The Royal Wedding is behind us. Elon Musk is melting down over a piece that exposed safety concerns in its car factory, and I'm just going to jump right into the InfoSec news for the week.
Reliance On IOT
Nest, the manufacturers of smart home devices suffered an outage whereby owners of Nest products were unable to access their devices via the Nest app or web browsers. With some devices like Nest Secure and Nest x Yale Locks behaving erratically.
It's quite worrying how easy it is to go all-in into a smart product only to find yourself at its mercy. Tyler Durden was probably referring to IoT devices when he said, "the things you own end up owning you."
Pondering this a bit, I wonder how home insurance companies feel about this? Suppose your smart lock and alarm malfunctioned, and because of that burglars were able to ransack all your belongings. Who is liable?
In other news, apparently Yeelight is stripping away all functionality of their smart bulbs because of GDPR.
- Entire Nest ecosystem of smart home devices goes offline | The Verge
- Why enterprises can't ignore third-party IoT-related risks | Dark Reading
Lock Stock SIM Swap
Another insider threat story, this time brought to you by T-Mobile. The company is investigating a retail store employee who allegedly made unauthorised changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username.
T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account | Krebs on Security
- MTN warns of SIM Swap fraud | Pretoria East Record
Security As A Product
Don't enjoy watching video recordings of keynotes? Well, Kelly Shortridge has done you a favour and published the full text of her keynote on why we need to begin treating security programs like a product.
- Security as a product | Kelly Shortridge, Medium
#Delete Facebook Failed
Despite weeks of intense criticism for failing to protect the privacy of its users, new research suggests Facebook usage didn’t take a significant hit during the Cambridge Analytica scandal.
- The #DeleteFacebook campaign was a resounding failure | The Daily Dot
These result tally up with a survey we conducted at RSA where 66 percent admitted to not quitting Facebook over privacy concerns.
- Re-thinking security in the privacy era | AlienVault
- Should Mark Zuckerberg be fired? Security professionals have their say | ZDNet
Information belonging to almost 20,000 staff and students was exposed in a breach at the University of Greenwich.
- Ahead of GDPR, UK fines university of Greenwich £120,000 over data breach | ZDNet
- But that wasn't the only university affected. 2,500 student and staff records were breached by University at Buffalo. 2,500 students, alumni and staffers affected by University at Buffalo data breach | SC Magazine
While speech recognition software firm, Nuance, announced the breach of thousands of patient records after a third party gained unauthorised access.
FBI Owns APT28
The US Federal Bureau of Investigation (FBI) has obtained court orders and has taken control of the command and control servers of a massive botnet of over 500,000 devices, known as the VPNFilter botnet.
The existence of this massive threat came to light when Cisco Talos published a report about VPNFilter infecting over 500,000 routers and NAS devices across the world.
- FBI Takes Control of APT28's VPNFilter Botnet | Bleeping Computer
- New VPNFilter malware targets at least 500K networking devices worldwide | Talos
20 Years Of L0pht
20 years ago, the Senate held its first cybersecurity hearing with members of L0pht. They were invited back to testify at the Cybersecurity Caucus hearing on what Congress still needs to do to improve its cybersecurity.
But this is more than what a group of hackers said at Congress. These men were trailblazers in their own right - showing the path for many who followed. Moving from unknown fringes of the hacker community, to mainstream acceptance, and working in roles to help secure the very infrastructure and software we rely on in our daily lives.