Monday, July 10, 2023

How Do Some Companies Get Compromised Again and Again?

 Every individual has a place to fill in the world and is important in some respect whether he chooses to be so or not. 

— Nathaniel Hawthorne, born on this date in 1804


Tyler Cowen sits down with Noam Chomskyand gets to the bottom of a longstanding mystery: "Why do you answer every email” »


Scaling trust on the web Scaling Trust on the Web, the comprehensive final report of the Task Force for a Trustworthy Future Web, maps


That Time John F. Kennedy Jr. Hunted for Pirate Treasure

An excerpt from the new book White House by the Sea: A Century of the Kennedys at Hyannis Port offers a rare glimpse into JFK Jr.’s life at the private family compound.

Full read found on Esquire.


ANDREW NEIL: The Poles are rearming at a breathtaking rate and are now Europe’s rising power. Let’s embrace Warsaw – over Paris and Berlin Daily Mail


How Do Some Companies Get Compromised Again and Again?
Source: Security Intelligence
https://securityintelligence.com/articles/how-do-some-companies-get-compromised-again-and-again/

[h/t Sabrina] Hack me once, shame on thee. Hack me twice, shame on me.

The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also accessed some customers’ AIP keys, which would have enabled them to send email campaigns posing as those customers.

This data breach attack wasn’t especially noteworthy — until less than six months later, it happened again. As before, an intruder accessed internal tools to compromise data on 133 MailChimp accounts. The breach was made possible by a social engineering attack on employees and contractors to gain access to employee passwords.

What Goes Wrong in Attack Recovery that Invites New Attacks?
Here’s an under-appreciated fact about what happens after a cyberattack: Malicious actors learn what’s possible.
In the MailChimp example, cyberattackers learned that 1) internal tools were vulnerable, and 2) they could be used to steal customer data.