720-891-1663

Security News Bites for the Week Ending February 22, 2019

Over 5 Billion Records Exposed in 2018

Risk Based Security is reporting that there were 6,515 publicly reported breaches in 2018 exposing over 5 billion records.  This is a couple hundred breaches less than 2017, but the final numbers are not in yet as breaches continue to be reported.

The number of days between discovery and disclosure is 49 days, well beyond what is required by GDPR. Source: Risk Based Security.

 

Industrial Refrigerators Can Be Defrosted Remotely – By Hackers

As we have been saying for a while, Industrial Internet of Things (IIoT) security is horrible.  Researchers are reporting that temperature controlled systems made by Resource Data Management use a default password which can be found on their web site.  If you can find the IP address, you can log in using any browser and wreak havoc on hospitals, restaurants and supermarkets.  The researchers found hundreds of these systems using the search engine Shodan.

The manufacturer’s defense is that they clearly tell people to change the default password.  Which of course, no one does.  Source: Tech Crunch.

 

Wendy’s Agrees to Pay $50 Million to Settle One More Breach Lawsuit

Wendy’s has agreed to settle a lawsuit with the financial institutions who lost millions as a result of the Point of Sale system breach at hundreds of Wendy’s franchises (interestingly, none of the stores breached were owned by Wendy’s).  Wendy’s will pay $27.5 million and their insurance company will pay the rest.  This is part of the process of putting the 2016 breach behind them.  Wendy’s is famous because their CFO once said on tape that they didn’t want to spend the money to upgrade their credit card terminals to chip based readers because it was cheaper to give away a few free hamburgers.  I wonder if he still feels that way.  Source: Bizjournals.

 

UK Tells Trump Huawei Cyber-Risk is Manageable

President Trump is working hard to get the rest of the world to support him in banning Huawei technology from the next generation of cellular networks due to the possibility of them being compromised by the Chinese government and putting back doors in their software to be able to hack our cell networks.

Apparently, the UK security chiefs disagree with our prez and said that the potential risk from Huawei is manageable.  This doesn’t mean that they think there is no risk and they do not make the final decisions, but given the relationship with our allies is complicated at best, the final result is unknown.

I suspect that will not make the President very happy.  Source: The Guardian.

 

Google to Fix Incognito Mode in Chrome That Leaks Info

Advertisers and web developers really don’t like it when browser makers stop them for doing whatever they want to do.

So they try to find ways around the stops.

In this case, advertisers figured out that even though they could not make cookies persist when the user was in incognito mode, they could figure out if the user was using incognito mode to stop being tracked.  If the user was doing that, some web sites would block them from using the web site.

Now, in Chrome 74, Google will create a virtual in memory file system that will behave just like the real file system so that web site developers won’t be able to detect the use of incognito mode.  At least not that way.  Now they will have to find another trick.  Source:  9to5Google.

 

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *