Children’s messages in CloudPets data breach: An open database containing links to more than 2 million voice messages recorded on cuddly toys has been discovered, The animals are advertised as being toys that enable people to record and send greetings via a phone app and the toy itself. The messages were created by owners of CloudPets soft toys. At one point, the data was even held to ransom cybersecurity researcher Troy Hunt has expressed concern that there were no password rules at all, meaning lots of people had selected passwords that were extremely easy to crack. Because there were no rules, lots of people created bad passwords,” he told the BBC.
Warning on used cars failing to forget old owners: In a speech at the RSA Security conference, Mr Henderson said that despite selling a car years ago he still knew where it was because there was no process in place to unhook connected-car apps from former owners. “The car is really smart, but it’s not smart enough to know who its owner is, so it’s not smart enough to know it’s been re-sold,” Mr Henderson told the CNNTech news site. Although there were processes in place manufacturers and car dealers had no way to disconnect car. Six of the applications tested did not encrypt user names and none had good protections against reverse engineering techniques or hijacking by malware.
Bad bug found in Microsoft browsing code: Google has released details of a bug in Microsoft’s browsing programs that would allow attackers to build websites that make the software crash. The bug was found in November, but details are only now being released after the expiry of the 90-day deadline Google gave Microsoft to find a fix. In a statement, Microsoft did not comment directly on the bug and its significance but said it had a “customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. Google researcher Ivan Fratric said the bug could, in some cases, allow attackers to hijack.
MWC 2017: ‘22,000 hackable webcams in Barcelona: A leading security company Avast says it has discovered 22,000 hackable internet-connected baby monitors and other types of webcam in Barcelona. In addition, it said it had found more than 470,000 other types of vulnerable smart devices. The firm warned that unsuspecting owners could be spied upon as a consequence. A research underlines just how easy it is to locate potentially vulnerable ‘smart’ devices and how they might be compromised. Avast used the connected-objects search engine Shodan to identify the devices. It said to qualify they needed to have outdated firmware with a known vulnerability.
Cloudflare bug data leak exposed: Private messages exchanged on dating sites, hotel bookings and frames from adult videos were among the data inadvertently exposed by a bug discovered in the Cloudflare network. The bug came to light while Cloudflare was migrating from older to newer software. COO John Graham-Cumming said it was likely that in the last week, around 120,000 web pages per day may have contained some unencrypted private data, along with other junk text, along the bottom. He told there was no evidence yet that the data had been used maliciously. The firm, whose strapline is “make the internet work the way it should”, has also been working with the major search engines to get the data scrubbed from their caches – snapshots taken of pages at various times.
UK, EU Seek to Strengthen Cyber Defenses: Margaret Beckett, Chair of the Joint Committee on the National Security Strategy in the UK, said that attention has recently focused on the potential exploitation of the cyber domain by other states and associated actors for political purposes. The Committee is seeking input on the cybersecurity strategy for the UK and the level of government involvement, and participation in the cybersecurity of the private sector is currently being decided. In November 2016, authorities also outlined plans to make firms focus on their own security by encouraging them to conduct regular security checks themselves. Meanwhile, the EU is considering a plan similar to UK.
Cybersecurity Insurance: Smart Investment?: Cyberattack incidents are on the rise, therefore it comes as no surprise that investing in cybersecurity is steadily becoming more significant to these enterprises. Following numerous recent data breaches, a great deal about cyber liability insurance has been published. In order to cover all aspects of data exposure and possible breaches, companies should have a strong understanding of how their respective cyber insurance mitigates cyber risk. The benefits to be gained from cyber insurance depend directly on companies understanding their vast information that is exposed to employees and the public. Regarding the provision of insurance, the result will be better if companies have a strong comprehension of their exposures.
Most Hackers Can Steal Data Within 24 Hours: Around one-third of attackers said their target organizations never detected their activities. Data breaches take an average of 250–300 days to detect if they’re detected at all,but most attackers tell us they can break in and steal the target data within 24 hours. More than three-quarters (88%) of hackers can break through cybersecurity. Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks. More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks.
Google Just Discovered A Massive Web Leak: Being dubbed CloudBleed by some,a Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit and OKCupid. CloudFlare, which hosts and serves content for at least 2 million websites, was returning random chunks of memory from vulnerable servers when requests came in,so a request to one vulnerable website could reveal information about a separate, unrelated CloudFlare site. Regardless of that cleanup and the continuing efforts of CloudFlare to remove the bug from its customers’ servers, Google security researchers like Natalie Silvanovich believe the ultimate impact might be severe.