Senators from multiple states are championing for the dedicated cyber security leader for each state and proposing a new bill to bolster the state and local governments’ cyber security posture.
The personal information (PII) including name, date of birth, email, and medical ID records for cannabis users was compromised via software THSuite which is located in Amazon Web Services (AWS) S3. The reason of this data breach was from misconfiguration in cloud without any authentication or security in place. This problem was detected on Dec 24, 2019 and already solved by Jan 14, 2020
The article entitled “We’re Going to Need a Better Plan” emphasis the necessity and importance of having security plan. The article draws attention about the growing number of cyber-attacks against SCADA based environments within manufacturing. Although, companies mostly spend their budget for defense, they cannot prevent increase of attacks because without uncovering potential vulnerabilities, even the strongest defense methods are useless. Some recommendation that the article expresses are security assessment, audit, attacker profiling, and continuous monitoring.
Facebook’s Sir Nick Clegg criticised over WhatsApp security:
Security researchers have criticised Facebook’s head of communications, Sir Nick Clegg, for his response to the hacking of Amazon chief Jeff Bezos.
Mr Bezos’ phone was hacked in May 2018 after he received a WhatsApp message loaded with malware. But in an interview with the BBC, Sir Nick said WhatsApp’s encrypted messages could “not be hacked into”. And he failed to acknowledge security flaws in the app that had let hackers compromise their target’s smartphones.
There have been warnings circulating in the US in regards to flawed medical devices. These can be hacked by unauthorized users can cause the devices to be silent to alarms, create false alarms, or disable the device all together.
An expert at AI-based offers his look ahead at the year – focusing on AI, cybersecurity, and interoperability. He predicts that In 2020, AI will aid administrators and CISOs regarding internal company security.
The Google and Firefox networks suspended the availability of paid Add-ons for the browser.While this is temporary, it can be deadly for suppliers.The increase in fraud has led Google and Firefox to re-audit the extensions.
Many of those marked for attention are thought to have been executing code from remote servers, installing malware, deliberately hiding code or eavesdropping on user searches. https://www.infosecurity-magazine.com/news/chrome-firefox-clamp-down/
This article, written by Tara Seals, discusses the recent disciplinary activities that both Mozilla and Google have taken against web browser extensions that actively or have the potential to be malicious. While browser extensions are easy to install and can simplify or enhance our browsing experience, they can also compromise users either intentionally or unintentionally by exploiters. Some of these compromising cases include users having their PII stolen or having remote code being executed on their computers.
Source: https://threatpost.com/google-mozilla-ban-browser-extensions-chrome-firefox/152257/
This week in the news I explored a flaw that allowed hackers to access zoom meetings by guessing a meeting ID. Since Zoom is the new group/class video client used by Temple, its students, and teachers — I thought this was a very relevant article. The bug was corrected by actually recoding the security client/software used by Zoom. Hackers were able to inject a code into the URL and gain access through that. However, by recoding the software, the meeting IDs are more secure leading to better video calls.
Maryland bill will outlaw ransomware but impose difficulties on security researchers. The bill currently still in draft, has little no no exclusions for research and would make possessing ransomware illegal. The other difficulty is that the vast majority of ransomware stems from out side the united states and it would be quite difficult to extradite someone to the US because of a broken state law.
The UK Government has introduced a new consumer IoT law designed to prohibit the sale of smart products that fail to meet three strict security requirements. This proposal would ensure all IoT kit sold in the UK allows users to set unique passwords and not revert them to any factory settings. This will help to reduce the scourge of Mirai-like malware, which finds exposed devices on the internet and cracks them open with a list of popular default password choices. It will also require manufacturers of IoT devices to provide a public point of contact so that anyone can report vulnerabilities and have them acted on “in a timely manner”. Also, the IoT Kit-makers would have to state the minimum length of time a device will receive security updates at point-of-sale, allowing consumers to decide whether they’re happy with vendor promises.
Both Chrome and Firefox administrators have had to take action recently to halt the spread of malware via extensions and add-ons.
Google developer advocate Simeon Vincent explained over the weekend that the Chrome Web Store team detected an increase in fraudulent activity earlier in the month attempting to exploit users of the popular browser.
