[00:00:00] Welcome friends. It is Wednesday May 8th 20 19 and here’s today’s security news.
[00:00:07] First thing’s first let’s start with this from security affairs by Pierluigi Paganini which I think he wrote an article yesterday if I remember correctly. This one entitled little SEC anonymous IPA hackers published sensitive data from 30000 Roman lawyers. So I.T. here standing for Italian. So they were able to collect the data of 30000 different lawyers over there all with personal information and evidence of access to PCC accounts which is the certified email account so it sounds like all of the lawyers in Italy are given a certified email account which sort of makes sense him audit purposes and know regulatory stuff. So keep that going. It appears that maybe the actual target of this was the mayor of Rome Virginia Froggy. So which is a member of this group? So I originally when I first saw this headline I assumed they were you know they were on the warpath for maybe for the Catholic Church but it appears not. I’m not to do some bit more research on this but the reason that they did this is we want to remember our friends arrested a few years ago and make them understand that we ate Anonymous is legion. So I don’t know who our friends are from a few years ago author look around but it’s an interesting hacker from little sac who you know we hear from stuff from occasionally little sex slash anonymous. How you know pretty much the same thing at this point. But this is probably one of their larger hacks in quite some time so it appears they’re back. Maybe they’ve reorganized a little bit or just maybe some new motivation that’s probably the correct answer there next. Yep
[00:02:03] So this one’s fun from ZDnet by Charlie Osborne and this is one of those articles that this just happens to be the link I found it’s going to be everywhere it’s all over the place title that article is CIA camps out in anonymous toward the network. So the CIA has spun up their own onion version of the CIA’s Web site at really long address dot onion. So it’s a mirror image of the standard web site. But the CIA CIA says that creating this version meets the agency’s intelligence collection mission by being secure on anonymous and untraceable. If you believe any of those last three words I got I got some beach front land in a desert to sell you. Secure anonymous and untraceable in CIA and onion all in one sentence. I just have a hard time believing this. I don’t even believe that their intentions are pure here. I think this is there’s something going on here and there has to be. It’s the CIA. That’s what they do. They try to make you believe that everything is hunky dory in the background they’re actually doing something nefarious. Let’s call it nefarious. So you best believe I’m to go check this thing out. It’s curious. Right. I want to go see it and then I just burn my laptop. I don’t know. I might probably do this in a virtual machine that’s what I’ll end up doing. Even though it’s probably not going to matter some. An interesting article from Xena about the CIA the new tor Web site.
[00:03:42] Next from the state of security on Tripwire by Tim Erland highlights from the Verizon DBIR 2019 so I’m not going to read this whole article but for those that don’t know Verizon over year over year releases a report it’s called the Data Breach Investigations Report. It’s sort of an industry standard at this point. I look forward to it pretty much every year. Do I. I don’t know. It’s usually a pain in the ass but I like reading it every year because there’s usually some good findings in there. Essentially what it is they send these surveys out to people across the industry that work in security all the time and they start you know they let them know sort of what happened in their world that year. So for instance look let’s see let me pick one of the things out of here the grid. There were six hundred and eighty-four information incidents related to denial of service. So don’t forget what this thing is. This graph is that they. This matrix I guess it would be that they built. There’s a specific name for it but it’s interesting because it breaks down incidents and breaches by pattern action and assets. So like that same one, the information incident had 684 denials of service seven hundred ninety-six were classified as hacking. 874 were servers so you know there are different categories in here like under asset you have user development server person network media kiosk slash terminal. So in that report, they define all this stuff. There’s always usually some interesting things that come out apparently. Here we go. This is right off the top so I will give you a little bit of it. Health care has the most problems with miscellaneous errors a departure for most other sectors. That’s interesting. I mean health care has a huge M&A aspect to it. So anytime you start putting that much MD&A into it things get harry but Banks also do a lot of. So why don’t they have the same problem? So just answer there’s always some interesting things in here but always take into account right. Humans wrote this down and no matter how many times they read a definition of something they may get it wrong. Like the difference between malware and hacking misuse, social error and physical one can lead to the other. Right. All the time. And where does phishing fall in there right? Is it hacking or is that malware. It could also fall into social obviously. So there’s a lot of things that can change in here but it’s a good report. Go find it. Once again it’s the rise and D.B.I.RE Delta Bravo India Romeo Romeo Romo hey Tony Romo. OK. I think that’ll do it it is Wednesday, May 8th, 2019. Everybody have a wonderful day we’ll talk again tomorrow.