Industry Intel

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

UK Dating Site Exposes User Info

Recently, users of the UK-based dating site, Soulmates, reported receiving explicit emails that contained info available on their dating profiles. After what appeared to be a third-party data leak, Soulmates revealed that both usernames and corresponding email addresses had been compromised. Soulmates has since confirmed that the cause of the leak has been resolved, but declined to provide further detail.

Dangerous Microsoft Security Bug Found

In the past week, a Google researcher discovered a bug in the Microsoft® Windows Defender that exploits the program’s high-level permissions to cause chaos on the system—without the user having to take any action. The bug occurred when Windows Defender scanned a malicious email, which then enabled the remote code execution to further take control of the affected device. Fortunately, Microsoft releases automatic updates, so this should be resolved for most systems, or will be soon.

Ireland Falls Victim to Multiple Email Scams

In recent weeks, thousands of Irish citizens have received scam emails from Tesco Bank and Bank of Ireland, all requesting that they confirm personal information via a link to the site’s login page. (As if we needed yet another reason to avoid links in emails…) Recognizing that many users will be savvy enough to delete the obvious phishing attempt without clicking the link, attackers are likely measuring success based solely on the relatively small percentage of recipients who fall for the scam.

Healthcare Providers Leave Medical Records Accessible to All

Researchers have recently uncovered a flaw in several healthcare providers’ websites, which allows any user to view the medical records of other patients. By logging into one site, the researcher was able to successfully load another patient’s records by simply changing a single digit in the PDF download link. Another site allowed users to view records without a login that would verify their identity.

SS7, Major Security Flaw in International Telecomm

For years now, researchers have been documenting flaws inherent in SS7, the signal protocol that allows 800+ telecomm service providers to work together efficiently. By taking control of a rogue telecomm company, attackers have been able to successfully reroute incoming messages and calls to a compromised device to monitor activity. SS7 has also been blamed for multiple other security incidents over the years, from device tracking to full internet usage and communication monitoring.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Apple Threatens to Remove Uber App

In recent weeks, Apple has threatened to remove Uber from its App Store after a New York Times article revealed the app was tracking iPhones, even after having been uninstalled. Uber’s response was that the tracking was implemented to identify fraudulent trips and ensure untrustworthy users were blocked from the service, though this type of monitoring is expressly forbidden by Apple. While the issue has only been spotted on iOS® devices so far, it’s possible that Android® devices are also being tracked.

List of IoT Medical Devices Grows, Along with the List of Threats

Many of us may remember hearing that internet-connected pacemakers were potentially susceptible to cyberattacks. Now, several imaging sensors, prosthetics, and other connected medical devices, which are either currently available or in production, don’t appear to have proper security precautions. In addition to the possibility that these devices could be accessed remotely, there’s also a chance they could be used to steal any personal medical data they record.

Chipotle Payment Processing Systems Compromised

In the last week, Chipotle’s CFO released a statement about unauthorized activity on their internal payment processing network. While it appears their security measures did stop the attack, the company is working with its payment processor to monitor customer accounts for any suspicious activity over the 3-week period in which the breach occurred.

Mole Ransomware Brings Two Forms of Encryption

As ransomware continues to evolve, the tactics to ensure a successful attack have improved right along with them. With the Mole variant, criminals use RC4 encryption and RSA for decryption, leaving victims with no way to decrypt their files or even tell them apart. The infection begins by executing a javascript file that pretends to be a Flash update, then changes all file extensions to .MOLE. It finishes by scrambling all of the filenames with hexadecimal values.

FalseGuide Android Malware Reaches 2 Million Victims

In a recent study, researchers discovered the prevalent Android malware FalseGuide has affected over 2 million individual devices. The malware proliferates by disguising itself as game guides for dozens of popular mobile games, and, after being installed, requests admin privileges to remove any options for the user to delete the app. After gaining admin access, the malware registers itself on a cloud messaging service to receive remote commands.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Neiman Marcus Breach Bigger than Initially Believed

Following the 2015 Neiman Marcus breach, the company only recently disclosed that the impact is far greater than originally believed. The latest findings come on the heels of a January attack that copied the original 2015 hack, during which the information for over 350,000 unique credit cards was compromised. The recent attack exposed an unknown quantity of user’s data, though it focused more on the company’s loyalty card program, InCircle.

