Cybersecurity issues can occur anywhere, even in cardiac devices and pacemakers. The U.S. Food and Drug Administration (FDA) announced an upgrade to the firmware installed on certain vulnerable cardiac devices. The update protects these devices from unauthorized access that could be harmful to patients. Also making headlines last week, Georgia’s governor vetoed a bill that would have criminalized unauthorized computer access. The bill received blowback from the state’s booming cybersecurity industry for claiming vulnerabilities in important computer systems would not be uncovered and disclosed responsibly. As a result, cybercriminals would be able to exploit them with ease.
Category: SiteLock Podcast (Page 1 of 2)
Decoding Security is celebrating National Small Business week by sharing simple recommendations that small businesses can use to protect themselves from today’s ever evolving cyberthreats. But first, we take a look at what’s trending in the news. Two additional security updates were released by the Drupal security team last month as part of continuing maintenance efforts after the discovery of the initial Drupalgeddon2 vulnerability in March. Drupal is urging its users to implement these updates immediately to avoid possible compromise. Meanwhile, the RSA Security Conference took place in San Francisco last month, drawing thousands of attendees from across the globe. However, the third-party mobile app built for the mega IT security conference was found to have a vulnerability, which could have potentially leaked the first and last names of attendees.
Continuing to deal with the fallout from the Cambridge Analytica data scandal, last week, Facebook founder and CEO Mark Zuckerberg, testified before U.S. Congress admitting he never audited Cambridge Analytica to ensure the Facebook user data collected had been deleted. Also in the news this week, Panera Bread experienced a data breach that exposed millions of customers’ personal data for as long as eight months. Despite being warned by multiple security researchers, Panera did not disclose or address the leak until last week.
Facebook has recently dominated cybersecurity headlines following the revelation that a third party analytics firm collected data on over 50 million unknowing users. Many Facebook app users were shocked to learn the social network recorded their personal calls and text messages, not realizing they had inadvertently given the company permission to do so.
The Equifax breach dominated headlines in September 2017, and is once again making news. Last week former Equifax CIO, Jun Ying, was found guilty of selling all of his company stock, knowing it would soon be worthless, before the 2017 security breach was made public. In other cybersecurity news, your Decoding Security hosts also discuss the recently disclosed RyzenFall vulnerability, which could allow cybercriminals to copy data from secure areas of millions of computers.
Gearing up for another annual spring cleaning? Add a digital deep clean to your to-do list! Our hosts, Jessica Ortega and Ramuel Gall, share easy and valuable tips for conducting a digital spring clean of your website and everyday devices. With their help, you’ll be able to spring into the rest of the year with updated and more secure devices!
The 2018 Winter Olympics got off to a shaky start this year thanks to a cyberattack. The attack took down the official Olympics website, preventing access to tickets, thus preventing many ticket holders from attending the opening ceremonies. This kind of cyberattack could happen to any size organization at any time. In fact, it could happen to any person at any time. Cybercriminals often hack into individuals’ personal computers, allowing them access to private online assets, like family photos. No matter who you are, it’s important to put together an incident response plan (IRP) to protect your information should a crisis occur. In this week’s episode, our hosts share a few simple steps that anyone can take to create a response plan.
A few cybercriminals recently hit the jackpot – literally. “Jackpotting,” a hack that forces ATMs to dispense large amounts of cash on demand, hit the cybercrime scene in a big way, with six reported cases in the United States during the last week of January alone. In other cybersecurity news, exercise tracking app Strava and its public heatmap of user activity raised serious privacy concerns this week. A sharp-eyed student noticed that small, secluded areas of high Strava activity in countries like Syria, Afghanistan, and Somalia could potentially indicate the locations of several US military bases.
Looking for a date in time for Valentine’s Day? If you’re using Tinder, be careful when swiping right. Cybersecurity researchers discovered security flaws in the popular dating app that could allow hackers to discover users’ private data and personal preferences, like the photos of users they’ve swiped right or left on. In other cybersecurity news, a cybercrime “conglomerate” named Zirconium has been found responsible for the largest malvertising operation of 2017. Using a network of 28 fake ad agencies, Zirconium strategically placed ads that led users to malicious websites pushing scams or fake software updates. The campaigns were so successful – and so sneaky – that they generated 1 billion ad views in 2017.
We’re just days into 2018 and cybersecurity already has its first major headline of the year: Meltdown and Spectre. By exploiting common features found in modern microprocessors, cybercriminals have been able to use the attacks known as “Meltdown” and “Spectre” to steal sensitive information from any computer, device, and even the cloud. We’ll walk you through how and why Meltdown and Spectre happened, and which security patches are already available.
We’ll also provide an overview of the principle of least privilege, the concept of restricting user permissions as a preemptive security measure. Join our hosts, security analysts Jessica Ortega and Ramuel Gall, as they provide important tips that everyone, from parents to CTOs, can use to protect themselves from the cybersecurity risks caused by human error.
Want to learn more about how both businesses and individuals can improve their cybersecurity savvy? Check out our past podcasts on endpoint and website security or social media security. For more Decoding Security, subscribe on YouTube, iTunes, or Google Play!