Kategori Okategoriserade

There’s a simple reason why your new smart TV was so affordable: It’s collecting and selling your data

  • The vast majority of televisions available today are ”smart” TVs, with internet connections, ad placement, and streaming services built in.
  • Despite the added functionality, TV prices are lower than ever – especially from companies like TCL and Vizio, which specialize in low-cost, high-tech smart TVs.
  • There’s a simple reason that smart TV prices are so low: some TV makers collect user data and sell it to third-parties, which can offset the cost.

https://nordic.businessinsider.com/smart-tv-data-collection-advertising-2019-1

Difference between a vulnerability assessment and a penetration testing!

Vulnerability Assessments

A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment. Vulnerabilities typically include unpatched or mis-configured systems. 

The purpose of a vulnerability scan is to identify known vulnerabilities so they can be fixed, typically through the application of vendor-supplied patches. Vulnerability scans are critical to an organisations’ vulnerability management programme. The scans are typically run at least quarterly, though many experts would recommend monthly scans.

Penetration Tests

One of the initial phases performed by a penetration tester is to perform a vulnerability scan to learn the IP addresses, device type, operating systems and vulnerabilities present on the systems. The next phase of a penetration test is exploitation which takes advantage of the vulnerabilities identified in the system to escalate privileges to gain control of the network or to steal sensitive data from the system.

Both should be performed

Although vulnerability assessments and penetration testing have different goals, both should be performed to improve the overall security of the information system by a skilled information security professional. The vulnerability assessment should be performed regularly to identify and fix known vulnerabilities on an on-going basis. The penetration test should be performed by a skilled and experienced penetration tester at least once a year and definitely after significant changes in the information systems environment to identify exploitable vulnerabilities in the environment that may give a hacker unauthorized access to the system.

Difference between a vulnerability assessment and a penetration testing by Arthur Soghomonyan

New tool automates phishing attacks that bypass 2FA

Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool. <…>

All attackers need is a phishing domain name (to host on the Modlishka server) and a valid TLS certificate to avoid alerting users of the lack of an HTTPS connection

https://www.zdnet.com/article/new-tool-automates-phishing-attacks-that-bypass-2fa/

Människor, myndigheter, företag och sjukhus är inte vuxna nog att skydda sig själva i cyberdjungeln

Smart-TV-apparater läcker bilder från ditt vardagsrum. Chromecast-enheter medger att hackare visar egna videofilmer. Mobiltelefoner skvallrar om position, kontakter och användning. Din webbkamera läcker bilder från sovrummet. Din internetrouter som du fått av internetleverantören läcker som ett såll och används till att bryta ny kryptovaluta. Dina konton hos de stora webbdrakarna läcker uppgifter som galningar.

Men ingen bryr sig egentligen om det.

How 4 of the CIS Controls™ Can Help Secure Your Home Network

Facing everything from viruses to malware, home and personal networks can be just as vulnerable to cyber crime as organizational systems. Here are eight tips to help you protect your home network from cyber threats:

https://www.cisecurity.org/blog/cis-controls-help-secure-home-network/?utm_source=organic-twitter

1. Count your devices
2. Inventory all software & apps
3. Run anti-malware/anti-virus
4. Auto-update when possible
5. Share with caution
6. Beware of suspicious emails
7. Use strong, unique passwords
8. Lock down your router

Download the CIS Controls 

Huggsexa om säkerhetsproffs – ”många bolag är väldigt aggressiva”

It-säkerhetsfrågor har alltid legat högt på företagens agendor. Och i takt med att allt mer av verksamheterna digitaliseras blir givetvis säkerhetsbehoven ännu större. Men i en bransch som skriker efter kompetens är jakten på duktigt it-säkerhetsfolk en utmaning, inte minst eftersom säkerhetsaffärerna lockar fler och fler aktörer.

Vi har tidigare rapporterat om IT&Telekomföretagens stora rapport It-kompetensbristen, där organisationen flaggar för att det kommer att behövas 70 000 personer för att täcka behoven fram till 2022. När man tittar mer specifikt på siffrorna framkommer det att det skriande behovet under de närmaste fyra åren är minst 500 it-säkerhetsexperter.

https://computersweden.idg.se/2.2683/1.707682/huggsexa-it-sakerhetsexperter?utm_source=dmdelivery&utm_medium=email&utm_campaign=Techworld%20Security%20Update%202018-09-25%209%3A50%3A10

For safety’s sake, we must slow innovation in internet-connected things

In a new book called Click Here to Kill Everybody, Bruce Schneier argues that governments must step in now to force companies developing connected gadgets to make security a priority rather than an afterthought.

Can’t we just unplug ourselves somewhat to limit the risks?

That’s getting harder and harder to do. I tried to buy a car that wasn’t connected to the internet, and I failed. It’s not that there were no cars available like this, but the ones in the range I wanted all came with an internet connection. Even if it could be turned off, there was no guarantee hackers couldn’t turn it back on remotely.

https://www.technologyreview.com/s/611948/for-safetys-sake-we-must-slow-innovation-in-internet-connected-things/