Chinese Video Service Accounts for Sale on Dark Web

As the list of data breaches continues to grow, several prominent Chinese companies have seen massive breaches, reaching well into the hundreds of millions range as far as individual accounts affected. Recently, a database belonging to Chinese streaming service Youku was found for sale on the Dark Web for a paltry $300. The database contains the usernames and passwords for nearly 100 million users, most of which have already been decrypted or even found in multiple, previously leaked databases.

Ransomware-as-a-Service, Surprisingly Affordable

The newest trend taking the malware world by storm: cheap ransomware-as-a-service that comes with a user-friendly dashboard, so launching a ransomware campaign is now easier than ever. For the low, low price of $175, aspiring cybercriminals gain access to a fully customizable interface to monitor the infections from start to end. Fortunately for potential victims of this particular variant family, security researchers have been successful in creating decryption keys to remove the malware for free.

Indian Hackers Strike at Snapchat over CEO Comments

In another case of cybercriminals turned hacktivisits, attacks have been launched following a PR nightmare in which Snapchat’s CEO allegedly made comments that the Snapchat platform is meant for “rich people”, not for “poor countries” like India. The hackers claim to have stolen user data for over 1.7 million accounts, though Snapchat has yet to confirm that any leak actually occurred.

International Hotels Group Finds Malware in Payment Systems

Following an investigation that began in the second half of 2016, officials for the International Hotels Group have confirmed that multiple locations had suffered significant credit card breaches. Even more worrisome is that the latest breach was only discovered by the card providers monitoring suspicious activity on the accounts, which suggests that the IHG’s internal security measures aren’t up to snuff.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Microsoft Patches Critical Zero-day Vulnerability

On Tuesday of this week, Microsoft released a patch for a relatively unknown zero-day vulnerability that allowed attackers to distribute malware through malicious Word documents. Opening the infected document allows it to contact a remote server to begin downloading malware to a victim’s system via a script file embedded in the document. While the Microsoft patch does resolve the issue, we still encourage you to use caution when opening any documents attached to emails, even if they appear to be from a trusted sender.

Legit IRS Online Tool Used Illegitimately

In the past few months, investigators have been looking into some fraudulent activity that was occurring in their Data Retrieval Tool. By using the tool as intended, criminals were able to impersonate legitimate users to begin a tax return form and access that user’s data, thereby creating fraudulent returns. From the initial investigation, it appears nearly 100,000 different user accounts have been tied to this method of identity theft. The scam itself has cost the IRS over $30 million.

Sneaky CIA Malware Uses Pop Culture References

When the Wikileaks Vault 7 post revealed numerous spying tools from a CIA dump, many researchers began digging through the treasure trove of information. Researchers at Kaspersky Lab found several malware programs with code referencing Star Trek, Flash Gordon, and other recent pop culture icons. The malware in question has been linked to a long-standing malware campaign that hit multiple targets across Europe and Asia.

Ex-Employee Hacks Hotel System, Slashes Room Rates

Ever daydream about getting back at a bad boss? One NYC Marriott hotel found itself on the receiving end of a disgruntled ex-employee’s revenge. A few weeks after being fired from his job, Juan Rodriguez hacked into the hotel’s reservation systems and cut prices down by up to 95%, costing Marriott over $50,000 before the intrusion was discovered. Unfortunately for Juan, while he was smart enough to infiltrate their network, he forgot to mask his own IP, which led authorities straight to his apartment.

Patient Records Available Online

As prices for medications and health treatment continue to rise, a lot of people are looking for cheaper ways to obtain prescriptions and services. Unfortunately, this leads to increased risk, particularly in the case of elderly citizens on a fixed income. Recently, a researcher found a database with the medical and personal records for nearly 1 million senior citizens, freely available to the public. But the database in question didn’t belong to a healthcare facility. Instead, it was owned by a telemarketing firm who had gathered a large quantity of sensitive information on the promise of providing cheaper deals on medication.

When you meet Gary Hayslip, don’t let his calm demeanor fool you — underneath is a deep passion for and understanding of the “Internet of Everything” or IoE. To say his 25-year career in information security is impressive would be an understatement. From serving as Command Information Security Officer in the United States Navy to his more recent position as the City of San Diego CISO and deputy director, Gary has become attuned to the ever-evolving role of a CISO in organizations.