Senators from multiple states are championing for the dedicated cyber security leader for each state and proposing a new bill to bolster the state and local governments’ cyber security posture.
https://cyware.com/news/new-bill-proposes-cyber-leaders-for-each-us-state-fd126fe7
The personal information (PII) including name, date of birth, email, and medical ID records for cannabis users was compromised via software THSuite which is located in Amazon Web Services (AWS) S3. The reason of this data breach was from misconfiguration in cloud without any authentication or security in place. This problem was detected on Dec 24, 2019 and already solved by Jan 14, 2020
https://www.infosecurity-magazine.com/news/data-30000-cannabis-users-exposed/
The article entitled “We’re Going to Need a Better Plan” emphasis the necessity and importance of having security plan. The article draws attention about the growing number of cyber-attacks against SCADA based environments within manufacturing. Although, companies mostly spend their budget for defense, they cannot prevent increase of attacks because without uncovering potential vulnerabilities, even the strongest defense methods are useless. Some recommendation that the article expresses are security assessment, audit, attacker profiling, and continuous monitoring.
For details here is the article: https://www.infosecurity-magazine.com/opinions/need-better-plan/
Facebook’s Sir Nick Clegg criticised over WhatsApp security:
Security researchers have criticised Facebook’s head of communications, Sir Nick Clegg, for his response to the hacking of Amazon chief Jeff Bezos.
Mr Bezos’ phone was hacked in May 2018 after he received a WhatsApp message loaded with malware. But in an interview with the BBC, Sir Nick said WhatsApp’s encrypted messages could “not be hacked into”. And he failed to acknowledge security flaws in the app that had let hackers compromise their target’s smartphones.
https://www.bbc.com/news/technology-51235815
https://www.infosecurity-magazine.com/news/us-warnings-over-flawed-medical/
There have been warnings circulating in the US in regards to flawed medical devices. These can be hacked by unauthorized users can cause the devices to be silent to alarms, create false alarms, or disable the device all together.
An expert at AI-based offers his look ahead at the year – focusing on AI, cybersecurity, and interoperability. He predicts that In 2020, AI will aid administrators and CISOs regarding internal company security.
https://www.healthcareitnews.com/news/2020-ai-will-aid-administrators-and-cisos-will-refresh-internal-security
The Google and Firefox networks suspended the availability of paid Add-ons for the browser.While this is temporary, it can be deadly for suppliers.The increase in fraud has led Google and Firefox to re-audit the extensions.
Many of those marked for attention are thought to have been executing code from remote servers, installing malware, deliberately hiding code or eavesdropping on user searches.
https://www.infosecurity-magazine.com/news/chrome-firefox-clamp-down/
This article, written by Tara Seals, discusses the recent disciplinary activities that both Mozilla and Google have taken against web browser extensions that actively or have the potential to be malicious. While browser extensions are easy to install and can simplify or enhance our browsing experience, they can also compromise users either intentionally or unintentionally by exploiters. Some of these compromising cases include users having their PII stolen or having remote code being executed on their computers.
Source: https://threatpost.com/google-mozilla-ban-browser-extensions-chrome-firefox/152257/
This week in the news I explored a flaw that allowed hackers to access zoom meetings by guessing a meeting ID. Since Zoom is the new group/class video client used by Temple, its students, and teachers — I thought this was a very relevant article. The bug was corrected by actually recoding the security client/software used by Zoom. Hackers were able to inject a code into the URL and gain access through that. However, by recoding the software, the meeting IDs are more secure leading to better video calls.
https://threatpost.com/zoom-fixed-flaw-opening-meetings-to-hackers/152266/
Maryland bill will outlaw ransomware but impose difficulties on security researchers. The bill currently still in draft, has little no no exclusions for research and would make possessing ransomware illegal. The other difficulty is that the vast majority of ransomware stems from out side the united states and it would be quite difficult to extradite someone to the US because of a broken state law.
https://arstechnica.com/information-technology/2020/01/good-news-maryland-bill-would-make-ransomware-a-crime/
UK’s IoT Law Hopes to Drive Security-by-Design
The UK Government has introduced a new consumer IoT law designed to prohibit the sale of smart products that fail to meet three strict security requirements. This proposal would ensure all IoT kit sold in the UK allows users to set unique passwords and not revert them to any factory settings. This will help to reduce the scourge of Mirai-like malware, which finds exposed devices on the internet and cracks them open with a list of popular default password choices. It will also require manufacturers of IoT devices to provide a public point of contact so that anyone can report vulnerabilities and have them acted on “in a timely manner”. Also, the IoT Kit-makers would have to state the minimum length of time a device will receive security updates at point-of-sale, allowing consumers to decide whether they’re happy with vendor promises.
https://www.infosecurity-magazine.com/news/uks-iot-law-hopes-to-drive/
27 JAN 2020
Both Chrome and Firefox administrators have had to take action recently to halt the spread of malware via extensions and add-ons.
Google developer advocate Simeon Vincent explained over the weekend that the Chrome Web Store team detected an increase in fraudulent activity earlier in the month attempting to exploit users of the popular browser.
https://www.infosecurity-magazine.com/news/chrome-firefox-clamp-down/