Vlog - Security Snark

This week's episode covers defense contracts and ransomware, common cloud misconfiguration exploits, theft of IP, and Android eavesdropping bugs.

Defense Contractors are Highly Susceptible to Ransomware Attacks

Help Net Security

Attack Type:

What To Know:  Defense contractors are still highly susceptible to ransomware attacks, despite efforts by the Pentagon to help secure our supply chain via the CMMC.

Why You Should Care:  The toil and treasure of U.S. taxpayers is being ripped off by our strategic competitors.  What is worse, this could put our warfighters at risk of getting killed.

Common Cloud Misconfigurations can be Exploited in Minutes

Cyware

Attack Type: 

What To Know:  A new report shows that common cloud misconfigurations can be exploited in minutes.

Why You Should Care:  Cloud computing is attractive for many reasons, but do not make the mistake of assuming that security is the CSP (Cloud Service Providers) problem only.  Improper use of the cloud can lead to data exfiltration.

NCSC Warns Industry, Academia of Foreign Threats to Their Intellectual Property

CSO Online

Attack Type: 

What To Know:  The NCSC (National Counterintelligence and Security Center) has warned that American industry and academia are being targeted for intellectual property theft.

Why You Should Care:  American universities remain a destination for the entire world, especially for those seeking advanced STEM degrees.  Keeping these organizations secure is important if we wish to remain competitive.

Multiple Bugs Enable Eavesdropping on 37% of Android Phones

Infosecurity Magazine

Attack Type: 

What To Know:  Multiple bugs enable eavesdropping on 37% of Android phones.

Why You Should Care:  Don’t assume that your smartphone is “secure.”  It isn’t.