Things I Hearted this Week, 25th May 2018

May 25, 2018  |  Javvad Malik

The Royal Wedding is behind us. Elon Musk is melting down over a piece that exposed safety concerns in its car factory, and I'm just going to jump right into the InfoSec news for the week.

Reliance On IOT

Nest, the manufacturers of smart home devices suffered an outage whereby owners of Nest products were unable to access their devices via the Nest app or web browsers. With some devices like Nest Secure and Nest x Yale Locks behaving erratically.

It's quite worrying how easy it is to go all-in into a smart product only to find yourself at its mercy. Tyler Durden was probably referring to IoT devices when he said, "the things you own end up owning you."

Pondering this a bit, I wonder how home insurance companies feel about this? Suppose your smart lock and alarm malfunctioned, and because of that burglars were able to ransack all your belongings. Who is liable?

In other news, apparently Yeelight is stripping away all functionality of their smart bulbs because of GDPR.

Lock Stock SIM Swap

Another insider threat story, this time brought to you by T-Mobile. The company is investigating a retail store employee who allegedly made unauthorised changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username.

related

Security As A Product

Don't enjoy watching video recordings of keynotes? Well, Kelly Shortridge has done you a favour and published the full text of her keynote on why we need to begin treating security programs like a product.

#Delete Facebook Failed

Despite weeks of intense criticism for failing to protect the privacy of its users, new research suggests Facebook usage didn’t take a significant hit during the Cambridge Analytica scandal.

These result tally up with a survey we conducted at RSA where 66 percent admitted to not quitting Facebook over privacy concerns.

Breaches

Information belonging to almost 20,000 staff and students was exposed in a breach at the University of Greenwich.

While speech recognition software firm, Nuance, announced the breach of thousands of patient records after a third party gained unauthorised access.

  • Speech recognition software firm breach exposes thousands of patient records  | SC Magazine

FBI Owns APT28

The US Federal Bureau of Investigation (FBI) has obtained court orders and has taken control of the command and control servers of a massive botnet of over 500,000 devices, known as the VPNFilter botnet.

The existence of this massive threat came to light when Cisco Talos published a report about VPNFilter infecting over 500,000 routers and NAS devices across the world.

20 Years Of L0pht

20 years ago, the Senate held its first cybersecurity hearing with members of L0pht. They were invited back to testify at the Cybersecurity Caucus hearing on what Congress still needs to do to improve its cybersecurity.

But this is more than what a group of hackers said at Congress. These men were trailblazers in their own right - showing the path for many who followed. Moving from unknown fringes of the hacker community, to mainstream acceptance, and working in roles to help secure the very infrastructure and software we rely on in our daily lives.

Share this with others

Get price Free trial