Security Leftovers
NBC ☛ Orange County’s DA's Office experiences data breach - NBC Los Angeles
The Orange County District Attorney's Office revealed that portions of its information technology system were breached on Friday, Oct. 20.
Hackers broke into the Orange County District Attorney's office's information technology system last week, the DA's office announced Monday.
The office did not specify whether any information was compromised, but said in a press release that it took "immediate action" to shut down its cybersecurity infrastructure as soon as it learned of the breach Friday.
The breach can take one to two weeks to investigate, an unidentified official told City News Service. No ransomware or virus has been identified at this time, according to the official.
Biometric Update ☛ Indian govt’s insistence that Aadhaar is secure rings hollow in wake of breaches
India is bleeding biometric information, with new data breaches giving credence to a recent report by the credit rating agency Moody’s warning that Aadhaar’s centralized biometric digital ID system has privacy and security vulnerabilities.
A piece in Security Affairs reports that earlier this month, the cybersecurity firm Resecurity found hundreds of millions of records containing personally identifiable information (PII) for sale on the dark web. Aadhaar cards were among the data on offer.
Iustin Pop: OS updates are damn easy nowadays!
I’m baffled at how simple and reliable operating system updates have become.
Upgraded Debian bullseye to bookworm, across a few systems, easy. On VMs, it’s even so fast that installing base system from scratch is probably the same time.
But Linux/Debian OFC works well. Shall we look at MacOS? Takes longer, but just runs and reboots a couple of times and then, bam, it’s up and with windows restored.
ADF ☛ Experts Warn of Skyrocketing Cyber Threats, New Scams
Kenyans experienced 860 million cybersecurity incidents over the past year — a level of attacks that is more than 100 times higher than it was five years ago, according to the country’s Communications Authority. Across Africa, cybercrime is on the rise, made easier by the spread of smartphones and internet technology.
Silicon Angle ☛ The anatomy of Facebook malware-laced ads
Even as much attention is focused on problems with Meta Platform Inc.’s personal use, other dangers involving business social media accounts are emerging as well.
Security Week ☛ New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding
A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor.
SANS ☛ Sporadic scans for "server-info.action", possibly looking for Confluence Server and Data Center Vulnerability CVE-2023-22515, (Wed, Oct 25th)
I noticed many scans for "/server-info.action" showing up in our "First Seen URLs" report.
Bruce Schneier ☛ Microsoft is Soft-Launching Security Copilot [Ed: Copilot failed. Microsoft reportedly loses a ton of money on this and there is a class action lawsuit for mass plagiarism. This is yet more vapourware.]
Microsoft has announced an early access program for its LLM-based security chatbot assistant: Security Copilot.
I am curious whether this thing is actually useful.