There was no update last week because I was in Dallas for the AT&T Business Summit which was a great event. Chuck Brooks wrote a detailed post on his experience, while I made a couple of videos charting my time.
But enough of that, lets see what went down in the world of security over these last few days.
One of the biggest stories in these past few days must be the Facebook breach. The company issues a security update on September 28th which led with the facts,
On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.
At this stage, there are probably more questions than answers and it’s likely this is one story that will play out for a long time.
- The ultimate fallout from the Facebook data breach could be massive | Help Net Security
- Facebook faces $1.6 billion fine as top EU regulator officially opens probe into data breach | CNBC
- What we still don’t know about the Facebook breach | The Verge
- The Facebook security meltdown exposes way more sites than Facebook | Wired
Local file inclusion at IKEA.com
Flatpack vulnerabilities now available in this great writeup by Jonathan Bouman.
- Local file inclusion at IKEA | Medium / Jonathan Bouman
Out of office notices for OSINT
A nice reminder by Stuart Coulson on the perils of out of office notifications, and how they can divulge a lot more than you’d want to anyone.
- Out Of Office notices for OSINT | HiddenText
- While you’re on the HiddenText site, check out, Seven types of cyber criminals : 2018 version
Put ads down your Pi-Hole
Nobody really likes ads when they’re browsing online. So, they sometimes revert to using adblockers. But there are some issues with those as well.
Surely, in an industry full of clever tech people, hackers, and tinkerers, there is a better way - enter Pi-hole.
Self-described as a black hole for internet ads, it is basically a mini DNS server you run on a Raspberry Pi in your local network through which your traffic goes and then blacklists any malicious domains.
Both Scott Helme and Troy Hunt have detailed write ups on how to get it installed and running.
- Mmm… Pi-hole… | Troy Hunt
- Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 126.96.36.199 | Scott Helme
Bupa fined £175k
International health insurance business Bupa has been fined £175,000 after a staffer tried to sell more than half a million customers' personal information on the dark web.
The miscreant was able to access Bupa's CRM system SWAN, which holds records on 1.5 million people, generate and send bulk data reports on 547,000 Bupa Global customers to his personal email account.
The information – which included names, dates of birth, email addresses, nationalities and administrative info on the policy, but not medical details – was then found for sale on AlphaBay Market before it was shut down last year.
- Health insurer Bupa fined £175k after staffer tried to sell customer data on dark web souk | The Register
Hiding Bash history
Robin Wood has helped answer the question many have undoubtedly thought when running commands on a Linux box, that the bash history will be logging everything you run.
Another useful tip by the man known as DigiNinja.
- Hiding from Bash history | Digi Ninja
The A-Z of security threats 2018
Davey Winder talks to industry experts around the whole gamut of cyber hazards that have emerged so far in 2018.
- The A-Z of security threats 2018 | ITPRO