One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 421708 |
| Date de publication | 2017-10-20 13:00:00 (vue: 2017-10-20 13:00:00) |
| Titre | Things I Hearted this Week 20th October 2017 |
| Texte |
Another week has passed, and more things continue to catch our attention. So lets just jump right in
Child safety smartwatches
When you’re marketing a ‘smart’ device as a safety device, you better be sure you can secure it.
But it appears that manufacturers of child safety smartwatches didn’t get the memo. The fact that attackers can track, eavesdrop, or communicate with the wearers should be of concern to all parents. The data is also transmitted and stored without encryption – similar to how other toys have stored data in the past, only to be breached.
It’s irresponsible and puts children’s safety directly at risk.
Child safety smartwatches ‘easy’ to hack, watchdog says | BBC
_in_China_(girl).jpg)
Third of business directors have never heard of GDPR
With GDPR around the corner, and the feeling that you cannot escape the acronym wherever you go; it is quite concerning to learn that a third of business directors haven’t heard of it.
While one can understand if the general public is not aware of the upcoming regulation; it is incumbent upon company directors to be aware of increased responsibilities due to GDPR.
GDPR is not just another technical or security requirement, but is based in fundamental privacy rights of citizens and with potentially harsh fines. Despite many months to prepare, it would appear as if GDPR may still catch many companies by surprise.
Third of IoD Members Have Never Heard of GDPR | Infosecurity Magazine
Ghosts of vulnerabilities past
It looks like Microsoft’s bug tracking database was infiltrated back in 2013. The company kept the news quiet and moved on.
It’s pretty worrying what someone with all that information could have / would have done. How many exploits were made possible because some bad guy somewhere found some vulnerabilities they could exploit?
A good reminder that companies should take a hard look at their assets and their value. Not just value in terms of direct business, but the potential impact on customers.
Microsoft responded quietly after detecting secret database hack in 2013 | Reuters
Microsoft never disclosed 2013 hack of secret vulnerability database | ars technica
Microsoft’s bug tracker was hacked in 2013 but it didn’t tell anyone about it | Silicon Angle
Unmasking the ransomware kingpins
This is a great read by Elie Bursztein on exposing the cybercriminal groups that dominate the ransomware underworld. It’s the third party in a trilogy of blogs – I probably can’t do it justice so it’s best you go check it out: Unmasking the ransomware kingpins
A Stick Figure Guide to the Advanced Encryption Standard (AES)
This is an old post – like really old from 2009. But I only came across it recently and found it to be real |
| Envoyé | Oui |
| Condensat | 2009 2013 2017 20th about acronym across activities advanced aes after agreed alienvault all also angle another answer anyone appear appears apt apt33 are argument around ars article assets attackers attention aware back bad based bbc because best better blame blogs both breached brings bug bursztein business but came can can’t cannot care catch check child children’s chronicled citizens colleague communicate companies company concern concerning continue corner could counter covering customers cyber cybercriminal data database decision delving despite detailed detecting device didn’t direct directly directors disagreed disclosed discovered does dominate dominated don’t done dubbed due to eavesdrop elie encryption escape espionage even ever exchanges explain exploit exploits exposing fact feeling figure fines fired fireeye firing focus found from fundamental gdpr general get ghosts go; goals good great group groups guide guy hack hacked hamilton happy hard harsh has have haven’t heard hearted hiring hope how human impact increased incumbent infiltrated information infosecurity iod iranian irresponsible it’s its jake jonathan jump just justice kept kingpins learn lets like longer look looks made magazine manufacturers many marketing may medium members memo microsoft microsoft’s mismatch months more mosher motivational moved named never newly news not october old one only other out out: parents party passed past people possible post posted potential potentially prepare pretty privacy probably provocatively public put puts quiet quietly quite ransomware read really recently regulation; reminder requirement responded responsibilities retaining reuters right rights risk robinson rounds safety satisfy says scenarios secret secure security serve should silicon similar smartwatches solórzano some someone sometimes somewhere speaker sponsored standard state stick stored sure surprise take talent tech technica technical tell terms there’s things think third times together tony top toys track tracker tracking transmitted trilogy truth turn twitter understand underworld unmasking upcoming upon value versions very viewpoints vulnerabilities vulnerability watchdog way wearers week well what when wherever why will without world worrying would writeup wrote you’re your |
| Tags | |
| Stories | APT33 APT 33 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.