Newsletter

open source and cybersecurity news

November 22, 2023

It's 5:05, November 22, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown:  November 22, 2005. Microsoft releases the Xbox 360, the second generation of their popular game console. And on November 22, 2013, exactly 8 years later, Microsoft released the Xbox One, which makes absolutely no sense.

Edwin Kwan: Two third party service providers for the Canadian government have suffered breaches resulting in data in the last 24 years being potentially compromised. The servers that were impacted by the breach held data related to current and former Canadian government staff, members of the Canadian Armed Forces, and the Royal Canadian Mounted Police workers.

Hillary Coover: We’re all familiar with ambulance chasing sales and marketing tactics, but this Cybersecurity Executive took things to a whole new level. In a shocking case, the Chief Operating Officer of an Atlanta based security company, Securalytics, took matters into his own hands by orchestrating cyberattacks on two local hospitals.

Olimpiu Pop: The software supply chain report was released last month. I read it. I covered it for the InfoQ and then I read parts of it again. There are some key points that still need to be spoken out. It’s a before and after the pandemic story.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Canadian Government Impacted by Third Party Breach

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastTwo third party service providers for the Canadian government have suffered breaches resulting in data in the last 24 years being potentially compromised.

This is Edwin Kwan from Sydney, Australia.

Both of the affected third parties provide relocation services for the Canadian government. The servers that were impacted by the breach held data related to current and former Canadian government staff, members of the Canadian Armed Forces, and the Royal Canadian Mounted Police workers. There is a significant volume of data that is being assessed, and the government said that they cannot yet identify specific individuals that were impacted.

Preliminary information indicates that the breached information could belong to anyone who had used the relocation services as early as 1999 and may include any personal and financial information that the employees had provided to those companies.

The Canadian government said that they are not waiting for the outcome of the analysis and are taking a proactive action precautionary approach to supporting those potentially affected. Those support included providing credit monitoring and reissuing of valid passports that may have been compromised.

Resources
– Canada https://www.canada.ca/en/treasury-board-secretariat/news/2023/11/message-to-current-and-former-public-service-employees-and-members-of-the-canadian-armed-forces-and-royal-canadian-mounted-police.html
– The Register: https://www.theregister.com/2023/11/21/thirdparty_data_breach_at_canadian/

 

Olimpiu Pop
Software Supply Chain Report: 245,000 malicious packages deployed

Olimpiu Pop, Contributing JournalistThe software supply chain report was released last month. I read it. I covered it for the InfoQ and then I read parts of it again. There are some key points that still need to be spoken out. It’s a before and after the pandemic story.

The number of contributions to open source saw a drop during the pandemic, but it’s recovering slowly. More concrete, at a 15 percent average yearly rhythm, still far from the from 2019. But hopefully we are getting there. We are getting back.

Surprisingly enough, the download rate of open source is decelerating. In 2023, the average download rate is sitting at the same average growth rate from last year, 33%. This is a stark comparison to all time high of 73 percent year after year growth from 2021.

But you know what is actually growing rapidly? Hypersonically even. Supply chain attacks. The report has been following this trend since 2019 and 2023 , so 245,000 malicious packages deployed.

That’s not much, at the hyperscale we live by these days, but wait for it. This is twice as many as all the previous years combined.

As December is close, how about this Resolution for 2024?

Put a stop to the steep growth of supply chain attacks. You just need to be more careful. According to the same report, 96 percent of all vulnerable downloads were avoidable, meaning a non vulnerable version was available. The transcript and resources can be found on 505updates. com.

Olimpiu Pop, reporting from Transylvania, Romania.

Resources
– Sonatype: https://www.sonatype.com/resources/2022-software-supply-chain-report

 

Hillary Coover
COO Attacks Local Hospitals for Business Gain

Hillary Coover, Contributing Journalist, It's 5:05 Podcast

Have you ever wondered how far someone would go to drum up business for their cybersecurity firm? We’re all familiar with the ambulance chasing sales and marketing tactics, but this Cybersecurity Executive took things to a whole new level.

Hi. This is Hillary Coover in Washington, D. C.

In a shocking case, the Chief Operating Officer of an Atlanta based security company, Securalytics, took matters into his own hands by orchestrating cyberattacks on two local hospitals. In a guilty plea, Vika Singla agreed to pay nearly $818,000 in restitution for the damages caused by the attacks. Despite facing a potential 10 year prison sentence, a plea deal with the Department of Justice recommends 57 months of probation for Singla, citing his health condition, a rare and incurable form of cancer.

Sentencing is scheduled for February 15, 2024.

The attacks involved unauthorized modifications to the phone system and obtaining patient information, leading to financial harm for the affected medical center. Singla even manipulated printers to display patient data with alarming messages, causing potential fear among medical staff.

Singla’s actions extended to social media, where he falsely claimed the hospitals had been hacked and used the incident to generate business for Securalytics. The case sheds light on the blurred line between good and bad actors in cybersecurity, emphasizing the need for constant vigilance and evolving strategies in addressing cyber threats.

Experts weigh in on the Singla case, noting its uniqueness and emerging trend of cybersecurity breaches being used as a marketing tool. Privacy attorney Kirk Nahra emphasizes the importance of evolving thinking in preparing for and responding to cyber breaches in an increasingly complex cybersecurity landscape.

Head over to 505updates. com for details.

Resources
– Data Breach Today: https://www.databreachtoday.com/security-firm-coo-hacked-hospitals-to-drum-up-business-a-23631

 

Marcel Brown
This Day, November 22, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown bringing you some technology history for November 22nd.

November 22nd, 1953. The eighth episode of the fourth season of the Colgate Comedy Hour on NBC becomes the very first television show to be broadcast in color.

November 22, 1995. Walt Disney Pictures releases the Pixar Animation Studios production Toy Story, the first major motion picture that is created completely by computer generated animation. A breakthrough film, Toy Story set the standard for all future computer animated films to follow and catapulted Pixar into a household name.

November 22, 2005. Microsoft releases the Xbox 360, the second generation of their popular game console. And on November 22, 2013, exactly 8 years later, Microsoft released the Xbox One, which makes absolutely no sense.

That’s your technology history for today. For more, tune in tomorrow and visit my website, thisdayintechhistory. com.

Resources
https://thisdayintechhistory.com/11/22

Contributors:

Comments:

Leave the first comment

Newsletter