Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!
Wearables Provide Speedy COVID Screening
Daily Crunch: WhatsApp responds to privacy backlash
WhatsApp delays enforcement of a controversial privacy change, Apple may get rid of the Touch Bar in future MacBooks and Bumble files to go public. This is your Daily Crunch for January 15, 2021.
Security as Code: Why It’s Important and What You Need to Know
Software is becoming an increasingly pivotal part of modern business and society. In turn, consumers have come to expect instant gratification. This has driven businesses to concentrate on innovation and speed to market. Businesses that can???t keep up with the hyper-competitive market of speed-to-value are falling behind.
Biden Inauguration: Defending Against Cyberthreats
Fired GitHub employee who warned co-workers about Nazis is seeking legal counsel
On the day a violent mob of Trump supporters stormed the U.S. Capitol, a worried GitHub employee warned his co-workers in the D.C. area to be safe.
BrandPost: Creating a Zero Trust Foundation
To prevent security breaches and data loss, organizations have directed a lot of time, effort, and capital spend toward security initiatives. Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter have only revealed equal if not greater threats within. To help counter this internal threat, organizations have invested heavily in internal monitoring and other advanced security controls that inspect traffic at all layers of the OSI stack to identify malicious activity and stop it before it reaches the destination, or to issue an alert on the activity alone.
MSPs, have you picked the right PSA for you yet?
Not long ago, we helped MSPs pick the right remote monitoring and management (RMM) platform for them, and make it an essential part of their service toolkit. As you may recall, an RMM is a tool that helps MSPs do the work. And what better way to track the work—and other elements associated with it—than to have professional service automation (PSA) software do it for you?
DEF CON 28 Safe Mode IoT Village – Besim Altinok’s And Anil Celik’s ‘IoT Hacking Stories In Real Life’
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!
Rob Joyce named new NSA cybersecurity director
Written by Shannon Vavra
Fired GitHub employee who warned coworkers about Nazis is seeking legal counsel
On the day a violent mob of Trump supporters stormed the U.S. Capitol, a worried GitHub employee warned his co-workers in the D.C. area to be safe.
Trump administration adds Xiaomi to military blacklist
Chinese smartphone maker Xiaomi is the latest to be added to the Trump administration’s military blacklist. On Thursday, the Department of Defense added nine companies to its list of alleged Chinese military companies, including Xiaomi.
Vaccine Site Uses Credit History to Verify Patients’ Identities
When retired web developer Catherine Kunicki tried to sign up for her first dose of the Covid-19 vaccine in downtown Brooklyn, the AdvantageCare Physicians website rejected her. She received an error message that her identity couldn’t be verified through Experian, a credit monitoring company.
COVID-19 State of Remote Work Survey: 34% of Workers Felt Pressure to Return to the Office
Much has been said about the shadow cast by the pandemic across security teams, as well as the widespread and seismic changes it has facilitated across every part of business function. The sudden shift into remote working has been a challenging endeavour for everyone, but especially among senior management. According to the recent COVID-19 State of Remote Work Survey 2.0, OneLogin recently discovered that they in fact represent the biggest security risk to a business. Nevertheless, much less has been said about the personal pressure which these changes in business and working culture have exerted on individuals.
EMA warns over doctored COVID-19 vaccine data hacked and leaked online
The European Medical Agency (EMA) has warned that information on COVID-19-related medicines and vaccines, which was stolen in a cyber attack last December and leaked online earlier this week, includes correspondence that’s been manipulated prior to publication “in a way which could undermine trust in vaccines”.
400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack
A ransomware attack launched against gaming company Capcom last November keeps getting worse, threatpost reported this week. The company now says that the personal data of up to 400,000 of its customers was compromised in the attack — 40,000 more than the company originally thought. Capcom is a Japan-based publisher of blockbuster games like Resident Evil, Street Fighter and Dark Stalkers. The breach was first detected on Nov. 2.. On Nov. 19, Capcom said its personal as well as corporate data was compromised. This is the third update from Capcom on the incident.
This Week in Security: Ubiquiti, Nissan, Zyxel, and Dovecot
You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change. The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of user data being accessed, there was also not enough evidence to say emphatically that user data was not accessed. Ubiquiti has mentioned that the database that may have been accessed contains a user’s name, email address, hashed password, and optionally the mailing address and phone number.
Vitaliy Panych assumes role of California state CISO
Election Security: A conversation with Matt Olney from Cisco Talos
Next week we will publish our third annual “Defending Against Critical Threats” report; a roundup of some the most impactful cyber attacks from the past 12 months.
Elon Musk giveaway scam spreads throughout Twitter
Malicious actors have hacked a number of Twitter accounts, including verified accounts, in an Elon Musk giveaway scam. Security researches MalwareHunterTeam have seen an increase in the number of verified Twitter accounts being hacked by a scam which claims that Elon Musk is giving away cryptocurrency. Accounts are compromised by replying to the giveaway tweet. The tweet contains links to a Medium article promoting the giveaway, with the article containing further links to the scams landing page.