Things I Hearted this Week, 27th April 2018

April 27, 2018  |  Javvad Malik

Master Keys

F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility. The design flaws discovered in the lock system’s software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world’s largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.

SEC Fines Yahoo $35 Million

The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.

The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. Yahoo, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.

SOCs require automation to avoid analyst fatigue for emerging threats


SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.

On the topic incident response, I enjoyed this piece by Steve Ragan,

Also related:

The Seven Circles of Security

An insightful post from a CISO highlighting where most of their time is spent. Number six will shock you! Well, it probably won’t, but a little clickbait never hurt did it?

Hackers Steal Data on 14 Million Users From Ride-Hail App Careem


The personal data of up to 14 million people in the Middle East, North Africa, Pakistan and Turkey has been stolen by online criminals in a cyber-attack on the systems of Dubai ride sharing platform Careem.

On January 14, the company detected the breach in the computer systems which hold the account data of customers and captains – or drivers – in 78 cities in 13 countries. Names, email addresses, phone numbers, as well as trip data was stolen.

Muhstik botnet exploits highly critical Drupal bug

Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month, researchers said they were not aware of any public exploits.

Actually, Myspace Sold Your Data Too

In the wake of Facebook’s privacy debacle, Myspace Tom has emerged as an unlikely hero. But the platform he built and the data you put on Myspace continues to help advertisers target its old users.

Speaking of tracking users through data, what happens when the same, or similar techniques are used to track people for more nefarious purposes?

Cops used dead man’s finger in attempt to access his phone

In a case of, yes, it’s legal, but is it appropriate? Especially when the deceased was shot and killed by a police officer in that same department.

"While the deceased person doesn’t have a vested interest in the remains of their body, the family sure does, so it really doesn’t pass the smell test," said Charles Rose, professor and director of the Center for Excellence in Advocacy at Stetson University College of Law. "There’s a ghoulish component to it that’s troubling to most people."

Bezos’s empire: How Amazon became the world’s biggest retailer

Amazon has shipped more than 400 items per second at its peak. How did it grow from bookseller to retail giant?

More security related, Amazon’s internet domain service was rerouted.

Share this with others

Get price Free trial