This is the Security News Weekly blog for GA Tech’s CS 6035 online graduate course in Information Security. “It Is What It Is,” it’s security news weekly!
Note: obviously we are not Security Week, a source I use at times. Go check them out next.
-
Data Brokers Gone Wild
I’ve been meaning to look into data brokers for a while now, here we go. Data brokers got on my radar screen for an article I wrote almost a year ago. Here’s some old news: Florida-Based National Public Data Confirms Data Breach That’s from an August 2024 announcement of a data breach that happened in…
-
Web 3.0 Is Going Great
Right up front I’ll admit I stole the title from a website name. There’s this great website, web3isgoinggreat.com. Web 3.0, if you’re not familiar, is the catch all phase to describe the blockchain and cryptocurrency ecosystem. The idea was that Web 3.0 was going to revolutionize the Internet. It hasn’t quite worked out. Sure, Bitcoin…
-
LLM Security
Let’s take a brief look at a subject I hadn’t given much consideration up until this point: LLM/GenAI Security. There’s two sides to look at here: offensive and defensive. And for clarity, when I say GenAI or LLM I mean ChatGPT and similar products. I think, when we stop to think about it, everyone understands…
-
Change Healthcare Data Breach; Juniper Router Backdoors; Subaru Hijacking
Security in the News HCA Healthcare Attack Update This wouldn’t be a real “security in the news” post if we didn’t at least touch on the current ransomware news update. HCA Healthcare has announced that the impact from the February hack of their pharmacy management system has grown from 100 million affected individuals to 190…
-
Otelier Hacked; Government Security Watchdog Sidelined?
First up is sourced from a student post from #342 on Ed Discussion. (If you’re in CS 6035 this semester, you can search for posts by number in Ed by using the hash/pound sign. Just enter #342 in the search box and you’ll see the original student post): Millions of hotel guest reservations leaked in…
-
In Defense of WordPress: More Clickbait Headlines; Zero-Day Targets Samsung Devices
Today we’ll start out with an article about WordPress security. I first saw this: WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables which links to this: New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites As I read through both articles, I felt something was missing. Usually in these articles, the means…
-
Anatomy of a Common Problem
Well, nothing is safe, not even your DNA: Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers It turns out this DNA sequencing machine is running on a 2018 version of BIOS (not Secure Boot). In short, from the article: The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using…
-
How to Keep Your Data Private When Browsing the Internet
For our first post of the semester, it’s a pretty slow news week. Yes there is always something going on at thehackernews.com or Security Week (two sources we like to use), but nothing is really earthshaking at the moment. Thus, this week, after a brief look at a news item, we’ll dig into some tools…
-
Ransomeware Gang Snitches to the SEC, Lumma Google Hack
Snitches Get Stitches First up this week, we have hackers exploiting a new toolset — the power of the federal government, specifically the SEC. From BleepingComputer.com: Ransomware gang files SEC complaint over victim’s undisclosed breach It’s news to me that SEC-reporting companies have to disclose data breaches within four days. The poor hackers don’t even…
-
ChatGPT Hacked, Retro Look at Snowden and Vault 7, New Privacy Bill in Congress
From my favorite security news website: Major ChatGPT Outage Caused by DDoS Attack ChatGPT Taken Down by DDOS Attack This one is pretty cut and dried, a typical DDoS attack was used on ChatGPT to take the service down. What’s interesting is the origin. Some group “Anonymous Sudan” claimed responsibility, but they are believed to…