- Disable User
- Posts
- How to get an "OKLETSGOOOOOO" on your security budget
Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.
Did you know the average lifespan nearly doubled between the 1900's and 2010? That's twice as much time to read this awesome newsletter. Sweet!
In this week's edition:
👌🏼 How to get an OKLETSGOOOO on your security budget🙅🏽 TikTok denies breach🦮 How not to come forward about a data breach, an in-depth guide by Samsung🔥 the quick and dirty
Reading time: 03:53
How to get an OKLETSGOOOO on your security budget
After reading this article - Securing Board-level buy-in for cybersecurity awareness campaigns - I thought to myself:
What a boring name for an article
Should this ever be an issue?
And especially the last one made me realize how lucky I am with my board. (if anybody's reading this, s/o to my peeps, stay real)Ever since working where I work now, I've been given unconditional control and obedience trust from the board to set-up a security and information management strategy. And more than that, as I see fit.However, there was this one time where they didn't agree.But if I look back, it was because I wasn't prepared the way I should have been prepared.Let me explain.I was pitching a rather expensive *cough* manage engine if you're reading this, lower the price y'all *cough* password manager.I set out some slides, made some calculations, and I was preeeettty sure everybody would be on-board (hehe).But then, the turns tabled.
I got a lot of questions which I couldn't answer in full, and in the end it was turned down.
Here's what I learned from that moment:
Do your due diligence from all perspectives. I was very IT focused and from that perspective it made so much sense. But I had nothing to draw in the HR or Sales manager.Have a good story. After being too heavily focused on the IT side, I lost their attention. Once the smartphones come out, it's hard to recover.Explain it to them, like they're five. No don't talk down to them, but make it so very clear even a 5 yo would understand it and shout YES TAKE ALL MY MONEYYYYYY.
That's why I started Security like I'm five. Not to talk down to anyone (although I enjoy doing that), but to make security accessible for everyone.
TikTok denies breach
790GB - that's around 158.000 photo's or 3.160 video's - that's how much data hackers have claimed to have stolen from a major breach on TikTok's platform.TikTok on the other hand claims this isn't true.
Story time!
AgainstTheWest, a god tier hacker on the infamous forum 'Breached' posted a sample of a databreach. Claimed to be from TikTok and WeChat. WeChat is a big Chinese social media/chat platform, comparable to WhatsApp.
Researchers and journalists from sites like Bleepingcomputer and TheHackerNews contacted TikTok with this news, but got a somewhat odd response:
"This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data."
So, what's really going on then?Twitter discussions heated up, but in the end data scientist Bob Diachenko managed to confirm the leak. Although it's still not a 100% clear where the data actually came from, it's very certain to be data from TikTok users.
OK, #TikTokBreach is real. Our team analyzed publicly exposed repos to confirm partial users data leak.
— Bob Diachenko 🇺🇦 (@MayhemDayOne)
11:24 AM • Sep 5, 2022
Ok so should I quit using TikTok now? Should I have even started using it? Am I still believable as a security pro? So many questions..
*scrolls TikTok*
How not to come forward about a data breach, an in-depth guide by Samsung
I'm not saying you should make a fuss about anything. Or that there is a perfect way to announce you, a big company, had a data breach.But I can certainly say, without any doubt in my mind, never do it like Samsung did it.
Some tips on how you SHOULDN'T do it, as told by Samsung:
Be very vague. Don't go into detail. Who likes details, right? Use phrases like "in some case", "various", "unspecified"
If you do give out details, make sure not to clarify why you're giving them. Randomly mention Debit card information and social security numbers, make people go apesh*t
Leave out crucial information. Better to say too little than too much. How many where affected? Don't care. Why did we only told you now? Doesn't matter.
The quick and dirty
Brazil bans sales of iPhones shipped without chargers, Apple is appealing - and this on the day the new iPhone 14 was announced. Impeccable timing, Brazil.
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities - In my entire career I've never come across a patched D-Link Router. This does not come as a shock to me..
Instagram fined €405M in EU over children’s privacy - Hopefully this will make Meta think twice. Hope is the keyword here.
Microsoft Edge 105 won't start due to old group policy - How to fix - Microsoft destroying their own products again. Classic.
Dev backdoors own malware to steal data from other hackers - only meme's suffice here
Security like I'm five
Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.
So sign up for the newsletter and be enlightened! (don't set the bar too high tho)