Hello folks,
Our top story should be the Lock Bit takddown, and there’s good coverage of that here. Unfortunately, it is further in the newsletter. Can you believe that Air Canada’s chatbot said that a passenger couldn’t get a partial refund and recommended something else instead? Turns out, the airline now must pay up by offering that customer the made up refund thanks to a court saying that since the chatbot represented the company, the company needs to act on it. The customer had no reason to believe it was not telling the truth.
Also, in the news, Solar Winds continues to be in the news as they have more patches to talk about.
Top of the news
- Banking Trojan in Google Play Store
- Government Network Breached Through Former Employee’s Credentials
- Air Canada Deemed Responsible for What its Chatbot Said
Sans writes that Google is good at removing fake apps or problematic ones. I disagree. If we’re talking about the issue, its a problem. TSB took a bit of a survey each time Kim Komando mentioned to take apps off their phones, and amongst those participating, Google had such a wide margin and we stopped counting, this just adds to that wide number of at least 300 Android to 7 IOS. Maybe there are a few more IOS, but its still in double digits for IOS and tripple digits for Android. Who do you trust?
When someone leaves the company, you need to delete their access including email and other credentials, correct? I know I had someone’s email account active for quite awhile after they left, but even after they died, I forgot about one place where they needed to be removed from. Its going to happen, but it wasn’t a mission critical thing like jaredrimer.net’s control panel as an example. If you know they are leaving, no matter the agency, you should delete their access so it doesn’t get loose.
Air Canada, you are loose. Your chatbot said something your policy didn’t say, and now you have to pay. From the newsletter:
Canada’s Civil Resolution Tribunal has ruled that Air Canada must honor a fare refund policy described by its chatbot. A customer interacting with the chatbot was led to believe that he could purchase a ticket and request a partial reimbursement for a bereavement fare later. While the chatbot’s explanation of Air Canada’s bereavement fares policy was not in line with the company’s website, the tribunal determined that the customer had no reason to mistrust the chatbot because it was representing Air Canada. Air Canada appears to have disabled its chatbot.
Nice going, guys.
The Rest of the news
- SolarWinds Patches Critical Flaws in Access Rights Manager
- International Law Enforcement Operation Takes Down LockBit Website
- WordPress Brick Site Builder Vulnerability is Being Actively Exploited
- Shadowserver: 28,000+ Microsoft Exchange Servers Remain Vulnerable to Known Flaw
- Guilty Plea for Role in Malware Schemes
- Wyze Connectivity Problems Lead to Security Issue
We talked about Lockbit and Wyze in these blog posts. We also covered the 40 year guilty plee in that blog post as well.
For lockbit, they write: In a cooperative effort, law enforcement agencies from 11 countries have (once again) disrupted operation of the LockBit ransomware gang. The LockBit website is now under the control of the UK’s National Crime Agency. Operation Cronos, as the effort is called, is “an ongoing and developing operation.”
For the malware schemes, they write:
Vyacheslav Igorevich Penchukov has pleaded guilty to conspiracy to commit a RICO offense and conspiracy to commit wire fraud for his roles in the operations of Zeus and IcedID malware. Each carries a maximum prison term of 20 years. Penchukov was arrested in Switzerland in 2022 and extradited to the US in 2023. He has been on the FBI’s Cyber Most Wanted list for nearly a decade.
For Wyze the editors give them praise for the disclosure they gave their customers. Like I told Diva on Breaches, this could happen to anyone and they seemed truthful to me.
Last week, Wyze experienced “an issue with [their] AWS partner which has impacted device connection and caused login difficulties.” The problem was resolved, although the company said it was temporarily disabling the Events tab in its app due to a security issue. Customers were reporting being able to see thumbnail views from other customers’ cameras. In an investigation update, Wyze writes that “the incident was caused by a third-party caching client library that was recently integrated into our system … [and that they] have added a new layer of verification before users are connected to Event Videos.”
One of the editors writes:
Remarkable transparency here, not only explaining what happened and notifying affected users, but also steps taken to mitigate it. Beyond the topic of third-party risk/impact, it’d be good to discuss having sufficient visibility into an application; this is a good use case of how that can be advantageous.
To read the entire newsletter, here is the February 20th 2024 newsletter. this is volume 26, number 14 of the series.
Enjoy your reading!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.