Consumer

Rapid7 found flaws in web based servers used to manage Fuze's collaboration tools like phones and handsets - an increasingly common problem on the Internet of Things. (Image courtesy of Fuze.)

IoT’s Cloud Risk on Display with Flaws in Fuze Collaboration Platform

In-brief: Rapid7 said it found a number of flaws that leaked data on users of collaboration technology by Fuze. In an increasingly common finding: poorly secured cloud resources, not the handsets, were the problem. 

Colleges, universities and K-12 schools collect lots of personal data on students. But how well do they protect it?  (Image: Yale University. Photo courtesy of Library of Congress.)

OSINT University: are Colleges and Universities protecting Student Data?

In-brief: Colleges and universities collect reams of student data – including personally identifying information- as part of their student “directory” files. They then distribute it to – basically – whomever asks. In this podcast, we talk with researcher Leah Figueroa who has researched the issue. Also: where are all those Devil’s Ivy attacks? And: companies are desperate for tools and talent to beat back sophisticated threats. Is artificial intelligence the answer? We talk with Endgame about the results of a new survey. 

The European Commission is contemplating labels for Internet connected devices that inform consumers about their security and privacy practices.

German Electronics Store Sued for Selling Un-Patchable Android Phones

In-brief: That’ll be $99, or $150 without the vulnerabilities! A lawsuit in Germany is trying to force stores to come clean about security holes in the products they sell to consumers. 

Security Pro tilts at Smart Drill, finds It doesn’t suck

Security Pro tilts at Smart Drill, finds It doesn’t suck

In-brief: Is there cause for hope? A new analysis of a connected power drill  by a researcher at DUO Security finds that it’s actually pretty secure. But challenges remain for connected device makers.

The New York Times expose on the hacks of the DNC is a case study in how not to respond to a cyber attack. We talk with Tim Bandos of Digital Guardian about building a cyber threat hunting capability.

Financial Malware, not Ransomware, drives most Cyber Crime

In-brief: data from the firm Symantec shows that financial malware targeting banks – not ransomware- is the most important and oft-used tool in the cyber criminal’s toolbox.