What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-09-14 13:00:00 | Things I Hearted this Week, 14th September 2018 (lien direct) |
With everything that keeps going on in the world of security, and the world at large, most eyes were focused on Tim Cook as he and his merry men took to the stage and announce the latest and greatest in Apple technology.
There didn’t seem to be anything totally mind-blowing on the phone end. Just looked to be more bigger, faster, and powerful versions of the iPhones at eye-watering prices.
The Apple watch now has a built-in FDA-approved ECG heart monitor. Which is pretty cool as an early-warning system that a stroke is imminent - I assume to allow you to take some smart HDR selfies, apply the correct filters, and post to Instagram before you collapse.
But enough about that, let’s get down to business.
British Airways Breached
BA suffered a rather large breach which included payment information (including CVV) and personal details.
While the investigation is ongoing, some security experts believe the breach was caused due to malicious code being injected into one of the external scripts in its payment systems.
British Airways hack: Infosec experts finger third-party scripts on payment pages | The Register
As an affected customer, I accept that companies get breached. But the advice seemed pretty poor.
British Airways breached | J4vv4D
Boards need to get more technical - NCSC
The government is calling on business leaders to take responsibility for their organisations’ cyber security, as the threat from nation state hackers and cyber criminal gangs continues to rise. Ciaran Martin, head of NCSC believes that cybersecurity is a mainstream business risk and that corporate leaders need to understand what threats are out there, and what are the most effective ways of managing the risks. They need to understand cyber risk in the same way they understand financial risk, or health and safety risk.
NCSC issues new advice for business leaders as Ciaran Martin admits previous guidance was “unhelpful” | New Statesman
Hunting in O365 logs
Cloud is great, but sometimes making sense of the logs can be a pain. If you’re struggling with O365 logs, then this document could be really useful.
Detailed properties in the Office 365 audit log | Microsoft
GCHQ data collection violated human rights, Strasbourg court rules
GCHQ’s methods in carrying out bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights has ruled in a test case judgment.
But the Strasbourg court found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal.
It is the first major challenge to the legality of UK intelligence agencies intercepting private communications in bulk, following Edward Snowden’s whistleblowing revelations.
GCHQ data collection violated human rights, Strasbourg court r |
Data Breach Threat Guideline | Tesla | |
|
2018-07-27 13:00:00 | Things I Hearted this Week, 27th July 2018 (lien direct) |
Welcome to your weekly security roundup, providing you all with the security news you deserve, but maybe might not need.
As always, these news stories are human-curated by me - no fancy algorithms, no machine learning, and definitely no trending topics here.
We are less than two weeks away from Blackhat in sunny Las Vegas. We’ll be there - pop along to booth 528 and say hello if you’re there.
Google: Security Keys Neutralized Employee Phishing
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes.
Google: Security Keys Neutralized Employee Phishing | Krebs on Security
While we’re on the topic of phishing, attackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M | Krebs on Security
We’re probably going to see more of this kind of back and forth as companies that have taken out cyber insurance and suffered a breach fight with their insurers over liability and who will cover the cost.
Somewhat related:
Scam of the week, another new CEO fraud phishing wrinkle | KnowBe4
Breaking the Chain
Supply chain and third party risks are getting better understood, but understanding a risk doesn’t necessarily mean it will reduce the risk.
Tesla, VW, and dozens of other car manufacturers had their sensitive information exposed due to a weak security link in their supply chains.
Tesla, VW data was left exposed by supply chain vendor Level One Robotics | SC Magazine
SIM Swap - A Victim’s Perspective
This is a really good write-up by AntiSocial engineer taking a look at how SIM swap fraud can impact victims, and why mobile phone operators need to do more to prevent this kind of fraud.
“It’s an all too common story, the signal bars disappear from your mobile phone, you ring the phone number – it rings, but it’s not your phone ringing. Chaos ensues. You’re now getting password reset emails from Facebook and Google. You try to login to your bank but your password fails. Soon enough the emails stop coming as attackers reset your account passwords. You have just become the newest victim of SIM Swap Fraud and your phone number is now at the control of an unknown person.”
SIM Swap Fraud - a victim’s perspective | AntiSocial Engineer
EU Fails to Regulate IoT Security
In this week’s head-scratching moment of “what were they thinking?”, the European Commission has rejected consumer groups' calls for mandatory security for consumer internet-connected devices because they believe voluntar |
Data Breach Hack | Tesla |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