As I chatted with him across a boardroom table, I began to picture how IoE has the potential to create abundant opportunity and new risks. Imagine this: smart parking meters making your urban commute easier. Communications between your car’s GPS and parking meters in the vicinity help you find a vacant spot and pay the meter all from an app on your phone. Now imagine the adverse — a powerful DDoS attack using those same smart parking meters to send a flood of communications to an area internet service provider, overloading its network bandwidth, and debilitating internet service for its customers. It can be scary to think about.

According to the FBI, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices.” For the record, this is why more organizations need the Gary’s of the world.

I caught up with Gary at the Webroot World Headquarters in Broomfield, Colorado, to talk about his decision to join Webroot, his views on IoT, and more.

Webroot: What made you decide to join the Webroot team?

Gary Hayslip: I had been working in the IoT and cybersecurity space around smart cities and smart communities for a while when I came across Webroot. Seeing the Webroot FlowScape® capabilities coupled with how their product suite leverages the power of machine learning to predict and protect against threats in the connected world we live in had me sold. At the end of the day, a forward-leaning company that can offer Webroot’s level of protection to both consumers and partners intrigues me.

Webroot: As an InfoSec leader, what will be your main area of focus at Webroot?

GH: To me, cybersecurity is a business critical function. The Office of the CISO provides enterprise risk management through current state assessments and forecasting. Ultimately, our consistent question to solve is “how can we better support departments across the organization?” I think I’ll bring a unique point-of-view to that question considering I was recently a customer. Along those lines, my insight from the customer point of view will offer an advantage with product strategy to reduce the risk for customers.  As Webroot grows, I want to ensure the programs and strategies my teams create are flexible enough to grow alongside the company.

Webroot: What opportunity do you think Webroot can fill in the market?

GH: I see a significant amount of movement in getting IoT devices to market, but not a lot of readiness to make sure these devices can be scanned, monitored, or protected. FlowScape bridges the gap and allows you to see the devices communicating within your networks and gives context around what devices are doing. The Webroot product portfolio truly does protect users across devices, networks, and perimeters.  Delivering comprehensive security solutions that detect, defend, and provide analysis to businesses and individuals is our sweet spot.

Webroot: What difference do you want to make in your new role?

GH: The biggest thing for me is making a resilient program ever better. Cybersecurity is a life cycle and breaches are part of that life cycle. It’s never lost on me that threats are constantly emerging and evolving. It’s only fitting for a best-in-industry organization to meet the threats where they live with constant preparation.

In addition to sitting on numerous boards and being an active member of ISSA, ISACA, OWASP, and InfraGard, Gary holds the certifications of CISSP, CISA, and CRISC. Be sure to check out his book CISO Desk Reference Guide.

Raise your hand if you’ve ever received a call from a company, unsolicited, that got aggressive? Maybe the caller wouldn’t hang up or kept calling back. Maybe the caller asked for money or made a threat. Regardless, you were upset. But when you alerted the company of the bad deed, they gave you some line about phone “spoofing.” Your gut reaction might have been to call BS. But it’s not. Phone spoofing remains a thorn in the side of many consumers across America. According to an online survey conducted by Harris Poll for Truecaller, roughly 27 million Americans reported losing money to phone scams over the last 12 months, a 53 percent increase from 2014.

Phishing has evolved. Learn all the ways hackers are angling for your data with our 11 Types of Phishing eBook.

At Webroot, we’ve heard from our customers they’ve been targets of phone scammers and we want to help educate our community.

We encourage our customers to steer clear from doing business with any callers claiming to be

• tech support and requesting access to your computer to “fix a problem” and charge you;
• Webroot and trying to sell you a lifetime SecureAnywhere subscription

Webroot teammates DO NOT make unsolicited outbound calls to customers. If you have been a victim of such callers purporting to be Webroot, file a complaint with the FCC. The FCC collects data to track down and prosecute scammers. (Anyone who is illegally spoofing can face penalties of up to $10,000 for each violation.)

What is Phone Spoofing?

Phone spoofing is when a scammer makes another person’s or company’s phone number appear on the receiver’s caller ID in an attempt to impersonate that individual or organization. The end goal is to gain access to your personal information and/or get you to pay for a fake service.

How can I protect myself from phone spoofers?

As a consumer, you have rights and options.

