Data Privacy Week 2023 - a podcast by Carey Parker

from 2023-01-30T12:55

:: ::

Every January, we celebrate privacy with Data Privacy Week. It has rightly expanded from Data Privacy Day. And of course every day should be data privacy day.



In the news: The FBI shuts down a major ransomware group; new Windows malware steals passwords and other data; new Android malware can completely take over your device; a dangerous"malvertising"campaign mimics popular software to steal info; the previously-secret"no fly"list was leaked online; tens of thousands of PayPal accounts hacked via credential stuffing; T-Mobile admits to over 37M customer records stolen; and Twitter GodMode is back (or rather never really went away). I'll answer a Dear Carey question about Plain, the service that allows financial tech aggregators to access your account information and my Tip of the Week will explain Apple's new Advanced Data Protection feature.



Article Links[NPR] FBI says it'hacked the hackers'to shut down major ransomware group https://www.npr.org/2023/01/26/1151696092/fbi-says-it-hacked-the-hackers-to-shut-down-major-ransomware-group



[Tom's Guide] This Windows malware is stealing passwords and other data — how to stay safe https://www.tomsguide.com/news/this-windows-malware-is-stealing-passwords-and-other-data-how-to-stay-safe[TechSpot] New malware dubbed"Hook"allows hijacking and real-time spying on Android devices https://www.techspot.com/news/97356-new-malware-dubbed-hook-allows-hijacking-real-time.html



[TechRadar]This dangerous malvertising campaign mimicks popular software to steal victim info https://www.techradar.com/news/this-dangerous-malvertising-campaign-mimicks-popular-software-to-steal-victim-info



[BleepingComputer]Secret terrorist watchlist with 2 million records exposed online https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/



[BleepingComputer]PayPal accounts breached in large-scale credential stuffing attack https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/



[Naked Security]T-Mobile admits to 37,000,000 customer records stolen by “bad actor” https://nakedsecurity.sophos.com/2023/01/20/t-mobile-admits-to-37000000-customer-records-stolen-by-bad-actor/



[9to5mac.com]Twitter GodMode still available to all engineers, following hack of Apple and other accounts https://9to5mac.com/2023/01/24/twitter-godmode/



Dear Carey: Is Plaid Safe? https://www.allthingssecured.com/reviews/security/is-plaid-safe-to-use/ Apple’s Advanced Data Protection: https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web 



Apple recovery contact: https://support.apple.com/en-us/HT212513 Further Info




ANNUAL LISTENER SURVEY!! https://fdsd.me/survey2023 Send me your questions! https://fdsd.me/qna 



Support me! https://fdsd.me/support Subscribe to the newsletter: https://fdsd.me/newsletter 



Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 



Generate secure passphrases! https://d20key.com/#/ Table of Contents



Use these timestamps to jump to a particular section of the show.0:02:04: News rundown



0:03:19: FBI shuts down Hive ransomware group0:07:34: New Windows malware steals data



0:12:07: New Android malware that completely takes over device0:15:43: Malvertising campaign mimicks popular software apps



0:19:44: Secret"no fly list"leaked online



0:24:26: PayPal accounts accessed via credential stuffing attack0:28:06: T-Mobile admits 37M customer records stolen



0:31:31: Twitter's GodMode tool is still available to engineers



0:34:59: Dear Carey: Is Plaid safe?0:45:41: Tip of the Week: Apple's Advanced Data Protection



0:53:54: 5th edition update and cool resources0:56:56: How you can help

Further episodes of Firewalls Don

Further podcasts by Carey Parker

Website of Carey Parker