Bottom Line I.T. with Erik Jacobsen
and Amy Mumby.
RECORDED at ASK for June 4, and 11, 2019.
Segment 1
Why You Should Never Use Airport USB Charging Stations
If you have travel plans this summer you might want to skip the charging station at the airport. Apparently cyber criminals are using airport charging stations to install malware on phones and tablets by modifying the USB connection. The VP of X-Force Threat Intelligence at IBM Security compares using a public USB port to finding a used toothbrush on the side the road and actually using it. Mmmm…
Segment 2
First American Financial website leaked 885 million documents
https://www.scmagazine.com/home/security-news/first-american-financial-website-leaked-885-million-documents/
We hear of records being leaked from companies all the time. But this one is a doozy as far more was leaked than the names and addresses. 885 million documents have been leaked by First American Financial website. The developer who found the vulnerability was able to access the documents by simply changing the document number. Documents that were leaked include bank account numbers, mortgage records, Social Security numbers, and tax records.
Segment 3
Employees Want Smarter Office Security
When we conduct security risk assessments for our clients, it includes more than just looking at the security posture of the company’s network and infrastructure. We also look at the overall security of the physical office. Openpath conducted a survey on Office Technology and found a number of interesting stats. One thing that stood out to us is that while many workers were in favor of better office security, they also found it difficult to even enter their office. What does this tell us? It tells us that there is a need to marry convenience with security.
Segment 4
A Year Later, Has GDPR Raised the Bar on “Reasonable Security”?
It’s the birthday for GDRP! While many companies took immediate action to make sure they were compliant with GDRP policies, some experts believe that about 50% of companies covered by GDRP are sill working on becoming compliant. The process isn’t as easy as adding opt-in confirmation emails and putting up privacy and cookie policies on your website. So how are things coming along with GDRP one year later?
Segment 5
Legal Threats Make Powerful Phishing Lures
https://krebsonsecurity.com/2019/05/legal-threats-make-powerful-phishing-lures/
If you receive an email from someone stating that they are suing you, what would your natural response be? As your stomach sinks and your heart races, chances are your initial reaction is to do whatever the email says – especially if it is coming from someone you relatively know. While these types of emails are sent every day, the actual percentage of them being real is really low. Legal threats via email are incredibly powerful phishing tactics simply because it instills a level of fear no one wants to experience.
Segment 6
Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours
https://thehackernews.com/2019/05/microsoft-zero-day-vulnerability.html
Zero-day vulnerabilities are our favorite type of security incident – we hope you can sense the sarcasm. In late May, a number of Microsoft zero-day vulnerabilities were disclosed. These vulnerabilities reportedly reside in Windows Error Reporting services, Internet Explorer 11, and in Task Scheduler utility.
