracking their movements to and from sensitive facilities. This highlighted the massive privacy risks from vast troves of location data gathered by mobile advertising companies.
Yeagley was familiar with these risks because he had previously helped bring advertising location data into government use. While working for defense contractor PlanetRisk, Yeagley developed a tool called Locomotive in 2016 which allowed tracking of device locations worldwide using commercial data.
Locomotive was later renamed VISR and provided to special forces for intelligence work. Other government agencies also began using advertising location data.
The key insight was that while device IDs are anonymized, the specificity of individual movement patterns means identities can be uncovered. Vast volumes of location data are gathered from bid requests made when mobile apps request ads. More…
Ex-NCSC chief renews call for ban on ransom to hackers
Ciaran Martin, former CEO of the UK National Cyber Security Centre, is again calling for ransom payments to hackers to be banned in the UK and other countries, pointing to the $20 billion ransomware industry. Jake Moore of ESET counters, saying making ransom payments illegal can force some organizations to fold or drive payments underground.
Full Story: Computing (UK) (3/5),
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com