London saw a few flakes of snow drop this week, and social media nearly broke with everyone sharing photos of the white pixie dust falling from the sky. Fortunately, I have few friends, and even fewer social media platforms that I use, so was saved from most of the insanity… well, except for my daughter singing “let it snow”.
The Curious Case of the Raspberry Pi in the Network Closet
What would you do if you found a Raspberry Pi plugged into the network closet? Sounds like something from your worst nightmare, especially if you hadn’t commissioned any red team testing.
But that’s exactly what one team found, and this is the story of how they tracked down (almost) the suspect. If Scooby Doo has taught me anything, it was the janitor!
- The curious case of the Raspberry Pi in the network closet | Christian Haschek
Ad Company Serves Magecard Code
To quote Miss IG Geek, when your supply chain is so long you don’t even know who’s got their fingers in your website, you cannot manage your risk.
Yeah, go ahead, ask me to disable my ad-blocker.
Hunting the Con Queen of Hollywood: Who's the "Crazy Evil Genius" Behind a Global Racket?
This is a story from last July, but only saw it this week, and wow. This is a masterclass in social engineering, and the work of someone who genuinely seems to enjoy tormenting her victims.
- Hunting the Con Queen of Hollywood: Who's the "Crazy Evil Genius" Behind a Global Racket? | Hollywood Reporter
- Beware Of This Scam Targeting Travel Photographers And Instagram Influencers | SLR Lounge
The DDoS Attacker Rescued by a Disney Cruise Ship is Sentenced to Over 10 Years in Prison
A 34-year old man has been sentenced to more than 10 years in prison, after being found guilty of launching a massive denial-of-service attack against Boston Children’s Hospital.
The sentencing of Martin Gottesfeld, from Somerville, Massachusetts, comes almost three years after he attempted to escape to Cuba – a plan that failed after his speedboat broke down in the choppy sea, and he was picked up by a Disney cruise liner.
- The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison | Hot for Security
Facebook Cybersecurity Exec Victim of Swatting Call
A Facebook cybersecurity exec had his home swatted by Palo Alto police after a prank call claimed he shot his wife, tied up his kids, and placed pipe bombs around the house.
A SWAT squad arrived in force at the exec's home, a two-bedroom house in Palo Alto, ordered him to step out, and quicky arrested the man as they searched the house.
Officers released the exec after a few hours when they realized the call was just another swatting hoax carried out by anonymous users using untraceable phone numbers.
Software Bill of Materials (SBoM) - Does It Work for DevSecOps?
Rob Graham raises some interesting points about SBoM. I used to think it was a great concept… well, I still do, but it’s more nuanced than I initially thought it to be.
- Software Bill of Materials (SBoM) - Does It Work for DevSecOps? | AlienVault blog
Location Data is Ground Zero in Privacy Wars
Our phones' GPS and location capabilities are a key part of what make them magical — enabling them to speed our commutes, hail rides and find the devices when we lose them. These capabilities are also ground zero for the looming fight over defining the boundaries of privacy and acceptable uses of our personal information.
On the topic of phones
Speaking of privacy
Oklahoma Data Breach May Expose 7 years of FBI Investigations
A massive data breach was discovered at the Oklahoma Securities Commission, leaving an unsecured pathway to millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials to be purloined by potential black hats.
Other Stories I Hearted This Week
- America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It | WSJ
- Slack has a new logo | Slack (no seriously, it’s an interesting read on why a company’s brand identity sometimes needs to evolve).