Welcome back for episode six of Unmasked! This week, we take a deep dive into the headlines of September, providing you with valuable context and insights into the latest cybersecurity events. The reverberations of the MOVEit disaster are still keenly felt, and this time, they’ve led to a class-action lawsuit against Progress Software, with over 600 organizations seeking answers. The pivotal question we dissect is, who bears the ultimate responsibility when software vulnerabilities trigger catastrophic data breaches? This legal battle against Progress Software isn’t merely another courtroom drama; it has the potential to reshape the entire landscape of software liability.
But that’s not all! We swiftly shift gears to explore the world of secure practices for managing password changes and account requests. In a digital age where even well-intentioned service desk personnel can inadvertently pose security risks, we delve into a treasure trove of strategies organizations can adopt to fortify their defenses.
Our journey continues, though. We fearlessly navigate the uncharted waters of the digital realm, unveiling the myriad cyber threats that lurk in the internet’s darkest corners. From exploiting software vulnerabilities to orchestrating extortion and romance scams, we shine a powerful spotlight on the cunning tactics employed by cybercriminals as they attempt to infiltrate personal data and seize valuable assets.
All this and more awaits for your cyber-listening pleasure!
You can subscribe to Unmasked on Spotify, Amazon, or wherever you get your podcasts.
Show notes
Headlines for early September
- A nationwide class-action suit filed against Progress Software in the wake of the massive MOVEit breach could point to additional litigation against software companies whose vulnerable applications are exploited in large-scale supply chain attacks, a legal expert says.
- filed by consumer-rights law firm Hagens Berman
- compromised the sensitive personal information of more than 40 million people, and promises that more class actions are on the way as more of the 600 affected organizations come forward.
- Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users.
- attackers’ goal was to hijack highly-privileged Okta Super Administrator accounts
- The hackers used their admin access to elevate privileges for other accounts, reset enrolled authenticators, and they also removed the two-factor authentication (2FA) protection for some accounts.
- Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK.
- Last month, Lidl stores across the UK started recalling four types of PAW Patrol snacks because of an issue with its packaging. According to the retailer, a URL printed on the snack’s packaging was compromised and, to everyone’s shock, began serving explicit content.
- Website still not taken offline
- BleepingComputer confirmed the domain in question was named after Appy Kids Co, the company that produces retail products tailored to kids.
- At the time of writing, the domain appykidsco.com can be seen serving Chinese adult content but only on mobile devices.
- Out on bail for other crimes
- Leaked data with a firestick, Bluetooth keyboard and mouse
- 17yr old