🔐 This Week’s Securityish Brief
Hackers argue with Resecurity over an alleged breach that the firm says was only a honeypot.
California launches the DROP portal to make deleting data from brokers much easier.
Flock AI cameras exposed online raise fresh questions about public space surveillance.
Over 10 000 Fortinet firewalls stay vulnerable to a five year old two factor bypass bug.
ShinyHunters versus Resecurity over alleged breach
Breach
🔐 The Securityish Brief: Hackers from the ShinyHunters group say they stole internal data from cybersecurity firm Resecurity, while the company insists attackers only touched a fake honeypot system full of synthetic records, in a week that also saw major incidents like the Covenant Health data breach.
🔍 The Breakdown:
ShinyHunters posted screenshots that they claim show employee data and internal chats.
Resecurity says the systems were purpose built decoys loaded with fake consumer and payment records.
The firm says it logged attacker activity and shared technical details with law enforcement.
📢 Why it matters: For most people the back and forth is less important than the reminder that early breach claims are often noisy, incomplete, and sometimes wrong, so it can take time before anyone knows whether real data was exposed.
🛡️ What You Should Do: Rely on official breach notices rather than hacker channels, change passwords and enable app based two factor if a service confirms exposure, and avoid storing extra personal details in accounts that do not truly need them.
California’s DROP portal for deleting personal data
Privacy Law
🔐 The Securityish Brief: California has switched on the Delete Request and Opt Out Platform known as DROP, which lets residents send a single request telling hundreds of registered data brokers to delete stored personal details instead of contacting each broker individually.
🔍 The Breakdown:
DROP lets Californians create one profile and broadcast delete and opt out requests to data brokers.
Brokers must respond by August 2026 or face daily financial penalties for non compliance.
The platform formalizes rights already granted under the California Consumer Privacy Act.
📢 Why it matters: Data broker files can include addresses, contact details, income estimates, and health or location history, so having an easier way to clear those records limits what can be quietly sold to advertisers, data traders, and in some cases scammers.
🛡️ What You Should Do: If you live in California, plan to create a DROP account and submit deletion requests, then combine that with pruning old online accounts and tightening privacy settings on large platforms so less new data flows to brokers in the first place.
Flock AI cameras exposed to the open internet
AI Risk
🔐 The Securityish Brief: Researchers found Flock Condor cameras set up to track people rather than cars exposed on the open internet, streaming zoomed in video of people in parks, parking lots, and neighborhoods without them knowing.
🔍 The Breakdown:
Condor cameras are pan tilt zoom units that can automatically follow a person and zoom in on faces.
Misconfigurations left live feeds reachable from the internet instead of being locked to private networks.
The story adds to concern that poorly governed AI systems, including those flagged in Palo Alto’s AI insider threat warning, can quietly expand surveillance.
📢 Why it matters: Even if you never interact with Flock directly, AI assisted cameras that can follow and zoom on individuals make it easier to build detailed profiles of where people go, who they meet, and how often they visit certain places, which affects communities, tenants, and workers who may not even know the systems exist.
🛡️ What You Should Do: Ask local officials, schools, or building managers whether Flock or similar cameras are deployed, push for clear signage and retention limits on any public space monitoring, and be cautious about sharing extra personal details that might be linked to footage such as licence plates or apartment numbers.
Over 10,000 Fortinet firewalls still vulnerable to 2FA bypass
Vulnerability
🔐 The Securityish Brief: Internet scans show more than ten thousand Fortinet firewalls still vulnerable to CVE 2020 12812, a five year old two factor bypass bug that lets attackers log in to some VPN portals without completing the second step.
🔍 The Breakdown:
The flaw lets attackers change the capitalization of a username to skip the two factor check in certain setups.
Patches have been available since 2020, yet thousands of devices remain exposed on the open internet.
📢 Why it matters: An unpatched firewall at the edge of a company network can act as a front door for attackers to reach internal systems, emails, and cloud apps, which then leads to stolen data, fraud, or ransomware even if everything inside the network is up to date.
🛡️ What You Should Do: If you work in technology, verify that every Fortinet device you manage is fully patched and that VPN access uses strong two factor, and if you do not, ask your company directly whether remote access systems are updated, tightly limited, and monitored for unusual logins.
📰 Other Trending Articles
💡 Tip Of The Week
Set a ten minute calendar reminder this week to review where your main email address and phone number are stored, then remove them from old accounts you no longer use and turn on login alerts wherever possible so you get a quick warning if someone tries to access those accounts without your knowledge.
🧠 Key Terms & Concepts
Honeypot: A decoy system filled with fake data that is designed to attract attackers so defenders can watch how they operate without risking real information.
Data broker: A company that quietly collects and sells personal details from many sources, for example buying location or shopping history and bundling it for marketers.
Two factor authentication bypass: A flaw or trick that lets someone log in without the usual second step such as a code or prompt, like the Fortinet bug that ignores the extra check when a username’s case changes.
AI surveillance camera: A camera that uses software to automatically track and zoom on people or objects, such as Flock’s Condor units that can follow someone walking through a park.
Data deletion portal: An online tool like California’s DROP that lets you send removal or opt out requests to many data holders at once instead of contacting each one separately.
