Things I Hearted this Week, 6th April 2018

April 6, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Another week gone by, another bunch of stories to sift through. There is no algorithm or machine learning picking out these gems for you every week, each story is lovingly chosen by me. To paraphrase Judge Dredd, “I don’t use no algorithm, I AM THE ALGORITHM”.

Time to jump right into it.

A bank statement for app activity

Halvar Flake has proposed an idea that, the more I think of, the more it makes sense. A bank statement for app / software activity could empower users to account for their private data, while at the same time helping platform providers identify malicious software better.

Panera Bread

As InfoSecSherpa summed up on Twitter, “It seems as if Panera Bread failed to rise to the challenge of incident response”.

Until we start holding companies more accountable for their public statements with respect to security, we will continue to see statements belying a dismissive indifference with PR speak. In the words of Troy Hunt, when Panera Bread says, “We take security seriously”, they mean “We didn’t take it seriously enough.”

Inside the takedown of the alleged €1bn cyber bank robber

Breaking into a bank doesn't require drilling through 20 inches of reinforced concrete. In fact, you don't even need to enter a vault at all. Towards the end of 2013, ATMs in Ukraine started spitting out free cash to passers-by. Among those filling their pockets were mules waiting for the money to be dispensed.

The ATMs of affected banks – none of which have ever been named – had been targeted by hackers installing malware within the financial institutions' computer systems. Once compromised, the cash machines could be remotely controlled and made to dish out money at will.

Learn AI

Aiming to fill skill gaps in AI, Microsoft makes training courses available to the public.

Microsoft’s AI training efforts range from internal offerings tailored to employees on specific teams and product groups, such as software engineers at LinkedIn, to external ones designed for a variety of expertise levels.

For example, the Microsoft AI Residency Program and Microsoft NERD Artificial Intelligence Program recruit people to learn AI by working alongside researchers, designers and engineers who are developing AI capabilities and serve as a pipeline of talent into the company.

The Blacklist

Looking for a free blacklist of domains? The AntiSocial engineer might have the list for you.

Human error led to 424% increase in misconfigured cloud servers, prompting hacks

Human error has long been associated with poor cybersecurity hygiene, but it's starting to negatively impact other aspects of the tech ecosystem. Due to employee mistakes, the number of records breached through misconfigured cloud servers rose by 424% in 2017, according to the 2018 IBM X-Force Threat Intelligence Index.

From the same report

How gamers could save the Cybersecurity skills gap

Grant Bourzikas, McAfee's chief information security officer (CISO), swears by gamification as one of the key ways to invest in and retain security talent. It's a strategy his own company has adopted in building out its security operations center in the wake of its spin-off from Intel, and new data from a study by Vanson Bourne on behalf of McAfee found that nearly three-fourths of organizations believe hiring experienced video gamers is a solid option for filling cybersecurity skills and jobs in their organizations.

The Social Media Saga

Another week and the Facebook / Cambridge Analytica story shows no signs of slowing down. With even Tim Cook criticizing Facebook for its data privacy practices, stating, “we can make a ton of money if customers were our product. We have elected not to do that.

But Facebook wasn’t the only social media company to make the news for the wrong reasons. YouTube’s head office in San Francisco was attacked by a gun-wielding female who shot and injured three employees before taking her own life. This, apparently was in response to YouTube demonetizing and censoring her videos.

This was clearly a troubled individual, and no-one can justify her actions. But, both these incidents show the growing influence and power than social media networks have.

Due to the size and influence of social media companies, a small change, oversight, or error can have unforeseen impact. YouTube saw a vocal backlash from its creator community, but with the lack of any legitimate competition, it remains steadfast. Snapchat, on the other hand wasn’t so lucky, as a few bad choices led to celebrities publicly berating the company, leading to a drop in stock and loss of jobs.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT