Source |
AlienVault Blog |
Identifiant |
946201 |
Date de publication |
2018-12-14 14:00:00 (vue: 2018-12-14 16:02:44) |
Titre |
Things I Hearted this Year 2018 |
Texte |
It’s hard to believe the whole year has gone past and I’ve been hearting things nearly every week since it began.
I’d like to sum up 2018, so I started to look through all the posts from every week and I realised it was a mammoth task. There have been 40 “Things I hearted” blog posts this year, each with an average of 10 stories. And that doesn’t include the dozens of other stories that didn’t make the cut every week.
Suffice to say, it’s been a very busy year as far as information security is concerned. Which could mean that business is very good. Or it could just mean that business is as usual, we’re just getting better at covering the stories.
In YouTube fashion, I decided to do a video rewind of some of the notable stories of the year (minus Will Smith and the big budget)
Conspiracy videos aside, let’s have a recap of an assortment of stories that were hearted over the course of the year.
January 12th Edition
Toy Firm VTech Fined Over Data Breach
VTech, the ‘smart’ toy manufacturer has been fined $650,000 by the FTC after exposing the data of millions of parents and children.
Troy Hunt brought up the issue back in November 2015 and it made for a chilling read. Not only was the website not secure, but the data was not encrypted in transit or at rest.
Hopefully, this kind of crackdown on weak ‘smart’ devices will continue until we see some changes. Not that I enjoy seeing companies being fined, but it doesn’t seem like many manufacturers are paying much attention to security.
FTC fines VTech toy firm over data breach | SC Magazine
FTC Fines IoT Toy Vendor VTech for Privacy Breach | eWeek
After breach exposing millions of parents and kids, toymaker VTech handed a $650K fine by FTC | Techcrunch
March 9th Edition
SAML, SSO Many Vulnerabilities
SAML-based single sign on systems have some vulnerabilities that allow attackers with authenticated access to trick SAML systems into authenticating as different users without knowledge of the victims’ password.
Sounds like a lot of fun.
Duo Finds SAML Vulnerabilities Affecting Multiple Implementations | DUO
March 30th Edition
Investigating Lateral Movement Paths with ATA
Even when you do your best to protect your sensitive users, and your admins have complex passwords that they change frequently, their machines are hardened, and their data is stored securely, attackers can still use lateral movement paths to access sensitive accounts. In lateral movement attacks, the attacker takes advantage of instances when sensitive users log into a machine where a non-sensitive user has local rights. Attackers can then move late |
Envoyé |
Oui |
Condensat |
$1m 2018 >the accused been cryptocurrency executive has hearted hijacking million mobile number old order phone roughly scores silicon sim steal swap swapping things valley year zdnet |
Tags |
|
Stories |
|
Notes |
|
Move |
|