Cyber Security News Roundup: Sonic, Android, Linux and a task force
The blind leading the blind on Cyber Security
It’s been another busy week in Cyber Security. We’ve got everything from Android security advice to a high risk Linux Kernel that needs to be patched immediately. We’ve also got a good one about a Dark Web drug lord that got arrested attending an event that I didn’t even know existed, or could exist, before this week began.
But the story that interests me the most is what we’ll lead off with. The blind leading the blind. It seems like if you were going to build a task force on Cyber Crime, you wouldn’t let an organization that just suffered an egregious breach lead it. Right?
Wrong.
SEC to lead task force on Cyber Crime
The SEC is leading a task force on Cyber Crime. Specifically, the task force will be concentrating on rooting out criminals on the dark web and monitoring the crypto-currency market. Specifically initial coin offerings. Initial coin offerings are like IPOs, but for crypto-currencies and some shady stuff happens with them. And of course monitoring the dark web is a given. Though it is a little ironic that the SEC would lead this venture given its recent problems.
[Source: News BTC]
Don’t use an unlock pattern to secure your Android phone
You know how your Android phone lets you draw that little pattern on the screen to unlock it? Yeah, that’s not safe. Research by the US Naval Academy at the University of Maryland Baltimore County has found that 64% of shoulder surfing attackers and reproduce it. Yep, 64%, and that’s just from seeing it one time. The number jumps to nearly 80% the second time. Use a strong password to secure your phone. It’s a proven method.
[Source: Help Net Security]
Dark Web Drug Dealer busted at Beard competition
Speaking of the dark web, a notorious dark web drug dealer was arrested after attending a beard competition in the US. Gal Vallerius is a 38 year-old Frenchman who decided to leave the comforts of his home to attend the World Bear and Mustache Championships. I didn’t even know that was a thing. Anyway, Vallerius is also accused of being one of the proprietors of Dream Market, a large black market dark web site that was shut down by the fed several months ago.
[Source: Hacker News]
Sonic gets breached, Data for millions of cards stolen
If you’ve ever eaten at a Sonic drive-in, you may want to get a new credit or debit card. That’s because Sonic announced it was the victim of a breach recently and the data for over one million debit and credit cards were stolen. This reinforces something that we say all the time here at Hashed Out: cyber crime can happen to anyone. Sonic, a company that makes its money by selling burgers and slushies with an old-timey drive-in feel, probably thought it would be the last company that would have to worry about a breach. Wrong.
[Source: Mashable]
High Risk Linux flaw needs to be patched immediately
There’s a flaw in the way the Linux kernel loads ELF files. Someone that knows what they’re doing can place a malicious program called a PIE (Position Independent Executable) can cause memory corruption and possible local privilege escalation. This flaw has been deemed “High Risk” and users are advised to patch their systems immediately. Just run your usual package management tools to install the patched kernel. Then reboot.
[Source: The Register]
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown