Things I Hearted This Week, 18 Jan 2019

January 18, 2019 | Javvad Malik

London saw a few flakes of snow drop this week, and social media nearly broke with everyone sharing photos of the white pixie dust falling from the sky. Fortunately, I have few friends, and even fewer social media platforms that I use, so was saved from most of the insanity… well, except for my daughter singing “let it snow”.

The Curious Case of the Raspberry Pi in the Network Closet

What would you do if you found a Raspberry Pi plugged into the network closet? Sounds like something from your worst nightmare, especially if you hadn’t commissioned any red team testing.

But that’s exactly what one team found, and this is the story of how they tracked down (almost) the suspect. If Scooby Doo has taught me anything, it was the janitor!

Ad Company Serves Magecard Code

To quote Miss IG Geek, when your supply chain is so long you don’t even know who’s got their fingers in your website, you cannot manage your risk.

Yeah, go ahead, ask me to disable my ad-blocker.

Hunting the Con Queen of Hollywood: Who's the "Crazy Evil Genius" Behind a Global Racket?

This is a story from last July, but only saw it this week, and wow. This is a masterclass in social engineering, and the work of someone who genuinely seems to enjoy tormenting her victims.

The DDoS Attacker Rescued by a Disney Cruise Ship is Sentenced to Over 10 Years in Prison

A 34-year old man has been sentenced to more than 10 years in prison, after being found guilty of launching a massive denial-of-service attack against Boston Children’s Hospital.

The sentencing of Martin Gottesfeld, from Somerville, Massachusetts, comes almost three years after he attempted to escape to Cuba – a plan that failed after his speedboat broke down in the choppy sea, and he was picked up by a Disney cruise liner.

Facebook Cybersecurity Exec Victim of Swatting Call

A Facebook cybersecurity exec had his home swatted by Palo Alto police after a prank call claimed he shot his wife, tied up his kids, and placed pipe bombs around the house.

A SWAT squad arrived in force at the exec's home, a two-bedroom house in Palo Alto, ordered him to step out, and quicky arrested the man as they searched the house.

Officers released the exec after a few hours when they realized the call was just another swatting hoax carried out by anonymous users using untraceable phone numbers.

Software Bill of Materials (SBoM) - Does It Work for DevSecOps?

Rob Graham raises some interesting points about SBoM. I used to think it was a great concept… well, I still do, but it’s more nuanced than I initially thought it to be.

Location Data is Ground Zero in Privacy Wars

Our phones' GPS and location capabilities are a key part of what make them magical — enabling them to speed our commutes, hail rides and find the devices when we lose them. These capabilities are also ground zero for the looming fight over defining the boundaries of privacy and acceptable uses of our personal information.

On the topic of phones

Speaking of privacy

Oklahoma Data Breach May Expose 7 years of FBI Investigations

A massive data breach was discovered at the Oklahoma Securities Commission, leaving an unsecured pathway to millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials to be purloined by potential black hats.

Other Stories I Hearted This Week

Javvad Malik

About the Author: Javvad Malik

The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial