Things I Hearted this Week, 25th May 2018

May 25, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

The Royal Wedding is behind us. Elon Musk is melting down over a piece that exposed safety concerns in its car factory, and I'm just going to jump right into the InfoSec news for the week.

Reliance On IOT

Nest, the manufacturers of smart home devices suffered an outage whereby owners of Nest products were unable to access their devices via the Nest app or web browsers. With some devices like Nest Secure and Nest x Yale Locks behaving erratically.

It's quite worrying how easy it is to go all-in into a smart product only to find yourself at its mercy. Tyler Durden was probably referring to IoT devices when he said, "the things you own end up owning you."

Pondering this a bit, I wonder how home insurance companies feel about this? Suppose your smart lock and alarm malfunctioned, and because of that burglars were able to ransack all your belongings. Who is liable?

In other news, apparently Yeelight is stripping away all functionality of their smart bulbs because of GDPR.

Lock Stock SIM Swap

Another insider threat story, this time brought to you by T-Mobile. The company is investigating a retail store employee who allegedly made unauthorised changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username.

related

Security As A Product

Don't enjoy watching video recordings of keynotes? Well, Kelly Shortridge has done you a favour and published the full text of her keynote on why we need to begin treating security programs like a product.

#Delete Facebook Failed

Despite weeks of intense criticism for failing to protect the privacy of its users, new research suggests Facebook usage didn’t take a significant hit during the Cambridge Analytica scandal.

These result tally up with a survey we conducted at RSA where 66 percent admitted to not quitting Facebook over privacy concerns.

Breaches

Information belonging to almost 20,000 staff and students was exposed in a breach at the University of Greenwich.

While speech recognition software firm, Nuance, announced the breach of thousands of patient records after a third party gained unauthorised access.

FBI Owns APT28

The US Federal Bureau of Investigation (FBI) has obtained court orders and has taken control of the command and control servers of a massive botnet of over 500,000 devices, known as the VPNFilter botnet.

The existence of this massive threat came to light when Cisco Talos published a report about VPNFilter infecting over 500,000 routers and NAS devices across the world.

20 Years Of L0pht

20 years ago, the Senate held its first cybersecurity hearing with members of L0pht. They were invited back to testify at the Cybersecurity Caucus hearing on what Congress still needs to do to improve its cybersecurity.

But this is more than what a group of hackers said at Congress. These men were trailblazers in their own right - showing the path for many who followed. Moving from unknown fringes of the hacker community, to mainstream acceptance, and working in roles to help secure the very infrastructure and software we rely on in our daily lives.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT