The 5 Big Takeaways From Our House Forecast

Democrats are favored to gain control of the House of Representatives in this year’s midterm elections, according to the FiveThirtyEight forecast model. But — a very FiveThirtyEight-ish sentence follows — the range of possible outcomes is wide and Democrats’ prospects are far from certain. Relatively small shifts could allow Republicans to keep control of the House, or could turn a blue wave into a tsunami.

32,000 smart homes and businesses at risk of leaking data

New research from Avast (LSE: AVST), the global leader in cybersecurity products, found more than 49,000 Message Queuing Telemetry Transport (MQTT) servers publicly visible on the internet due to a misconfigured MQTT protocol. This includes more than 32,000 servers with no password protection, putting them at risk of leaking data. The MQTT protocol is used to interconnect and control smart home devices, via smart home hubs. When implementing the MQTT protocol, users set up a server. In the case of consumers, the server usually lives on a PC or some mini computer such as Raspberry Pi, to which devices can connect to and communicate with.

Chatbots Say Plenty About New Threats to Data

By Amina Bashir and Mike Mimoso, Flashpoint

Chatbots are becoming a useful customer interaction and support tool for businesses. These bots are powered by an artificial intelligence that allows customers to ask simple questions, pay bills, or resolve conflicts over transactions; they’re cheaper than hiring more call centre personnel, and they’re popping up everywhere.

FCA lays out new rules for banks on reporting operational and security incidents to customers

On Wednesday 15th August, the Financial Conduct Authority (FCA) enforced new rules requiring providers of personal and business accounts to publish information that will help current customers to compare bank accounts from different providers. Banks will have to report major operational and security incidents that have taken place and disclose whether 24-hour customer helplines are available.

Weekly Update 100

Made it to 100! And by pure coincidence, it aligned with the week where I’ve tuned out more than I ever have since gaining my independence which means there’s really not much to talk about. But I did want to share a little about the snow in Australia (turns out it’s not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.

Hackers Can Falsify Patient’s Vitals In Real Time

Reports have surfaced detailing that hackers can falsify patients’ vitals by emulating data sent from medical equipment clients to central monitoring systems. The research, available here, takes advantage of a weak communications protocol used by some patient monitoring equipment to send data to a central monitoring station. The protocol is used in some of the most critical systems in hospitals, according to McAfee researchers. Even more concerning, McAfee was able to modify the vital sign data in real time, providing false information to medical personnel to make it look like a patient was flatlining. They were able to switch the display of a patient’s heartbeat from 80 beats a second to zero within five seconds.

Much More Than Just Security – The Future Of Identity And Access Management

As more organisations embark on the journey that is digital transformation, the ability to manage the digital identities is becoming more crucial — especially at a time when the Internet of Things (IoT) is redefining the concept of identity and access management (IAM). While traditional IAM was designed to manage employees’ information access authorisation, organisations soon began to use IAM to understand the interactions between their customers or employees and the company.

The Real Risk Of Reputational Damage

There is no ‘one-size-fits-all’ when it comes to compliance. Each regulation has a different focus, with different rules aligned to its individual purpose, sometimes with conflicting requirements. For example, financial institutions must comply with anti-money laundering (AML) and fraud regulations involving strict controls on transaction reporting. Yet AML compliance must be in line with GDPR which focuses on the capture, using, securing and discarding of customer personal data.

AV-Comparatives: Trend Micro Mobile Security for Android Provides 100% Malware Protection for Mobile Users

With the introduction of Android v8.0 (Android Oreo) in August of 2017, among other OS improvements Google introduced its built-in malware protection for Android call Play Protect (dependent on Google Play Services 11 or later). Play Protect checks apps and APK files downloaded from Google Play or third-party sources, using real-time and on-demand scanners, while also providing safe browsing and device loss protections.

Four Unit 42 Vulnerability Researchers Make MSRC Top 100 for 2018

Palo Alto Networks Unit 42 is proud to announce that four of our researchers were named to the Microsoft Security Response Center (MSRC) “Top 100 Security Researchers List” for 2018. This is the third year Unit 42 researchers have been included in this prestigious list, which is announced every year at Black Hat. This year’s Unit 42 winners are: