F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility. The design flaws discovered in the lock system’s software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world’s largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.
- Researchers Find Way to Create Master Keys to Hotels | F-Secure
- A ONE-MINUTE ATTACK LET HACKERS SPOOF HOTEL MASTER KEYS | Wired
SEC Fines Yahoo $35 Million
The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.
The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. Yahoo, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.
- SEC Fines Yahoo $35 Million for Data Breach That Affected 500 Million Users | Bleeping Computer
- Company Formerly Known As Yahoo Pays $35M Fine Over 2014 Hack | CBS SF
SOCs require automation to avoid analyst fatigue for emerging threats
SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.
- SOCs require automation to avoid analyst fatigue for emerging threats | HelpNetSecurity
On the topic incident response, I enjoyed this piece by Steve Ragan,
- How to Build a Cybersecurity Incident Response Plan | Dark Reading
The Seven Circles of Security
An insightful post from a CISO highlighting where most of their time is spent. Number six will shock you! Well, it probably won’t, but a little clickbait never hurt did it?
- The Seven Circles of Security: Where This CISO Spends Her Time | Helen Patton, Medium
Hackers Steal Data on 14 Million Users From Ride-Hail App Careem
The personal data of up to 14 million people in the Middle East, North Africa, Pakistan and Turkey has been stolen by online criminals in a cyber-attack on the systems of Dubai ride sharing platform Careem.
On January 14, the company detected the breach in the computer systems which hold the account data of customers and captains – or drivers – in 78 cities in 13 countries. Names, email addresses, phone numbers, as well as trip data was stolen.
- Hackers Steal Data on 14 Million Users From Ride-Hail App Careem | Gizmondo
- Ride sharing platform Careem says hit by cyber attack with data of up to 14 million users stolen | The National
Muhstik botnet exploits highly critical Drupal bug
Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month, researchers said they were not aware of any public exploits.
- Muhstik botnet exploits highly critical Drupal bug | Threatpost
- Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style | OTX
Actually, Myspace Sold Your Data Too
In the wake of Facebook’s privacy debacle, Myspace Tom has emerged as an unlikely hero. But the platform he built and the data you put on Myspace continues to help advertisers target its old users.
- Actually, Myspace Sold Your Data Too | Motherboard
Speaking of tracking users through data, what happens when the same, or similar techniques are used to track people for more nefarious purposes?
- CIA agents in 'about 30 countries' being tracked by technology, top official says | CNN
- Turning an Echo into a spy device only took some clever coding | Wired
Cops used dead man’s finger in attempt to access his phone
In a case of, yes, it’s legal, but is it appropriate? Especially when the deceased was shot and killed by a police officer in that same department.
"While the deceased person doesn’t have a vested interest in the remains of their body, the family sure does, so it really doesn’t pass the smell test," said Charles Rose, professor and director of the Center for Excellence in Advocacy at Stetson University College of Law. "There’s a ghoulish component to it that’s troubling to most people."
- Cops Attempt To Unlock Phone Of Man They Killed Using His Finger | Huffington Post
Bezos’s empire: How Amazon became the world’s biggest retailer
Amazon has shipped more than 400 items per second at its peak. How did it grow from bookseller to retail giant?
- Bezos’s empire: How Amazon became the world’s biggest retailer | The Guardian
- Jeff Bezos v the world: why all companies fear 'death by Amazon' | The Guardian
More security related, Amazon’s internet domain service was rerouted.
- Hijack of Amazon’s internet domain service used to reroute web traffic for two hours unnoticed | Kevin Beaumont, Medium