Small Bytes: The ‘I’m Finally G …
It’s been a wild week in the world of Cybersecurity, and it’s only Monday. We’re back with Small Bytes (after taking BIG bites out of our Easter candy last week, missed-you-very-much!), and there’s plenty of news to go around this week. Leading the day…
Bet you wish you deleted your Facebook three years ago. It’s been more than a week since we found out that Facebook, the sacred keeper of all things weird and personal, let 500 million users’ personal data slip through its tight little grasp. They found the issue lived in the platform’s “Content Importer,” which might be slang for “wide-open-window” (and the likely source for all those creepy “People You May Know” suggestions). The kicker? Facebook probably knew about this vulnerability for a lot longer than they let on. Wired has the scoop.
ICYMI: If all your exes live in Texas, chances are we saw one or two of them at last week’s widely popular Texas Virtual Cybersecurity Summit. You can hang your hat in Chicago if you missed it; that’s happening on April 20-21, and we’ve got an unforgettable line-up of keynote speakers – including one that can help you use AI to your advantage, another that will keep you on the right side of compliance, and a few touching on your security posture mid- and post-pandemic. Seriously, don’t miss this one.
And a little something if you’re worried about email security. Which, let’s face it, we all should be. Join our community partner Agari for their Trust 2021 summit, going live on Wednesday and Thursday of this week. If you haven’t registered, there’s mere hours left to get on the list.
Good News (if you’re the kind of person who loves breaches and vulnerabilities)
Well, have you been? It’s been a banner week for super-useful-cyber-tool Have I Been Pwned, thanks to the now 509,458,528 aforementioned Facebook users trying to figure out if their data fell into the wrong hands. Troy Hunt, the brains behind the site, wrote about the unprecedented traffic to his site following the breach, and ultimately decided to make phone numbers searchable on his site as a result. Insightful blog with relevant links, here. (This report was NOT Facebook pwned, phew.)
Bug, the Bounty Hunter. Everyone loves a zero-day vulnerability, but no one more than a bug bounty hunter that just earned $200,000 for the discovery. This time, it was Zoom, with an opening for a remote code execution attack that was uncovered by participants in the Pwn2Own white-hat contest. Friendly reminder that Zoom has not yet patched the issue but should get that done in roughly 90 days. ZDNet has this story.
File this under “Games You Can Play At Work.” Microsoft released an open-source cyberattack simulator, allowing you to test your skills against AI-controlled cyber agents. The program, titled “CyberBattleSim” is 100% acceptable to play while you’re on the clock. Bleeping Computer has the details.
Not A Spy Novel. Iran’s foreign minister pointed the finger at Israel as the source of a weekend blackout at an Iranian nuclear facility. This one is a bit heavier than we usually cover here, but it definitely gives us all a preview of what the future of cyber ware might look like. Deep dive from TRTWorld, draw your own conclusions.
CISA saves us all. Have you checked this week’s vulnerability summary? Seriously — you should.
Make sure that email is really from Uncle Sam. Before there was a pandemic and wild changes to tax policies in mid-March, this week once marked the filing deadline for your tax returns (except for you chronic extension-filers). This is prime time for IRS scams, so be sure you and your loved ones remain vigilant. Video from TechRepublic.
LinkedOut. One of the latest virtual walks of shame comes from LinkedIn. (Is this week ma anyone else wonder why we put so much of ourselves on social media?) While the company says the data that was scraped was all public information, it feels like a bit of a breach of trust, don’t you think? Another 500 million accounts compromised… story by The Verge.
Let’s Talk About Us
Chicago, April 20-21. We already told you but it bears repeating. Be there at the Virtual Cybersecurity Summit.
Some Smart Insights. The Capsule8 Team graced the virtual pages of our blog last week. It’s totally worth the read.
Got any tips or something you’d like to see? Let me know.
Recent news posts
SentinelOne Uncovers Dell Vulnerability, Impacting Millions of PCs
Cybersecurity Leaders Gather Virtually in Atlanta, Gain Insights From Secret Service
MFA Miss Precipitates Heavy Fines from NY Cybersecurity Regulatory Body
Indian Power Infrastructure Targeted by State-Sponsored Cyber Threats
SolarWinds, Non-Compliance, and What Brought Us to CMMC
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.