Week in review: IoT security, cyber hygiene, Social Mapper

Get a copy of the upcoming book "Secure Operations Technology"

Here’s an overview of some of last week’s most interesting news and articles:

Intensifying DDoS attacks: ​Choosing your defensive strategy
One of the biggest misconception regarding DDoS attacks is that they are a once-in-a-lifetime event for organizations, says Josh Shaul, VP of Web Security at Akamai. “Our State of the Internet Report found that companies suffered 41 DDoS attacks on average over the last six months,” he points out.

August Patch Tuesday forecast: Looking ahead after a frustrating July
Approaching August Patch Tuesday, we are supposed to be in the ‘dog days’ of summer where everything slows down. Unfortunately, July was full of CVEs and stability fixes with no time to just lie around.

Hashcat developer discovers simpler way to crack WPA2 wireless passwords
While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens “Atom” Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks.

Cyber hygiene: Where do organizations fall behind on basics?
Tripwire released its State of Cyber Hygiene report, which examined how organisations are implementing security controls that the Center for Internet Security (CIS) refers to as cyber hygiene. Also, cyber hygiene training is infrequent and inconsistent.

IoT malware found hitting airplanes’ SATCOM systems
Ruben Santamarta showed that it’s possible for remote attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts, earth stations on vessels and those used by the US military in conflict zones.

Most IT decision makers believe AI is the silver bullet to cybersecurity challenges
New research from ESET reveals that three in four IT decision makers (75%) believe that AI and ML are the silver bullet to solving their cybersecurity challenges.

The FBI warns about compromised IoT devices
The FBI is instructing users on how to recognize when their IoT devices have been compromised and advising them on how to keep them secure.

Social Mapper: A free tool for automated discovery of targets’ social media accounts
The tool takes advantage of facial recognition technology and searches for targets’ accounts on LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.

HP plugs critical RCE flaws in InkJet printers
HP has plugged two critical vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting many of its InkJet printers and is urging users to implement the provided firmware updates as soon as possible.

Only 8% of orgs have effective DevSecOps practices
The study spotlights the biggest barriers to securing software today depending on where organizations sit on the DevOps maturity curve.

Android Pie: Security and privacy changes
It is official: “Android P” is Android Pie, and it comes with a variety of new capabilities and security and privacy changes.

IoT security: Lessons we can learn from the evolution of road safety
In the world we know today, road safety is carefully enforced to the point where we take it for granted. But it wasn’t always thus. People simply weren’t aware of the risks.

The security issues 3D printing should solve before going mainstream
It’s always fun when you can mix your personal hobbies and interests with your profession, and often the passion you carry for the things you love can lead to valuable and productive insights for your vocation as well. Let’s hope that theory proves true as this 20-year information security professional, and recent 3D printing enthusiast, considers the potential cybersecurity risks with additive manufacturing.

There’s a global divide in how organizations assess cyber risk
Nearly 48 percent of organizations globally have embraced strategic vulnerability assessment as a foundational element of their cyber defense and a critical step toward reducing risk. Of those organizations, however, only five percent display the highest degree of maturity.

Should we add bugs to software to put off attackers?
A group of New York University researchers are testing a new approach to software security: adding more bugs to it instead of removing them. The idea is to “drown attackers in a sea of enticing-looking but ultimately non-exploitable bugs” and waste skilled attackers’ time.

The future of OT security in critical infrastructure
Progress only comes when both IT and OT stakeholders can (1) correctly assess current and emerging risks to industrial operations, (2) correctly assess the strength and benefits of candidate threat mitigation measures, and (3) convince business decision-makers of the correctness of these assessments to commit funds to business process and security modernization initiatives. All three of these cases are essential, but also have their corresponding pitfalls to avoid.

WhiteSource unveils free open source Vulnerability Checker
WhiteSource announced the release of its Vulnerability Checker, a free tool that provides companies with immediate, real-time alerts on the 50 most critical open source vulnerabilities published in the open source community.