720-891-1663

Security News Bites for the Week Ending May 12, 2023

Google Adds Dark Web Monitoring to GMail Users

A feature that used to be available to paid Google One subscribers will soon be available to all GMail users. Dark web monitoring tells you if your GMail email address is found on the dark web (hint: almost all of them are due to thousands of data breaches) and they will provide guidance on improving security (like telling you to turn on MFA). Kind of a yawn, I think. Credit: Bleeping Computer

YouTube Tests Blocking Videos if you Use Modern Browsers

YouTube is feeling the pain from modern browsers that block ads, in many cases, by default (except Chrome, of course). The test tells customers to turn off the ad blocker or pay for YouTube Premium. The alternative, of course, is to leave. Google is trying to figure out whether the pain is worth the gain. Credit: Bleeping Computer

US Probes Possible Leak of Critical Infrastructure Data at Rockwell Facility in China

Rockwell Automation has a facility in China that may have access to US power grid, Navy and Coast Guard critical infrastructure. Why is this a problem? A whistleblower said that Rockwell does code development, support and patching using all Chinese spies, err, employees, at that facility. Do ya think that could be a problem? Credit: Reuters

Smart Cars are a Hacker’s Dream

Users are in love with smart cars. Here is an example of the risk. Toyota admits that the location data for 2+ million cars for 10 years was exposed due to an error on their side. Note that no hacking is required. All you need to know is where to look. If you used Toyota’s connected car features, you data – 10 years’ worth of location data, tied to your VIN, has been compromised. Question: why do they need to keep 10 years worth of location data? Data minimization reduces the cost of a breach. Look at minimization as a cost reduction tool. Credit: Bleeping Computer

Hackers Could Destabilize the Power Grid Due to Siemens Bug

Siemens has released a patch to their software, but if history is any example, most critical infrastructure will not install the patch any time soon. The bug allows an unauthenticated user to remotely execute arbitrary code. Inside our critical infrastructure. Experts say if the devices are behind a firewall (some are) and the hacker is not also inside the firewall (big if), then it is harder to exploit the bug. Credit: Security Week

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *