July 5, 2022
Good morning, everyone!
Patch All the Things!
You can’t make this stuff up
I truly wish I could say this was a joke, but it isn’t. Last week a man in Japan transferred personal data on 460,000 residents of Amagasaki to a USB stick, put it in his bag, and went out for drinks with friends. He awoke at 3 a.m. (on the street!) and went home without his bag. On the USB drive was:
the home addresses and bank account details of every one of the 460,000 residents of Amagasaki, officials in the small industrial city in Japan’s Hyogo prefecture said in a statement Thursday. It also identified households receiving public assistance, they said.
(smacking forehead) Honestly I can’t imagine why this guy thought it was a good idea to put this kind of confidential information on a USB stick and carry it to a party, but there you have it. Don’t be like this guy.
A wide range of routers are under attack
Researchers from Lumen Technologies' Black Lotus Labs have uncovered a widespread campaign by an “unusually advanced hacking group” that has developed custom malware for routers made by Cisco, Netgear, Asus, and DrayTek. I’ve written before on the five easy steps to securing your wireless router. If you haven’t done this already, do it now!
FCC: the TikTok app is a national security risk
FCC commissioner Brendan Carr recently wrote a letter to Apple & Google asking them to remove TikTok apps from their app stores:
"TikTok is not what it appears to be on the surface," Carr wrote. "It's not just an app for sharing funny videos or memes. That's the sheep's clothing. At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data."
The full letter is available here and I must say, it contains some pretty shocking accusations:
Indeed, TikTok collects everything from search and browsing histories to keystroke pattens and biometric identifiers, including faceprints - which researchers have said might be used in unrelated facial recognition technology - and voice points. It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device's clipboard. The list of personal and sensitive data it collects goes on from there.
Security researchers have found the TikTok app circumventing privacy restrictions on both Google Android and Apple devices. The TikTok app has been found accessing passwords, cryptocurrency wallet addresses and personal messages, as well as tracking users online.
You may recall that the Trump administration threatened to ban TikTok, but the courts blocked that action. The Biden administration has proposed new rules to monitor apps like TikTok that are considered national security risks. India (the world’s largest democracy) has already banned TikTok for stealing user data and transmitting it without authorization.
So, I dunno, do you really need that app on your phone? Think about it.
Have a great week!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