It’s been another busy, interesting, and confusing week in the world of security and technology – so let’s just get down to it.
50k Aussie government and banks staff records breached
The personal details of more than 4,000 government employees have been exposed in a massive data breach of 50,000 staff records from various companies across Australia. It is believed to be the second-largest data breach in Australian history after the details of just over half a million blood donors were accidentally leaked by the Red Cross in 2016.
- Contractor breach exposes 50k Aussie govt, bank staff records | IT News
- AMP among companies affected by data breach of 50,000 staff records | The Guardian
Wrestling student hacks grades
A former chemistry student allegedly used keystroke-logging gadgets to steal tutors' passwords, change classmates' grades and download copies of exams ahead of time. Amateur wrestler Trevor Graves, 22, who studied at the University of Iowa was arrested and indicted this month on two hacking charges – each of which could land him up to ten years in the clink if found guilty. In paperwork (pdf) submitted to an Iowa district court, FBI agent Jeffrey Huber recounted that in December of last year one of the university's teachers noticed that Graves' grades had mysteriously improved.
- High-tech cheating scheme prompts charges at University of Iowa | Press Citizen
- FBI: Student wrestler grappled grades after choking passwords from PCs using a key logger | The Register
Hackers Using Default SSH Creds to Take Over Ethereum Mining Equipment
A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own. Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner.
Change your default credentials, kids. Or better still, manufacturers – force users to change default credentials on first use!
- Hackers Using Default SSH Creds to Take Over Ethereum Mining Equipment | Bleeping Computer
How to become a pentester
This one is from the archives, but equally relevant today as it was two years ago when published. Going through a lot of the methodology and answering most questions budding pen testers would have.
- How to become a pentester | Corelan Team
Circle with Disney web filter riddled with vulnerabilities
A ‘smart’ thing made by Disney has more holes in it than swiss cheese. Who could have ever predicted such a thing?
Circle with Disney is supposed to allow parents the ability to control their children's internet browsing activity and times. But those pesky researchers at Cisco Talos unmasked at least 23 vulnerabilities that can be used to hijack full families of devices.
- Hack-It Ralph? Circle with Disney parental filter filled with exploitable flaws | SC Magazine
- Circle with Disney web filter riddled with vulnerabilities | ZDNet
- Internet Monitoring Platform Put Families at Risk | Infosecurity magazine
The thought police are coming
As the case moved forward, the prosecution acknowledged that Walker was not suspected of plotting any kind of terrorist atrocity. The government was instead arguing that his mere possession of the book was a violation of the Terrorism Act’s Section 58 because it contained information that could have been useful to a terrorist if discovered. The book is freely available to anyone on the internet, and versions of it can even be purchased on Amazon. Regardless, prosecution lawyer Robin Sellers said it was possible a “radicalized” person could find Walker’s copy of the book and use it to prepare an attack.
We’re building a dystopia just to make people click on ads
We're building an artificial intelligence-powered dystopia, one click at a time, says techno-sociologist Zeynep Tufekci. In an eye-opening talk, she details how the same algorithms companies like Facebook, Google and Amazon use to get you to click on ads are also used to organize your access to political and social information. And the machines aren't even the real threat. What we need to understand is how the powerful might use AI to control us -- and what we can do in response.
How to become an infosec thought leader
Have you ever wondered what it would take to become a recognised thought leader in infosec? Well, wonder no more.
A short fun, satirical video I put together with Space Rogue on how to become an infosec thought leader