Another week gone by, another bunch of stories to sift through. There is no algorithm or machine learning picking out these gems for you every week, each story is lovingly chosen by me. To paraphrase Judge Dredd, “I don’t use no algorithm, I AM THE ALGORITHM”.
Time to jump right into it.
A bank statement for app activity
Halvar Flake has proposed an idea that, the more I think of, the more it makes sense. A bank statement for app / software activity could empower users to account for their private data, while at the same time helping platform providers identify malicious software better.
- A bank statement for app activity (and thus personal data) | ADD /XOR / ROL
As InfoSecSherpa summed up on Twitter, “It seems as if Panera Bread failed to rise to the challenge of incident response”.
Until we start holding companies more accountable for their public statements with respect to security, we will continue to see statements belying a dismissive indifference with PR speak. In the words of Troy Hunt, when Panera Bread says, “We take security seriously”, they mean “We didn’t take it seriously enough.”
- No, Panera Bread Doesn’t Take Security Seriously | PB, Medium – the security researcher that found the vulnerability.
- Panerabread.com Leaks Millions of Customer Records | Krebs On Security
- Panera accused security researcher of “scam” when he reported a major flaw | ArsTechnica
Inside the takedown of the alleged €1bn cyber bank robber
Breaking into a bank doesn't require drilling through 20 inches of reinforced concrete. In fact, you don't even need to enter a vault at all. Towards the end of 2013, ATMs in Ukraine started spitting out free cash to passers-by. Among those filling their pockets were mules waiting for the money to be dispensed.
The ATMs of affected banks – none of which have ever been named – had been targeted by hackers installing malware within the financial institutions' computer systems. Once compromised, the cash machines could be remotely controlled and made to dish out money at will.
Aiming to fill skill gaps in AI, Microsoft makes training courses available to the public.
Microsoft’s AI training efforts range from internal offerings tailored to employees on specific teams and product groups, such as software engineers at LinkedIn, to external ones designed for a variety of expertise levels.
For example, the Microsoft AI Residency Program and Microsoft NERD Artificial Intelligence Program recruit people to learn AI by working alongside researchers, designers and engineers who are developing AI capabilities and serve as a pipeline of talent into the company.
- Aiming to fill skills gap in AI, Microsoft makes training courses available to the public | Microsoft
Looking for a free blacklist of domains? The AntiSocial engineer might have the list for you.
- The AntiSocial Engineer Blacklist | The Anti-Social Engineer
- A sample list of blacklisted domains | Google Drive
Human error led to 424% increase in misconfigured cloud servers, prompting hacks
Human error has long been associated with poor cybersecurity hygiene, but it's starting to negatively impact other aspects of the tech ecosystem. Due to employee mistakes, the number of records breached through misconfigured cloud servers rose by 424% in 2017, according to the 2018 IBM X-Force Threat Intelligence Index.
From the same report
- Ransomware puts pressure on incident response | Computer Weekly
How gamers could save the Cybersecurity skills gap
Grant Bourzikas, McAfee's chief information security officer (CISO), swears by gamification as one of the key ways to invest in and retain security talent. It's a strategy his own company has adopted in building out its security operations center in the wake of its spin-off from Intel, and new data from a study by Vanson Bourne on behalf of McAfee found that nearly three-fourths of organizations believe hiring experienced video gamers is a solid option for filling cybersecurity skills and jobs in their organizations.
- How gamers could save the Cybersecurity skills gap | Dark Reading
The Social Media Saga
Another week and the Facebook / Cambridge Analytica story shows no signs of slowing down. With even Tim Cook criticizing Facebook for its data privacy practices, stating, “we can make a ton of money if customers were our product. We have elected not to do that.”
But Facebook wasn’t the only social media company to make the news for the wrong reasons. YouTube’s head office in San Francisco was attacked by a gun-wielding female who shot and injured three employees before taking her own life. This, apparently was in response to YouTube demonetizing and censoring her videos.
This was clearly a troubled individual, and no-one can justify her actions. But, both these incidents show the growing influence and power than social media networks have.
Due to the size and influence of social media companies, a small change, oversight, or error can have unforeseen impact. YouTube saw a vocal backlash from its creator community, but with the lack of any legitimate competition, it remains steadfast. Snapchat, on the other hand wasn’t so lucky, as a few bad choices led to celebrities publicly berating the company, leading to a drop in stock and loss of jobs.
- Facebook says Cambridge Analytica may have gained 37m more users' data |The Guardian
- Tim Cook on Facebook's data-leak scandal: 'I wouldn't be in this situation' | CNBC
- 2 weeks after Kylie Jenner disses Snapchat, Snap lays off 120 engineers | DigitalTrends
- Chrissy Teigen Bails on Snapchat, and Snap Stock Sinks | Variety