You are here
Home > News

Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials

I want to know why this wasn't picked up in product testing... Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Researchers discovered the problem in Amazon’s Ring Video Doorbell Pro IoT device, a smart doorbell that combines security cameras with motion-detection to help prot

Aventura charged for flogging Chinese spy equipment to US gov’t with security vulnerabilities

Quis custodiet ipsos custodes? as Donald Trump is very unlikely to say...: Aventura Technologies and its operator have been charged with fraud after allegedly selling surveillance equipment to the US government with known security vulnerabilities. Located in Commack, New York, the company, which sells products including vision cameras, CCTV, and storage services, is central to a criminal complaint unsealed on Thursday. According to the US Department of Justice (DoJ), A

Security in the supply chain – a post-GDPR approach

I work a lot with startups who are too young and too small to have even thought about ISO27001 accreditation and complex security controls. In the absence of a recognised accreditation (which doesn't necessarily prove that your data is secure and private), a sensible approach is to ask you suppliers for their Technical and Operational Measures (TOM) which they should be able to give you under NDA. At the simplest level this can be a two page document. My preference is to use ...

Four ways to defend your network against IoT vulnerabilities

Since I've been selling IT Asset management, I've seen numerous articles like this one pop up. Knowing what's on your network, both hardware and software, are the top 2 things in the CIS top 20 so it's no surprise that this applies to IoT. Ask me about Axonius some time...: [...] 1. You can’t protect what you can’t see Less than half of all businesses are able to detect IoT breaches, according to a recent study. This detection issue is largely the result of the sheer n

UK Supreme Court upholds first successful claim for breach of the “Quincecare” duty financial institutions owe their customers

I've reproduced the whole article because it raises an important issue. Financial institutions have a duty of care to make sure funds are not misappropriated. Given the rise of Business Email Compromise (BEC), this is additional reason for compaies to ensure controls are in place to identify and stop fraudulent transactions...: In Singularis Holdings Ltd (In Official Liquidation) v Daiwa Capital Markets Europe Ltd ([2019] UKSC 50), the Supreme Court upheld the first successf

Navigating Privacy and Cyber Incident Notification and Disclosure Requirements

Screenshot of the ICO Report a Breach web page

This is from a US perspective. For we Europeans, a lot of these requirements are mandated by the regulator (here is the ICO advice on notification). It's worth keeping up to date with what happens elsewhere in the world so have a read of the original article...: Fulfilling a company's data breach and cybersecurity incident notification and disclosure requirements is an increasing challenge. Companies operating across industry sectors and around the world must satisfy a wide

UAE may lift WhatsApp calls ban ‘soon’, says top cyber security official

Does this mean that the UAE have found a way to monitor voice calls via WhatsApp?...: The UAE may lift the ban on WhatsApp calls soon, a top cyber security official said. Mohamed Al Kuwaiti, executive director of the UAE’s National Electronic Security Authority, said talks are ongoing with Facebook-owned WhatsApp. “The collaboration with WhatsApp has actually increased, and in many of those (projects) we saw a very good understanding (from them) of the concept we have,

James Fisher and Sons hit by cyber breach

This story popped up several times in my news feeds so I suspect there's more to the breach than is being shared at the moment...: Marine services provider James Fisher and Sons (JFS) told investors on Tuesday that hackers had managed to breach its computer systems. JFS has since taken all affected systems offline and is currently working to recover data from back-ups, according to a Reuters report. The company said that it had notified regulators and law enforcement auth

New cybersecurity guide is the first to gather global expertise

Worth adding to your own reference library... Some of the world's leading experts in cybersecurity have pooled their academic and industry insights to produce an authoritative guide that could help organizations to future proof their resources. The guide, the first of its kind, will also help expand the capabilities of those who will be at the forefront of tackling the challenges of an increasingly connected world. Despite cyberattacks costing the global economy hundreds