A selection of this week’s more interesting vulnerability disclosures and cyber security news.
In what could be a horrifying new development on potential IoT disaster, Amazon want to team up with an IoT smart lock company to allow delivery people entry to property if no one is home.
Amazon who do a reasonable job on security for their services and products, I hope are going to do more than just let these IoT companies do ‘their thing’ which going by past security alerts is not altogether a great track record. For many I would expect this unexpected entry will appear too much, for others who perhaps live alone and have no problem of random people entering their home it will be a blessing. Let’s see how this new encroachment of IoT goes down between the balance of convenience vs the risk of compromise.
And the other news follows….
- 80% Of IT Pros Say Users Set Up Unapproved Cloud Services Shadow IT is a growing risk concern among IT pros, with most reporting users have gone behind their backs to set up unapproved cloud services.
- Breach exposes at least 58 million accounts, includes names, jobs, and more (ArsTechnica)
- Email security: We CAN fix the tech, but what about the humans? (The Register)
- Emboldened by $1B Bangladesh hackers, new group targets SWIFT users (ArsTechnica)
- Firm Linked to Social Media Surveillance Loses Data Access (SecurityWeek)
- Hackers Can Hijack Dell Email Security Appliances
- Hackers pop 6000 sites on active 18-month carding bonanza (The Register)
- Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row (The Register)
- Hungarian bug-hunters spot 130,000 vulnerable Avtech vid systems on Shodan (The Register)
- MITRE Offers $50,000 for Rogue IoT Device Detection
- Mooltipass Mini: Hardware Password Manager for Consumers, Enterprises (SecurityWeek)
- One-quarter of UK police websites lack a secure connection (The Register)
- Stickers emerge as EU’s weapon against dud IoT security (The Register)
- Time to crack down on sales of dragon’s gold securobods (The Register)
- TV5Monde was saved from airtime-KO hack by unplugging infected box (The Register)
- WoSign Changes Leadership Due to Certificate Incidents
- CryPy Ransomware Uses Unique Key for Each File (SecurityWeek)
- DXXD Ransomware Encrypts Files on Unmapped Network Shares (SecurityWeek)
- Concentrix: Tax credits firm in ‘data protection breach’ Peter Whittlesea reports
- Attackers Exploit Weak IoT Security Akamai researchers say attackers are using an old OpenSSH vulnerability to target IoT devices and launch attacks.
A bonus piece of news today was this story that made us laugh in the office. Would you have spent 11 hours of your time just to make a cup of tea? Not so sure.