Another week has passed, and more things continue to catch our attention. So lets just jump right in
Child safety smartwatches
When you’re marketing a ‘smart’ device as a safety device, you better be sure you can secure it.
But it appears that manufacturers of child safety smartwatches didn’t get the memo. The fact that attackers can track, eavesdrop, or communicate with the wearers should be of concern to all parents. The data is also transmitted and stored without encryption – similar to how other toys have stored data in the past, only to be breached.
It’s irresponsible and puts children’s safety directly at risk.
Third of business directors have never heard of GDPR
With GDPR around the corner, and the feeling that you cannot escape the acronym wherever you go; it is quite concerning to learn that a third of business directors haven’t heard of it.
While one can understand if the general public is not aware of the upcoming regulation; it is incumbent upon company directors to be aware of increased responsibilities due to GDPR.
GDPR is not just another technical or security requirement, but is based in fundamental privacy rights of citizens and with potentially harsh fines. Despite many months to prepare, it would appear as if GDPR may still catch many companies by surprise.
- Third of IoD Members Have Never Heard of GDPR | Infosecurity Magazine
Ghosts of vulnerabilities past
It looks like Microsoft’s bug tracking database was infiltrated back in 2013. The company kept the news quiet and moved on.
It’s pretty worrying what someone with all that information could have / would have done. How many exploits were made possible because some bad guy somewhere found some vulnerabilities they could exploit?
A good reminder that companies should take a hard look at their assets and their value. Not just value in terms of direct business, but the potential impact on customers.
- Microsoft responded quietly after detecting secret database hack in 2013 | Reuters
- Microsoft never disclosed 2013 hack of secret vulnerability database | ars technica
Unmasking the ransomware kingpins
This is a great read by Elie Bursztein on exposing the cybercriminal groups that dominate the ransomware underworld. It’s the third party in a trilogy of blogs – I probably can’t do it justice so it’s best you go check it out: Unmasking the ransomware kingpins
A Stick Figure Guide to the Advanced Encryption Standard (AES)
This is an old post – like really old from 2009. But I only came across it recently and found it to be really well put together. A good way to explain AES.
Iranian APT group
A newly discovered Iranian APT group brings state-sponsored cyber espionage into focus. The group dubbed APT33 was recently chronicled by FireEye. My colleague Jake Mosher has put together a detailed writeup covering the groups activities, as well as delving into what state-sponsored cyber espionage is, their goals, and why you should care.
Hiring, firing and retaining talent
Medium blogs are great – they sometimes turn out to be longer versions of twitter exchanges.
Jonathan Solórzano-Hamilton posted the provocatively named article, We fired our top talent. Best decision we ever made.
The post made its rounds and many people agreed and disagreed with the viewpoints.
The truth is that sometimes one party is to blame, other times it’s both, and sometimes it’s just a mismatch. I don’t think there’s one answer that will satisfy all scenarios, but it does serve as a good reminder that even in this tech-dominated world, we are all human.