Welcome to another week of security goodness. I think we’re in that weird part of the year where most summer holidays are coming to a close, so people are opening their inboxes - saying NOPE - and shutting them back down again. Or maybe that’s just me. Although I am glad that the kids are finally back to school. But for those of you who may be struggling, here’s a handy article on how to minimise stress before, during, and after your vacation.
Hot Hot Security
The Scoville Scale is a measurement chart used to rate the heat of peppers or other spicy foods. It can also can have a useful application for measuring cybersecurity threats. Cyber-threats are also red hot as the human attack surface is projected to reach over 6 billion people by 2022. In addition, cyber-crime damage costs are estimated to reach $6 trillion annually by 2021. The cybersecurity firm RiskIQ states that every minute approximately 1,861 people fall victim to cyber-attacks, while some $1.14 million is stolen. In recognition of these alarming stats, perhaps it would be useful to categorize cyber-threats in a similar scale to the hot peppers we consume.
Spying on the Spies
Spyware may seem like a good option if you want to keep an eye on what online activities your children get up to… or, if you’re the insecure type (or worse), to see what your significant other gets up to.
The problem is that these spying tools have been shown to be woefully insecure time and time again.
Facebook fell victim to fake news
It’s not surprising to hear that fake news made its way onto Facebook. What is worrying is that Facebook’s own training materials fell for fake news.
Facebook’s Own Training Materials Fell for Fake News | Motherboard
Transparency in security
I like what the good folk over in the Photobox security team are doing by frequently blogging about their security. It’s good for other professionals to learn from, but also good for customers, as it helps them understand how their data is protected and treated within the company.
Hacking a Retro Knitting Machine to Create a Giant Stellar Map
An Australian software engineer has spent years hacking a 1980’s knitting machine to create a spectacular work of art and simultaneously both advance knitting and science education.
Sarah Spencer has toyed around with hacking and programming a 1980’s knitting machine for a while before seriously turning her attention to a mammoth task: creating gigantic equatorial star map in tapestry form.
- This Engineer Hacked a Retro Knitting Machine to Create a Giant Stellar Map | Interesting Engineering
CroniX CryptoMiner Kills Rivals to Reign Supreme
The operator of a new cryptomining campaign takes aggressive actions against its competition and halts other cryptojacking activity on the machines it claims. Cybercriminals are quick to take advantage of any proof-of-concept (PoC) exploit code that falls into their hands. For the recently disclosed Apache Struts vulnerability (CVE-2018-11776) there are multiple PoCs available, so news of the bug exploited in the wild came as no surprise.
- CroniX CryptoMiner Kills Rivals to Reign Supreme | Bleeping Computer
Put that in your threat model
And finally, this week, the story that will likely have you rethinking your threat models, a giraffe sculpture was used as a battering ram in a burglary.