Inside | Real news, curated by real humans
Inside Security

Inside Security (Dec 4th, 2017)

David’s Take

Some annual security predictions are short and sweet and this one will take you about three minutes to review. It is from Service Now and suggests that security haves and have-nots will emerge (the difference being automated detection and response and guess who sells such a solution), better ways to articulate threats to management, and there are now threats of physical harm from connected devices. It gets my nod for today’s report of note.

The usual collection of today’s threats along with funding events of the past week and a recap of the new AWS security announcements are here for your reading pleasure.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story

PayPal says that one of the companies it acquired this past July suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6M customers. The victim is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America, and is resold by City Utilities. Customers will eventually be notified via postal mail and email.  – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

Attacks and vulnerabilities

Another exposed storage bucket on AWS, this time containing tens of thousands of individuals’ credit apps for the National Credit Federation based in Tampa. Chris Vickery found them, and while no malicious actors have claimed any access, this is another example of public storage containers found by Vickery. – ON GUARD BLOG

  • Email gray
  • Permalink gray

A flaw in the original patch for the notorious Linux-based Dirty COW vulnerability could allow an adversary to run local code on affected systems and perform a privilege escalation attack. The Dirty COW patch was released in October 2016, and one analyst said, “The real deal here is the astonishing fact that such a hyped vulnerability was patched incompletely.” -- THREATPOST

  • Email gray
  • Permalink gray

Those of us that have keyless entry fobs for our cars might be interested in this story, that recounts how quickly a pair of thieves were able to steal a car in the UK with specialized RFID repeaters. My colleague Lisa Vaas links to several surveillance videos that show cars being stolen using this method from several cities. The solution is to use a steering wheel lock and keep your fob in the fridge, a makeshift Faraday cage.  – NAKED SECURITY

  • Email gray
  • Permalink gray

This post by my colleague Erica Chickowski reviews the past GitHub security lapses, in the hopes that you might not make them again. The morals: use the GitHub security tools to ensure you aren’t exposing anything you shouldn’t be, and make sure you control access to your files appropriately. – DARK READING

  • Email gray
  • Permalink gray

Two different vulnerabilities were found in the RSA Authentication SDK. The first has to do with the Apache Authentication Agent, the second with the C programming agent interface. Patches are available and should be applied asap. – SECURITY AFFAIRS

  • Email gray
  • Permalink gray

New products: AWS Services galore

Amazon announced dozens of new services for AWS last week at its annual conference. We’ll just highlight the security-related ones, you can find the entire comprehensive list here. The biggest announcement was its GuardDuty family. This is a fully managed intelligent threat detection service that helps AWS customers safeguard their accounts and workloads against malicious or unauthorized behavior. It applies machine learning techniques to various threat feeds and your traffic to identify threats. It has a free 30-day trial available. Also announced last week were a series of IoT-related services, including security, a real-time OS for devices and analytics.

  • Email gray
  • Permalink gray

Funding events of the week

Qualys has announced it is acquiring assets from NetWatcher to incorporate into the Qualys Cloud Platform to boost its threat intelligence capabilities. Terms were not disclosed.

Terbium Labs completed a $6M funding round, with Glasswing Ventures in the lead. The Baltimore-based firm uses the dark web to find potential threat actors and has Danny Rogers as its CEO.

Pwnie Express raised a $8K round led by 406 Ventures. The Boston-area firm has continuous IoT device monitoring solution and its CEO is Todd DeSisto.

ReversingLabs raised a $25M A round led by Trident Capital. The Boston-area firm has various threat detection products and its CEO is Mario Vuksan.

Google Nest and Apple iPod creator Tony Fadell has launched CashShield, a cybersecurity company that uses high-speed algorithms to combat online fraud, Bloomberg notes.

  • Email gray
  • Permalink gray

Self-promotions dep’t

Iovation subscribers have experienced lower credit card fraud this holiday season when compared to last year with almost a third decrease. – IOVATION

  • Email gray
  • Permalink gray

Tools

WhatsApp has rolled out two-step verification to all of its user base, the company quietly announced through an updated FAQ on its website. Once you turn it on, any request to verify your phone number (which is how WhatsApp authenticates you) will require a separate passcode.  -- TECHCRUNCH

  • Email gray
  • Permalink gray

Just for fun

I became a fan of the board game Catan a few years ago when my daughter introduced me to it and I highly recommend it. It combines the best elements of game play from Monopoly and Risk into something that your whole family can enjoy. It was only a matter of time until a VR port of the game became available, according to Ars. -- ARS

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Invest in Ring4, the 2nd phone number startup that was voted best product on ProductHunt. 

 

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

Subscribe to Inside Security

MORE NEWSLETTERS

A concise presentation of the world's most important, interesting news

Inside Daily Brief

A concise presentation of the world's most important, interesting news

DAILY
A concise presentation of the world's most important, interesting news

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

TWICE WEEKLY
Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

TWICE WEEKLY

SUBSCRIBED!

Share via

Digging into the Trump Presidency, issue by issue

Inside Trump

Digging into the Trump Presidency, issue by issue

DAILY
Digging into the Trump Presidency, issue by issue

Inside Trump

DAILY

SUBSCRIBED!

Share via

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

WEEKLY
News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

WEEKLY

SUBSCRIBED!

Share via