Rudy Giuliani Butt-Dialed a Reporter (Twice!)
Credit to Author: Brian Barrett| Date: Sat, 26 Oct 2019 13:31:02 +0000
A UN phishing attack, Adobe accounts exposed, and more of the week's top security news.
This week, Republicans stormed a sensitive compartmented information facility in a show of… something? Unclear. But they definitely created a national security issue by bringing their smartphones along with them and refusing to give them up. So, yes, that was the low point. But there were also highs!
Microsoft has a new plan to protect firmware in Windows PCs from hacks, called “secured-core PCs.” A county in Georgia had a plan to use license plate detectors to reduce crime, but experts aren’t convinced it worked as advertised. And Russians have rapidly evolved their plans to execute so-called false flag hacks, making their attacks look like another sophisticated adversary pulled them off. Fancy Bear! They’re they mask-wearing Scooby-Doo villain of cyberwar.
Elsewhere, we took a look at why two-factor authentication isn’t always the answer—even though it’s still essential in certain situations. We talked you through making your social media posts private when you want them to be. And we detailed how a fleet of click fraud apps snuck past Apple’s vaunted App Store defenses.
We also explored technology’s role in the ongoing Hong Kong protests—on both sides—and ran through some quality password manager options.
Lastly, set aside some time this weekend to read this in-depth profile of secretary of state Mike Pompeo, who finds himself at—or at least near—the center of the increasingly alarming Ukraine investigation. It’s a doozy.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Please go read this NBC News story. Truly, you won't regret it. Because it relates the tale of how Rudy Giuliani—lawyer to an embattled president, unlikely proprietor of a cybersecurity firm—managed to butt-dial NBC News reporter Rich Shapiro not once, but twice in the last several weeks. The substance of the three-minute voicemails Giuliani inadvertently left seems inconclusive, although the most recent does include Giuliani's extremely relatable lament that "the problem is we need some money." And sure butt-dialing is a universal experience. But for someone in the middle of, let's conservatively say, several legally dubious narratives to take so little care with his outgoing communications is quite something! Especially given that this seems to be at least a semi-regular occurrence:
https://twitter.com/jdawsey1/status/1187814073175564289
Giuliani may be as divisive a character as exists in American politics today, but in the annals of butt-dialing, mark him down as a legend.
The latest entrant in the never-ending parade of exposed data appears to be Adobe Creative Cloud. A security researcher discovered 7.5 million records sitting in an Elastisearch database that was easily accessible online. Adobe reportedly secured the database the same day it was discovered, October 19. No payment information leaked out, and there's no indication that it had been compromised by bad actors. But it still included details like email accounts, what Adobe products in use, member IDs, and when the account was created.
Speaking of scourges, a phishing campaign has hit the Red Cross, UNICEF, the UN, and more. It's unclear who's behind the attack, but its goal appears to be breaking into Microsoft and Okta accounts. The scam set up a series of convincing fake websites, and would capture username and password data as entered in real-time. It's not unusual that these groups would be targeted, but the sophistication of the campaign is both impressive and worrying.
Dimitrios Vastakis was the branch chief of White House computer network defense until he resigned earlier this month. And when he did, Axios reports, he left behind a resignation letter that called out just how irresponsible the White House's attitude toward cybersecurity has become. Experienced cybersecurity professionals are being forced out, the letter says, which ultimately makes White House cybersecurity less safe. That's especially concerning given the apparent lack of care given by President Donald Trump in the first place, and the prior elimination of important strategic cybersecurity roles. In other words, don't be surprised if a big White House hack happens—or if it already has.