In your weekly cybersecurity digest, sex toy security is high on the list while IT professionals worry about API exposure.
The recent news of the WannaMine and Smominru cryptocurrency miner botnets has the security world on high alert.
Last week, Google gave us an insight into just how many types of malicious applications its team flagged in 2017 – a massive 700,000 apps in total.
Tor and teledildonics
The major security issues with network-connected sex toys are well documented, with a vast attack surface as well as the potential for extremely intimate data theft.
According to researcher Sarah Jamie Lewis, using the anonymous Tor network could help mitigate threats by making connected sex toy use totally anonymous. She told Wired she had figured out a way to create “100pc encrypted peer-to-peer cybersex”.
A patch for a zero-day exploit in Adobe Flash is coming this week, according to ZDNet. Group 123 is apparently responsible and Cisco Talos said the victim has been “a very specific and high-value target”. The group is apparently of North Korean origin and the attack could have potentially been used to remotely control affected machines. Adobe expects Flash end-of-life by the close of 2020.
Fortune 500 password leak
In what is yet another embarrassing security mishap for a slew of major firms, researchers uncovered a database with 2.7m stolen account credentials on the dark web from Fortune 500 employees. The data had apparently been collected over three years. The highest number of leaked credentials was in the financial sector, reported VeriClouds.
In a world where most customers deal with companies through application programming interfaces (APIs), IT managers are growing concerned at the potential for attacks, according to Infosecurity magazine. Organisations are managing 363 APIs on average and 69pc of those are exposed to partners and the public. Many experts say DevSecOps – the combination of development, security and operations – will play a vital role in protecting business-critical web apps and their users.
Fake FBI hoodwinking people
As reported by DarkReading, a new cyberattack is scamming people into providing personal information, and downloading files by impersonating an FBI unit known as the Internet Crime Complaint Center (IC3) in the US. The scam sees users download text files containing malware to return to the attackers.
On that note, the Oxford English dictionary welcomed ‘ransomware’ into the fold as one of the new additions to its collection for 2018. Others chosen this year included ‘mansplaining’ and ‘hangry’. CIO also made the cut – Cry It Out, that is.