• Watch
  • Listen
  • Live Stream
Security Weekly
The Security Podcast Network
  • Subscribe
  • Shows
  • Hosts
  • Sponsors
  • Blog
  • Show Archives
  • Webcasts

Hack Naked News

North Korea, Kaspersky, and France to Facebook – Hack Naked News #154

Paul Asadoorian Bitcoin, Facebook, France, Hack Naked News, Jason Wood, Kaspersky, Michael Santarcangelo, News, north korea, Paladin Security, passwords, ransomware December 19, 2017

Michael reports on a suspected North Korea Ransomware attack, Kaspersky federal software ban, compelled passwords, and 1 in 3 IT professionals looking for new jobs! Jason Wood of Paladin Security joins us for the expert commentary on Bitcoin, and more on this episode of Hack Naked News!

News

U.S. Says North Korea ‘Directly Responsible’ For ‘WannaCry’ Ransomware Attack

https://www.npr.org/sections/thetwo-way/2017/12/19/571854614/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack

  • The US publicly declared North Korea responsible for WannaCry locking up over 300,000 computers in 150 countries
  • “North Korea has acted especially badly, largely unchecked, for more than a decade,” Homeland security adviser Tom Bossert said at a White House briefing Tuesday morning.
  • Of note is the discussion of the asymmetric nature of cyber warfare – and why it’s attractive to the North Koreans

Kaspersky sues US government over federal software ban

https://www.engadget.com/2017/12/18/kaspersky-sues-us-government-over-federal-ban/

  • Not a surprising move, but plenty to learn from the process
  • Kaspersky claims good faith efforts on their part, and cites concerns are general to AV products
  • Possible signal in how countries view companies based on their origin

France to Facebook: You Have 30 Days to Stop Harvesting WhatsApp User Data

https://gizmodo.com/france-to-facebook-you-have-30-days-to-stop-harvesting-1821412963

  • France’s CNIL – the data privacy agency – ordered WhatsApp to stop sharing data with Facebook (Facebook owns WhatsApp) claiming users never consented to the sharing for business intelligence or targeted advertising
  • They did agree collecting the data was reasonable for security reasons
  • Germany and the UK appear to be on similar courses and the EU issued a $122M USD fine in May
  • Consider the value of data and the challenge of protecting it alongside the demands for multiple uses… in a global organization

Another Court Says Compelled Password Production Doesn’t Violate The Fifth Amendment

https://www.techdirt.com/articles/20171214/09340938810/another-court-says-compelled-password-production-doesnt-violate-fifth-amendment.shtml

  • Of interest because of the commonly-understood distinction between passwords and biometrics in Fifth Amendment cases
  • Follows a ruling in the last year — also in a criminal matter — compelling the defendant to supply the password
  • Causing the legal community to review the implications of the Fifth Amendment and exploring the totality of the reasoning

Are you slaving away to make someone else a cryptocurrency fortune?

http://www.ibtimes.co.uk/are-you-slaving-away-make-someone-else-cryptocurrency-fortune-1652023

  • Your browser does the processor-intensive coin mining while visiting the site
  • No known long-term damage, and the process ends when the site visit is over; system performance likely takes a dive while on the site
  • The concept is not malicious; doing it without permission is
  • You can block URLs

1 in 3 IT Professionals Is Looking for a New Job: Spiceworks

https://www.pcmag.com/article/357875/1-in-3-it-professionals-is-looking-for-a-new-job-spiceworks

  • 70% report job satisfaction and 63% are… wait for it… underpaid
  • Most have spent about 40% of their careers at the current company
  • Cloud is hot… followed by security and project management (did you see that one coming?)
  • Most think the market will improve, and are open to exploring new opportunities
  • It’s not all money. Other reasons to leave: IT more of a priority, better work-life balance, and working with a more talented IT team

Expert Commentary:

Bitcoin Thefts Go Wild

Bitcoin is all over the news these days and not just the technology centric news sources. You see it on major and local news outlets as well. People are asking questions about bitcoin and whether they should not try to get in on the action. One of the challenges of bitcoin is that it is very new in terms of currencies and so are the methods in how to protect it. A number of bitcoin owners and exchanges are finding out the hard way that protecting their bitcoin can be difficult.

Currency has historically been something physical that you exchange for something else. Now with electronic payments via credit and debit cards, that’s not the case as much. Cryptocurrency is purely virtual, but it turns out that it can still be vulnerable to physical attacks. Such as when someone pulls a gun on you to demand your coin. One person was recently robbed at gun point of $1.8 million of Ether. The accused apparently knew that the victim had this much coin and decided he wanted it. He and an accomplice are up for charges of grand larceny, kidnapping, robbery, criminal use of a firearm, computer trespass and more.

