This week in InfoSec (13:28)With content liberated from the “today in infosec” twitter account and further afield5th November 1993: Bugtraq was created by Scott Chasin as a full disclosure vulnerability reporting mailing list at the dawn of the World Wide Web. Bugtraq had an enormous influence on how orgs responded to vuln disclosure and paved the way for a shift which led to bug bounty programs.https://twitter.com/todayininfosec/status/1853799779626578186 5th November 2007: Google introduces the Android platform, its mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.https://thisdayintechhistory.com/11/05/android-introduced/ Rant of the Week (18:54) Voted in America? This Site Doxed YouIf you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people.Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process—simply voting—into a security and privacy threat. Billy Big Balls of the Week (27:09)Schneider Electric ransomware crew demands $125k paid in baguetteshttps://www.theregister.com/2024/11/05/schneider_electric_cybersecurity_incident/Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.And yes, you read that right: payment in baguettes. As in bread.Schneider Electric declined to answer The Register's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency. A spokesperson, however, emailed us the following statement:"Schneider Electric is investigating a cybersecurity incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilised to respond to the incident. Schneider Electric's products and services remain unaffected." Industry News (33:18)Google Cloud to Mandate Multifactor Authentication by 2025IRISSCON: Organizations Still Falling Victim to Predictable Cyber-AttacksDefenders Outpace Attackers in AI AdoptionUK Cybersecurity Wages Soar Above Inflation as Stress Levels RiseNCSC Publishes Tips to Tackle Malvertising ThreatCanada Orders Shutdown of Local TikTok Branch Over Security ConcernsUK Regulator Urges Stronger Data Protection in AI Recruitment ToolsInterlock Ransomware Targets US Healthcare, IT and Government SectorsMajor Oilfield Supplier Hit by Ransomware Attack Tweet of the Week (41:01)https://twitter.com/fesshole/status/1854832499714576399 Come on! Like and bloody well subscribe!
