Things I Hearted this Week, 1st June 2018

June 1, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It's unlikely there will be an update next week as I'll be heading to Infosecurity Europe and Bsides London. If you're in the area feel free to come and say hello. I'll be at the AlienVault stand #L60 at Infosecurity. And if I'm not there, go up to one of my colleagues and say my name three times to win a special prize.

HAVE YOU TRIED TURNING IT OFF AND ON AGAIN?

The FBI believes Russian computer hackers have compromised hundreds of thousands of routers around the world, and are advising everyone to reboot their routers to prevent the spread of malware.

According to an announcement, the malicious actors used VPNFilter malware to target 500,000 routers allowing them to snoop, block, and exploit. 

Related,

TAKING THE PEPSI CHALLENGE

Coca-Cola suffered a data breach in September 2017 in which the personal data of 8,000 employees was compromised after a former employer at one of its subsidiaries stole an external hard drive. Law enforcement officials notified the company and initially requested that Coca-Cola not disclose the incident, as they were still investigating the breach.

The company has now notified affected employees with a letter that explains what happened, what information was involved and what the company is doing in response to the breach.

"Our investigation identified documents containing certain personal information for Coca-Cola employees and other individuals that was contained in the data held by the former employee. We do not have any information to suggest that the misappropriated information was used to commit identity theft," the notification letter said. 

BRANDED VULNERABILITIES

Disclaimer: I've followed and been a fan of Jennifer Leggio's work for a long time and hope to be half as articulate as her one day!

She has written up the key points from her Hack in the Box (HITB) Amsterdam keynote from a few weeks ago and covers some of the marketing fails in information security - including logo's and branded vulnerabilities.

YOUR DATA

Looking at your data this week, Brian Krebs flips the lid on why your location data is no longer private.

"The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of these consumer privacy debacles, many are left wondering who’s responsible for policing these industries? How exactly did we get to this point? What prospects are there for changes to address this national privacy crisis at the legislative and regulatory levels?"

But wait, there's a plot twist. Tired of all these companies profiting off your data? Well, maybe you can try what this guy did and make some money yourself by directly selling your data.

BLACKLISTING AD PASSWORDS

This is a pretty nifty development by Joseph Ryan Ries. A password filter for Active Directory that uses a blacklist of bad passwords / character sequences. I think something like this tied in with something like HIBP or similar could be quite useful.

DON'T CONNECT THAT

ZDNet has a nice breakdown of 24 internet-connected things that really shouldn't be online. The list includes a ski lift gondola, cold storage control systems, and a pot factory.

Counter-point to connected devices

GDPR IS UPON US

Two years after the EU created its General Data Protection Regulation, on Friday the EU's 28 member states began enforcing the privacy law.

But don't fixate on May 25 being the enforcement start date. "It's not an absolute deadline; it's the start of a new journey in the privacy regulations and environment within the EU and indeed, due to the nature of GDPR, globally as a well," says Brian Honan, who heads BH Consulting, a Dublin-based cybersecurity consultancy that has been helping organizations achieve GDPR compliance.

YAHOO HACKER SENTENCED

One of the most prominent computer hacking cases in recent years reached a new chapter as Karim Baratov was sentenced to five years in prison and fined an amount equivalent to his remaining assets. Baratov, a Kazakhstan-born Canadian citizen, was sentenced for his role in the massive Yahoo credentials breach that exposed more than 1 billion records to criminals.

THE 20-YEAR-OLD ENTREPRENEUR IS A LIE

Apparently the average age of successful business founders is 42. And here I was thinking that I'm over the hill. I guess I should start hiring for my startup soon. Well, as soon as I turn 42 (which is in the very very very distant future)

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL