This Cyber Weekly includes:
Thanks to all 3775 subscribers! Over 1800 of you read the newsletter every week. And so, I want to encourage discussions about what is happening in the cyber world in the comments below. Let's build this community to be even stronger!
A man on Reddit came out to express his frustration when he was “locked out” of his HP printer. His printer display read there was an issue that needed to be resolved and the printer cannot be used until then. After calling HP customer service, he found out that there was a payment problem with his ink cartridge service and therefore wasn’t allowed to use the printer. Redditors were not happy.
PersonBehindAScreen said: “Getting real tired of literally everyone trying to get in on subscriptions.”
LatimerLeads said: “I got given an HP for Christmas in 2019 and I only got the thing set up properly, without a subscription, at the end of June when I printed off gig tickets.
It was one of the most painful experiences of my life. You'd think it would be as simple as just buying non-HP subscription cartridges, but there are so many other hoops you have to jump through to get it to work without paying to print off a single piece of f***ing paper (£0.99 if you can believe it).”
HystaRansomOldGuy said: “I switched to a Brother laser printer 10 years ago. My last HP arrived with an error code "Error STDIO.H" at start up. HP said it was my computer. I told them it wasn't hooked up to a computer or network. They insisted my computer was the problem.”
What’s unfortunate is that the man who brought up this issue was happy with the printer. He was however 100% turned off by the fact that he bought a printer but it was held ransom when there was a payment issue with a different service.
"Locking up a device I purchased doesn't seem right," he said. "I bought that printer, I didn't rent it."
My thoughts: This story is annoying for a few reasons. First, HP is creating an awful user experience. Where they created a supposedly “helpful” service, they turned around and made it bad. Second, the HP spokesperson came out and said “it’s in our terms and service.” How hard did you roll your eyes? No one cares that its in there, they care about using their printer. Don’t cover up a seemingly good service with a money grab. That’s what it’s looking like. Third, companies can put just about anything in their terms and service. This story exemplifies the need for companies to be more transparent. Besides, what I wrote above, it’s impressive and scary to see how quickly and easily HP was able to remove access to that printer. What is someone fails to make a payment on their Tesla…?
The United Kingdom’s version of 911 is 111 and it was the victim of a ransomware attack a few days ago. A software outage happened last Thursday. Advanced, a firm providing digital services to the NHS 111 identified the situation.
“The attack targeted the system used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions.”
Thankfully, minimal services were disrupted and they were able to accommodate incoming calls. They also disclosed that they will be looking into service continuity more closely. (BBC)
My thoughts: This is terrifying. Wiping out an essential service like 911 would be devastating and could impact many individuals with potentially fatal consequences. I believe all essential services need to be properly funded and monitored by specific independent bodies who have the expertise and skills to properly assess and determine if the technology, processes and people have what it takes to keep these services running.
Online survey platform QuestionPro was allegedly victim of a cyberattack. Their database contains 22 million unique emails, but the company isn’t sure if there was a breach. They reported an attempted extortion, but have yet to confirm if they were compromised. They are working with law enforcement to find out more details. (BleepingComputer)
My thoughts: At the moment, when reading through the details, this situation looks more like a Social Phishing attack (attack through social media) rather than a data breach. I say this because QuestionPro has yet to confirm a data breach, which allegedly occurred in May. Very strange situation, given nobody is confirming anything at the moment. Another thought that crossed my mind is perhaps a disgruntled employee who may no longer with the company who may have exfiltrated the data? We wait and see....but in the meantime, if you have used this service, please be vigilant.
Italian student uploads malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), as an experiment. The student claims to be a learning and practicing to be a developer and this was supposed to be a research project.
The packages were named "requesys," "requesrs," and "requesr," which are all common typosquats of "requests" — a legitimate and widely used HTTP library for Python.
“Developers who ended up with their system encrypted received a pop-up message instructing them to contact the author of the package — "b8ff" (aka "OHR" or Only Hope Remains) — on his Discord channel, for the decryption key. Victims were able to obtain the decryption key without having to make a payment for it.” (darkreading)
My thoughts: Open source is amazing, all of us in the tech world can agree. However, like anything in the world, it only takes one person to mess it up for the rest of us. And right now, hackers are those people. Simple message to all. Be careful when downloading anything from the internet.
The IT space is changing and more and more data privacy roles are emerging. As we seek data privacy talent, do we really understand the role?
I spoke with Heather 🔮 Federman, Chief Data Privacy Officer from BigID, to better understand how the CPO fits in the with rest of the IT team, how a CPO interacts with all departments, how not to get overwhelmed with all the data privacy laws and more.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.