IDOR vulnerability in a web application

This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government.

Links from the episode:

Insurer Fined $3M for Exposing Data of 650k Clients for Two Years

https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/

If You’ve Got a New Car, It’s a Data Privacy Nightmare

https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416

https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-mozilla-foundation-says/

Microsoft Finally Explains Cause of Azure Breach: An Engineer’s Account Was Hacked

https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/

https://twitter.com/0xdabbad00/status/1699596048392736812

Hacker Group Disguised as Marketing Company to Attack Enterprise Targets

https://gbhackers.com/hacker-group-disguised-as-marketing/

Active North Korean Campaign Targeting Security Researchers

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/

Russian Infosec Boss Gets Nine Years for $100M Insider-Trading Caper Using Stolen Data

https://www.theregister.com/AMP/2023/09/08/russian_insider_training_prison/

United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang

https://home.treasury.gov/news/press-releases/jy1714

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com