Security News for the Week Ending June 24, 2022
Want Some BidenCash?
This is not a political statement – at least not by me. There is a new carding site that uses the President’s name and likeness to sell stolen credit card data for as little as 15 cents each. Last week the admins gave away a CSV file with names, addresses, phone numbers, emails and credit card number for free. Kind of a marketing push. Of the 8 million records in the free dump, only 6,600 had valid card numbers, but the other data could be useful anyway. Credit: Bleeping Computer
TikTok China Had/Has Access to 80 American Users’ Data
According to leaked audio recordings of internal TikTok meetings, Chinese TikTok employees had and probably have access to the data of all American TikTok users, a security concern of the US government. According to the report, TikTok mislead US officials and users with claims that the data is stored in the US and can’t be accessed in China. When the report came out TikTok said the data is being stored in Oracle Cloud systems – a creative diversion from whether Chinese employees and, by extension, the Chinese government, can access that data. Credit: Cybernews
UK Government Approves Extraditing Assange on Spying
The British government has okayed the extradition of Julian Assange to the U.S. on charges of spying. The U.K. Home Office says that it would not be oppressive, unjust or and abuse of process to extradite Mr. Assange. There are still appeals possible, so he is not likely to get on an airplane soon. Credit: CBS
GAO is Worried About Cyber Insurance for Major Attacks
Cyber insurance companies are trying to limit their losses. In 2021 they paid out 69% of premiums to claims; this is a number that is way too high for comfort. Insurance companies are adding “acts of war” clauses and terrorism clauses to create a way not to pay. The Terrorism Risk Insurance Act (TRIA) was created by Congress as a backstop for insurance companies in case of major terror attacks like 9-11. Unfortunately, the way the law is worded, it is likely that companies would not be covered – either by TRIA or by their insurance carriers. The GAO wants Congress to fix this. Credit: ZDNet
Don’t Trust Blockchain With More Than Your Lunch Money
$100 million here, $320 million there, $600 million the other day. After a while, it adds up. Harmony is a vendor that offers cross blockchain bridges. In this week’s story, their Horizon Ethereum Bridge was hacked and lost 85,000 ETH tokens, worth about a hundred million bucks. At this point they have not said how they were hacked or if they are going to pay people back. The Grift Counter, which tracks crypto losses, says that losses have exceeded $10 billion just since 2021. Credit: The Register