Category Archives: Ring

Passwords are and have always been an Achilles Heel in CyberSecurity

LogMeOnce, a password identity management suite provider, has published a detailed interview with myself titled 'Passwords are and have always been an Achilles Heel in CyberSecurity'. In the Q&A I talk about Passwords Security (obviously), Threat Actors, IoT Security, Multi-Factor Authentication (MFA), Anti-Virus, Biometrics, AI, Privacy, and a bit on how I got into a career in Cybersecurity.

Quotes
“I’m afraid people will remain the weakest link in security, and the vast majority of cybercriminals go after this lowest hanging fruit. It’s the least effort for the most reward.”

"There is no silver bullet with password security, but MFA comes close, it significantly reduces the risk of account compromise"

"The built-in biometric authentication capabilities of smartphones are a significant advancement for security"

"Cybercriminals go after this lowest hanging fruit, the least effort for the most reward."

"As technology becomes more secure and more difficult to defeat, it stands to reason criminals will increasingly target people more."

"The impact of the WannaCry ransomware outbreak on NHS IT systems is a recent example of such cyberattack which threatens lives."

"Machine Learning can provide real benefits, especially in large Security Operations Centres (SOC), by helping analysts breakdown the steady stream of data into actionable intelligence, reducing workload and false-positive errors"

"When I look at new technology today, I still seek to thoroughly understand how it works, naturally thinking about the weaknesses which could be exploited, and the negative impact of such exploits on the people and businesses using the technology. I developed a kind of a ‘hacker’s eye for business’"

Cyber Security Roundup for March 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2020.

Redcar and Cleveland Borough Council became the latest UK organisation to become the victim of a mass ransomware attack which started on 8th February.  The north-east Council's servers, PCs, mobile devices, websites and even phone lines have been down for three weeks at the time of writing. A Redcar and Cleveland councillor told the Guardian it would take several months to recover and the cost is expected to between £11m and £18m to repair the damage done. A significant sum for the cash-strapped council, which confirmed their outage as ransomware caused 19 days after the attack. The strain of ransomware involved and the method initial infiltration into the council's IT systems has yet to be confirmed.


The English FA shut down its investigation into allegations Liverpool employees hacked into Manchester City's scouting system. The Manchester club also made news headlines after UEFA banned it from European competition for two years, a ban based on alleged stolen internal email evidence obtained by a hacker.  Read The Billion Pound Manchester City Hack for further details.

The UK government said GRU (Russian military intelligence) was behind a massive cyber-attack which knocked out more than 2,000 websites in the country of Georgia last year, in "attempt to undermine Georgia's sovereignty". Foreign Secretary Dominic Raab described it as "totally unacceptable".

The United States deputy assistant secretary for cyber and communications, Robert Strayer, said he did not believe the UK government's January 2020 decision to allow Huawei limited access to UK's 5G infrastructure was final. 'Our understanding is that there might have been some initial decisions made but conversations are continuing," he told the BBC. Read The UK Government Huawei Dilemma and the Brexit Factor for more on UK government's Huawei political, economic and security debate.

Following Freedom of Information requests made by Viasat, it reported UK government employees had either lost or stolen 2,004 mobiles and laptops between June 2018 and June 2019.

According to figures by the FBI, cybercriminals netted £2.7bn ($3.5bn) from cyber-crimes report 2019, with phishing and extortion remaining the most common method of scamming people. These FBI reported cybercrime losses have tripled over the past 5 years. The FBI concluded that cyber scam techniques are becoming more sophisticated, making it harder for original people to tell "real from fake".  A new Kaspersky report backs up the FBI, finding a 9.5% growth in financial phishing during the final quarter of 2019.

The Labour party is facing data protection fines of up £15m for failing to protect their members' personal data. The Information Commissioner's Office confirmed the Labour Party would be the focus of their investigation since it is legally responsible for securing members' information as the "data controller".

This month's cloud misconfiguration breach award goes to french sports retail giant Decathlon, after 123 million customer records were found to be exposed by researchers at vpnMentor .  Leaked data included employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses and birth dates. “The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor.

If you have a 'Ring' smart camera doorbell (IoT) device then may have noticed Two-Factor Authentication (2FA) was mandated in February.  Ring's stance of enforcing a strengthening of security may be related to several recent high-profile home camera hack reports.
Ring: An IoT device's security improved by mandated 2FA

The facial recognition company Clearview AI advised a hacker stole its client list database. The firm works with law enforcement agencies and gained notoriety after admitting it had scrapped billions of individuals photos off the internet.

BLOG
NEWS
VULNERABILITIES AND SECURITY UPDATESAWARENESS, EDUCATION AND THREAT INTELLIGENCE