Things I Hearted this Week, 25th January 2019

January 25, 2019  |  Javvad Malik

And in what feels like a blink of an eye, January 2019 is almost over. Time sure does fly when you’re having fun. But we’re not here to have fun, this is a serious weekly roundup of all the security news and views, with a few cynical observations thrown in for good measure.

Tables Turn on Journalists

Colorado journalists on the crime beat are increasingly in the dark. More than two-dozen law enforcement agencies statewide have encrypted all of their radio communications, not just those related to surveillance or a special or sensitive operation. That means journalists and others can’t listen in using a scanner or smartphone app to learn about routine police calls.

Law enforcement officials say that’s basically the point. Scanner technology has become more accessible through smartphone apps, and encryption has become easier and less expensive. Officials say that encrypting all radio communications is good for police safety and effectiveness, because suspects sometimes use scanners to evade or target officers, and good for the privacy of crime victims, whose personal information and location can go out over the radio.

How long before journalists start touting, “If you’re innocent you have nothing to fear.”

What would really be ironic is if journalists ask that police put backdoors into their comms so that journalists could listen in.

Would a Detection by Any Other Name Detect as Well?

One detection category is not necessarily “better” than other categories. While detection categories and descriptions might lead one to think that certain categories are better, the category alone is not enough to give a complete picture of the detection. It’s important to look at the technique under test, the detection details, and what’s considered normal behavior in your organization’s environment to help you understand what detections are most useful to you.

Breach of the Week

Over 24 million financial and banking documents were found online by researcher Bob Diachenko as one does I suppose.

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

Voicemail Phishing Campaign Tricks You Into Verifying Password

A new phishing campaign is underway that utilizes EML attachments that pretend to be a received voicemail and prompts you to login to retrieve it. This campaign also uses a clever tactic of tricking you into entering your password twice in order to confirm that you are providing the correct account credentials.

265 Researchers Take Down 100,000 Malware Distribution Websites

In a showcase of the good that can happen when the right people come together, security researchers across the globe united in a project dedicated to sharing URLs used in malicious campaigns managed to take down close to 100,000 websites actively engaged in malware distribution.

Called URLhaus, the project was initiated by abuse.ch, a non-profit cybersecurity organization in Switzerland. It started at the end of March 2018 and recorded a daily average of 300 submissions from 265 security researchers.

VC Funding of Cybersecurity Companies Hits Record $5.3B in 2018

According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity companies, more than $5.3 billion was funneled into companies focused on protecting networks, systems and data across the world, despite fewer deals done during the year.

That’s up from 20 percent — $4.4 billion — from 2017, and up from close to double on 2016.

This isn’t Sparta, this really is madness!

Other Things I Hearted This Week

Share this with others

Get price Free trial