The newsletter was shared on Hacker News (Y Combinator) last week and we picked up several new subscribers. Welcome, I’m glad you’re here!
If you go back a few weeks to Issue 102, I discussed my opinion on why Apple does privacy better than Google. Apple makes their money from physical products - phones, computers, tablets, and accessories. Google, on the other hand, makes its money from you. Specifically, your advertising profile. They can’t sell your life to marketers and maintain your privacy.
Proton’s Richie Koch has expanded on this issue and theorizes that Apple is changing its strategy to take some profits from their data aggregation efforts. He proposes that Apple is poised to significantly increase on its ad revenue and does a deep dive into the companies tracking technology.
https://proton.me/blog/apple-ad-company
Take a step back and review my thoughts on the subject.
Why this name?
I’m sure those victimized by so-called “pig-butchering” scams could care less about what it’s called…but uh, the name is so bad. The FBI coined the name to describe how the victims are “fattened up before being led to the slaughter”. I get it, but how about …”romance scam” or “confidence scam” which is what the attacks really are. Anyways, the U.S. Department of Justice seized seven web domains used in a series of scams that defrauded five victims out of ten million dollars. That’s an average of two million per victim! O.K., maybe that is a pig butchering! https://therecord.media/doj-shuts-down-pig-butchering-domains-responsible-for-10-million-in-victim-losses/
Pleasantly surprised
I start from “expectation 0” when reading a cybersecurity article written by an academic in government service. I’m even more critical when the author is also a lawyer. But this Lawfare article is pleasantly surprising. It’s worth your time to read Eugenia Lostri’s take on our efforts to battle ransomware. If you can’t give it the whole five minutes it requires, skip down to the section starting “An Evolving Threat” and finish from there. https://www.lawfareblog.com/keeping-ransomware
Sales pitch…but
Email security vendor Perception Point released a report claiming organizations are spending $1,197 per employee, each year, to address “successful” cyber incidents. The report doesn’t measure the amount spent to ensure the other attacks are unsuccessful. Obviously, the report is a sales pitch as the company wants you to buy their security solutions, but there is no reason to doubt the information presented. In fact, the numbers seem rather conservative. https://perception-point.io/press/enterprises-spend-1197-per-employee-annually-to-address-increasingly-sophisticated-and-successful-cyber-attacks/
Cliché
It’s seems that every security companies feels the need to analyze the top X number of passwords culled from publicly released dumps. It is a cliché at this point. BUT…I fall for it and read every one. The top 100 passwords is always the top 100 passwords but I’m still fascinated. This time it’s Nord’s turn to look at the top 200. It’s good to be reminded of the futility of passwords like #32 - “1q2w3e4r”. In print it looks like a secure password, but look down at your keyword, it’s just a keyboard pattern that will take a cracking tool 1 second to identify. https://nordpass.com/most-common-passwords-list/
Insider of the week
This Florida bookkeeper set up an automatic transfer from her employers bank account to cover her credit card. To the tune of 342 K over a four year period. Why are there never any controls? https://www.justice.gov/usao-mdfl/pr/former-bookkeeper-and-husband-sentenced-federal-prison-wire-fraud-scheme
The Rest…
Man sentenced to 6.5 years in federal prison for a gunpoint robbery where he stole five french bulldog puppies. https://www.justice.gov/usao-edpa/pr/north-carolina-man-sentenced-6-years-gunpoint-robbery-puppies-lancaster-county-breeder
Two Estonian men arrested for running a 575 Million Dollar cryptocurrency “Ponzi” scheme. Is that redundant? https://www.theregister.com/2022/11/22/estonians_arrested_575m_crypto_scam/
Cool Tools
Organize your search into topics: https://search.carrot2.org/#/search/web Note: The more I use this the more I like it. Something completely different.
Search usernames across 368 different social media sites. https://www.handlefinder.com/
Cool Job
Director of Financial Crimes Operations (Remote) - Oxygen. https://jobs.lever.co/oxygen/85c0473c-d391-42fd-84aa-f168740621cf
Irrelevant
Pen and Paper still makes sense for taking notes. https://stackoverflow.blog/2022/11/23/why-writing-by-hand-is-still-the-best-way-to-retain-information/
Super-geeky extra read of the week
The team at Cybereason published a deep dive into how the Blackbasta ransomware group is using the Qakbot malware to exploit their victims. https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies
Thanks opening this weeks email! And a bigger thanks to those that root through the spam box to open the email each week.
Matt
“SPEAK WHEN YOU ARE ANGRY AND YOU WILL MAKE THE BEST SPEECH YOU WILL EVER REGRET”. - someone smarter than me.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.