Then you have articles about bitcoin exchanges and mining firms being hacked and looted of their cryptocurrency. NiceHash and Youbit are two that made the news recently. Youbit suffered two breaches in 2017, with the most recent being today. In today’s breach, Youbit suffered a loss of 17% of their total assets. No details on what that means in dollars, but they have shut down and begun the bankruptcy process. The customers of Youbit will have to wait to see what is returned to them as this goes through the courts.

Similarly, Nicehash was hacked and 4,465 bitcoin ($82.3 million today) were stolen in this breach. Nicehash offers mining services in which customers pay other computer owners to mine bitcoin for them using spare computing power. Nicehash is in the process of re-launching their service, but some customers are expressing their doubt that they will use it again unless they receive their bitcoin back.

Moral of the story? Be prepared to protect your bitcoin carefully. Bitcoin.org has some recommendations on how to protect yourself that you should probably check out if you are using cryptocurrency. One of the primary recommendations is to not leave all your coin online in an exchange or other service. Get a hardware wallet and only leave online what you need to spend soon. Also, bragging vocally about the millions you have made in bitcoin may be a bad idea as well. Take some personal security steps and use some discretion.

  • https://nakedsecurity.sophos.com/2017/12/18/cryptocoins-robbed-at-gunpoint/
  • https://hotforsecurity.bitdefender.com/blog/bitcoin-exchange-shuts-down-after-being-hacked-twice-in-one-year-19350.html#new_tab
  • https://www.darkreading.com/attacks-breaches/lazarus-group-targets-bitcoin-company/d/d-id/1330653?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
  • https://krebsonsecurity.com/2017/12/former-botmaster-darkode-founder-is-cto-of-hacked-bitcoin-mining-firm-nicehash/

Full Show Notes

Visit http://hacknaked.tv to get all the latest episodes!

http://traffic.libsyn.com/hntvaudio/North_Korea_Kaspersky_and_France_to_Facebook_-_Hack_Naked_News_154_converted.mp3

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Google+ (Opens in new window)

Related Posts

Windows-Nintendo-and-LinkedIN-Hack-Naked-News-170__Image.jpeg

Hack Naked News /

Windows, Nintendo, and LinkedIN – Hack Naked News #170

Apple-Leak-McAfee-and-National-Guard-Hack-Naked-News-169__Image.jpeg

Hack Naked News /

Apple Leak, McAfee, and National Guard – Hack Naked News #169

Google-Chrome-Oracle-PUBG-and-Ransomware-Hack-Naked-News-168__Image.jpeg

Hack Naked News /

Google Chrome, Oracle, PUBG, and Ransomware – Hack Naked News #168

‹ ShieldX, Menlo, Gemalto, and Accenture – Startup Security Weekly #66 › On-Demand Webcasts, Net Neutrality, and Pentesting – Paul’s Security Weekly #540

About Security Weekly

Security Weekly is a security podcast network for information security professionals, by information security professionals. We produce a lineup of shows for the security community, completely free.

Get The Inside Scoop

The Security Weekly Insider newsletter will provide you with information and updates on Security Weekly webcasts, podcasts, training and more!


Categories

Tags

Business Security Weekly Cisco computers cybersecurity data Don Pezet Doug White Enterprise Enterprise News enterprise security Enterprise Security Weekly ethical hacking hacker hacking Hack Naked Hack Naked News hack naked tv information security infosec interview Jason Wood joff thyer John Strand larry pesce Matt Alderman Michael Santarcangelo Microsoft network security News Paladin Security Paul Paul's Security Weekly paul asadoorian podcast powershell security security news security solutions security weekly Startup startup news Startups Startup Security Startup Security Weekly tech segment

Back to Top

Subscribe To The Blog:

RSS Feed RSS - Posts

Search

Follow Us On Twitter

  • Enterprise Security Weekly is LIVE now!! Tune in here: securityweekly.com/live/
  • Don't forget to register for @SOURCEConf using our discount code: SW75WMKW to save $75 off your pass! Stop by the b… twitter.com/i/web/status/9…
  • Article Discussion on Leadership, Communication, and Innovation – Business Security Weekly #82… twitter.com/i/web/status/9…
  • Windows, Nintendo, and LinkedIN – Hack Naked News #170 securityweekly.com/2018/04/24/win… pic.twitter.com/AsbgtJRXmB
  • Hack Naked News is LIVE now!! Tune in here: securityweekly.com/live/
→ Follow Us
  • About
  • Contact
  • Press
  • Careers
  • People
  • Sponsor Info
Copyright Security Weekly 2017
Est. 2005