720-891-1663

Security News for the Week Ending August 9, 2019

Researchers Hack WPA 3 Again

The WiFi Alliance has always keep their documents secret.  The only way that you even get a copy of the specs is to become a member and that will cost you $5k-$20k a year, depending on your role.

The same team that reported the bugs called Dragonblood found these new bugs.  The WiFi Alliance fixed the first set of bugs – in secret – and those fixes actually opened up more security holes.

SECURITY BY OBSCURITY DOES NOT WORK.  PERIOD.  Source: The Hacker News.

 

IBM  Says Reports of Malware Attacks Up 200% in first 6 months of 2019

IBM’s security division X-Force says that reports of destructive malware in the first 6 months of 2019 are up 200% over the last 6 months of 2018.  Ransomware is also up – 116% they say.

This means that businesses need to up their game if they do not want to be the next company on the nightly news.  Source: Ars Technica.

 

 StockX Hides Data Breach, Calls Password Change a System Update

If you have been breached, it is best to come clean.  It is critical that you have a plan before hand (called an incident response plan).  Part of that plan should not say “lie to cover up the truth”.  It just doesn’t work.  StockX tried to convince people that their requirement that everyone change their password was a “system update”.  It wasn’t.  It was a breach and the truth got out.  Source: Tech Crunch.

 

US Southcom Tests High Altitude Surveillance Balloons

US Southern Command is testing high altitude balloons from vendors like Denver based Sierra Nevada Corp that can stay aloft for days if not weeks – way cheaper and more pervasive than spy planes.

The balloons, who’s details are likely classified, probably use techniques like we used in Iraq, only better.  In Iraq, Gorgon Stare could capture gigabytes of high resolution video in minutes, with a single drone covering an entire city.

The theory here is record everything that everyone does and if there is a crime, look at the data later to figure out who was in the target area to create a suspect list.  1984 has arrived.  Source: The Guardian.

 

Amazon Learns From Apple’s Pain

After Apple’s pain from the leak that humans listen to a sampling of the millions of Siri requests a day, Amazon now allows you to disable that feature if you want and if you can find the option.

Buried in the Alexa privacy page is an option that you can disable called “help improve Amazon services and develop new features”.  Of course you don’t want to be the one who disables it and doesn’t help Amazon make things better.  Source: The Guardian.

 

North Korea Has Interesting Funding Strategy

North Korea has a very active weapons of mass destruction program.  That program is very expensive.  Given that the economy of North Korea is not exactly thriving, one might wonder how they pay for this program.

They pay for it the old fashioned way – they steal it.

In their case, that doesn’t mean robbing banks.  It means cyberattacks.  Ransomware.  Cryptocurrency robberies.  Stuff like that.  The UN thinks that they have stolen around $2 billion to fund their economy.   And still going strong.  Source: Reuters.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *