Newsletter

open source and cybersecurity news

December 20, 2023

It's 5:05, December 20, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown:  December 20th, 1996. In a surprise move at the time, Apple Computer announces their intention to purchase Steve Jobs’ company, NeXT, and bring Steve Jobs on board as an advisor to CEO Gil Amelio. Along with the leadership of future CEO Steve Jobs, the resurgence of Apple in the 2000s, and the emergence of the new world of technology can be traced back to this major event in technology history.

Edwin Kwan:  Ubiquiti users were reporting last week that they were seeing other people’s notification and had access to their devices. The incident was first reported on Reddit, where a user received a notification from UniFi ProTech, including an image from someone else’s security camera.

Katy Craig: Today we’re discussing a significant cyber security incident. Xfinity has recently experienced a major data breach, potentially impacting around 36 million customers . Compromised data includes usernames, hashed passwords, the last four digits of social security numbers, security questions, birthdates, and contact details.

Hillary Coover:  In Maine’s data privacy debate, L.L. Bean has surprisingly aligned with global tech giants, highlighting the power of local national business alliances in shaping legislation. This unusual alliance between a family-owned retailer and tech giants illustrates the complexity of the national data privacy law debate, primarily occurring at the state level.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Ubiquiti User Accounts Suffer Data Breach

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastUbiquiti users were reporting last week that they were seeing other people’s notification and had access to their devices.

This is Edwin Kwan from Sydney, Australia.

The incident was first reported on Reddit, where a user received a notification from UniFi ProTech, including an image from someone else’s security camera. Subsequent reports revealed more severe breaches, with users gaining access to other customers’ site management portals with access to managed devices, and create additional WiFi networks.

Ubiquiti revealed that the breach was caused by a misconfiguration during an upgrade to the UniFi cloud infrastructure. Approximately 1,216 accounts were mistakenly associated with another group of 1,177 accounts. This error resulted in notifications and access for accounts in the first group to be sent and given to the accounts in the second group. The misconfiguration occurred on December 13, and took around nine hours before it was rectified.

Ubiquiti believed that only 12 accounts were improperly accessed during that time and said that affected users had been notified via email. The company assures customers that the incident is not reflective of expected behavior and emphasizes ongoing efforts to prevent such breaches in the future.

Resources
– Reddit: https://www.reddit.com/r/Ubiquiti/comments/18hgpw1/security_problem/
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/ubiquiti-users-report-having-access-to-others-unifi-routers-cameras/

 

Katy Craig
Xfinity Acknowledges 36 Million Customer Accounts Breached

Katy Craig, Contributing Journalist, It's 5:05 PodcastToday we’re discussing a significant cyber security incident. Xfinity, one of the largest internet service providers in the US, has recently experienced a major data breach, potentially impacting around 36 million customers.

This is Katy Craig in San Diego, California.

The breach, due to a vulnerability in the company’s software, allowed unauthorized access to Xfinity’s systems. On December 6th, it was revealed that compromised data includes usernames, hashed passwords, and for some, more sensitive information like the last four digits of social security numbers, security questions, birthdates, and contact details.

While analysis of the breach is ongoing, Xfinity has stated that, as of now, they are not aware of any customer data being leaked or any direct attacks on their customers. In response to the breach, Xfinity is taking proactive measures. They’re requiring customers to reset their passwords and are strongly advocating for the use of two-factor or multi-factor authentication to enhance security.

There are still unanswered questions surrounding the breach. It remains unclear if Xfinity has received any ransom demands, how the incident has impacted the company’s operations, or if the incident has been reported to the US securities and Exchange Commission as required by new data breach reporting rules.

This breach is not an isolated incident. The Citrix bleed vulnerability responsible for this breach has previously impacted major companies like Boeing and Toyota. This situation highlights the crucial need for strong, unique passwords for each online service and heightened awareness of potential phishing or malware attacks.

This is Katy Craig. Stay safe out there.

Resources
– MSN: https://www.msn.com/en-us/money/companies/how-hackers-bypassed-2fa-and-stole-millions-of-xfinity-accounts/
– TechCrunch: https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/

 

Hillary Coover
L.L. Bean’s Surprising Stance on Data Privacy

Hillary Coover, Contributing Journalist, It's 5:05 Podcast

In Maine’s data privacy debate, L.L. Bean has surprisingly aligned with global tech giants, highlighting the power of local national business alliances in shaping legislation.

Hi, this is Hillary Coover from Washington, DC.

Representative Maggie O’Neill introduced a data privacy bill aimed at enhancing online privacy rights, despite pressure from a Meta lobbyist for more industry-friendly law. L.L. Bean testified against O’Neill’s bill, arguing it would burden businesses and urging adherence to existing privacy regulations. This unusual alliance between a family-owned retailer and tech giants illustrates the complexity of the national data privacy law debate, primarily occurring at the state level.

Federal inaction on data privacy has led companies to advocate in state legislatures, forming coalitions of local and national businesses. L.L. Bean’s involvement has narrowed the Maine debate in two potential laws, O’Neill’s bill, aligned with privacy advocates, and Senator Lisa Keim’s business-friendly Maine Consumer Privacy Act. L.L. Bean asserts it already complies with California’s strict privacy law.

Despite L.L. Bean’s influence, Keim emphasizes that she’ll consider all perspectives to craft legislation best suited for Maine. Stay tuned and follow 505updates for more on this story.

Resources
– Politico: https://www.politico.com/news/2023/12/18/ll-bean-joins-the-national-privacy-wars-00132120

 

Marcel Brown
This Day, December 20, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown serving up some technology history for December 20th.

December 20th, 1880. Approximately one mile of New York’s Broadway from 14th to 26th Street was first lighted by electric brush arc lamps. As more and more of Broadway was lit up by electric lights and lamps, it eventually earned the nickname the Great White Way.

December 20th, 1996. In a surprise move at the time, Apple Computer announces their intention to purchase Steve Jobs’ company, NeXT, and bring Steve Jobs on board as an advisor to CEO Gil Amelio. The purchase was completed on February 4th of the next year, and brought with it the core technology that formed the basis of the future MacOS operating system, which itself is the foundation of the iOS operating system that runs the iPhone and iPad, as well as the Apple TV OS and the Apple Watch OS. Along with the leadership of future CEO Steve Jobs, the resurgence of Apple in the 2000s, and the emergence of the new world of technology can be traced back to this major event in technology history.

That’s your technology history for today. For more, tune in tomorrow and visit my website, thisdayintechhistory.com.

Resources
This Day in Tech History: https://thisdayintechhistory.com/12/20

Contributors:

Comments:

Leave the first comment

Newsletter