• If a number repeatedly calls and doesn’t leave a message, block it.
• If you do pick up and it seems like a bogus call, hang up immediately. However, you may find yourself on the other end of a questionable conversation. In this case, place the caller on hold and call their incoming number. If someone picks up on the other end from the company, ask whether or not the person on hold is calling on their behalf. The key is not to share any personal information.
• Finally, educate your community. Help others in your life understand what phone spoofing is and how to protect themselves. You wouldn’t use a third party to call if you were stuck in Nigeria and needed a loan! Discuss scams you’ve received and how you handled with friends, so they are aware of the scenario and the appropriate actions to take. We’ve also provided resources to help you navigate keeping yourself safe..

How to stop phone spoofing

The government and telecom industry are working together to put a stop to spoofing. The Truth in Caller ID Act, passed in 2009, prohibits any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value. Also, the tech and telecom industries are working on solutions. Similar to our antivirus solutions for email and internet safety, there may soon be better anti-spoofing protections for voice.

Americans receive 15.8 spam calls (cell and/or landline) and 6.3 spam text messages in an average month. Until a complete solution is found, remain vigilant about protecting your personal information.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Ransomware Exploits Safari Bug

Apple fixed a flaw earlier this week that allowed scammers to exploit a pop-up redirecting porn viewers to a fake law enforcement page. Once there, further access was blocked, and a demand for an iTunes gift card as ransom was made. While many unsuspecting users fell victim to the scam, Apple was able to promptly issue a patch that resolved the vulnerability. Apple has also recommended that anyone affected by the scam should clear their browser cache, to remove any possibility of relaunching the malicious sites.

Microsoft’s Docs.com Sharing Documents Publicly

Researchers have discovered that a vast majority of the documents posted to Docs.com are fully searchable and indexed into several search engines. This wouldn’t be such an issue if the many users posting content to the site were aware of the public availability of the possibly-sensitive documents they had unwittingly sent through their organizations and out into the public domain. While Microsoft has since removed the search bar from the main site page, anything uploaded prior is still available through multiple search engines.

Hong Kong Voter Records Leaked

As the Hong Kong elections took place over the weekend, two laptops containing sensitive information for Hong Kong’s nearly 3.7 million voters were stolen from a backup location for the elections. While the data on the laptops was encrypted, it could only be a matter of time until it is broken and that data is exposed. If released, it would be the largest data breach to ever come out of Hong Kong.

Crusader Adware Replaces Tech Support Search Results

A new browser extension has been discovered that can modify a user’s search results, launch additional ads, and even display pop-ups for other scams. Usually installed with a bundle of other software, the extension known as Crusader is able to monitor all Internet traffic and rewrite tech support numbers to continue the cycle by having the victim contact yet another tech support scammer for “assistance.”

WoW Users Targeted with Phishing Attack

Many avid World of Warcraft players have received emails offering an in-game pet that was “gifted” to them by a fellow gamer. Unfortunately for the recipients, the link directing them towards the Battle.net site to claim their gift actually sent them to a phishing site set up to capture all of their login information. While the scam site is already blocked by Google’s Safe Browsing, users are still urged to proceed with caution, should they receive any suspicious emails.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Hackers Threaten to Lock 200M+ iCloud Accounts

Hackers are threatening to remotely lock down over 200 million iCloud accounts. Webroot Senior Threat Research Analyst, Tyler Moffitt told SC Media that this may be a bluff. We’ll wait and see on this one since all we have to go off of is the hackers’ word and a few screenshots. We’ll know more as the ransom deadline of April 7th approaches.

American Farmers are Hacking Their Tractors

This isn’t our usual data leak or ransomware attack, it’s black market tractor hacking. Farmers are taking things into their own hands in an effort to thwart manufacturer blocks on their farming equipment.  These blocks are an attempt to prevent farmers from going to cheaper, “unauthorized” repair shops to maintain their vehicles. Farmers are starting to hack their equipment with Ukrainian Firmware so they can fix their tractors when they need to and at an affordable price.

ISPs Now Allowed to Sell User Browsing History to Advertisers

It just wouldn’t be the Cyber News Rundown without a new government data leak or citizen privacy battle. The US Senate has voted to eliminate broadband privacy rules that require ISPs to obtain customer consent before selling any sensitive information with advertisers. The vote was split equally down the party lines, and now only a House vote or Presidential veto could stop the roll-back of the privacy rules. The data in question is extremely valuable as major corporations could use it to pattern out an individual’s entire day, based on their Internet usage, purchases made, and places visited.

UK Mobile Data Breach Leaves Customers Stunned

Customers at Three UK found a surprise when signing into their accounts, a breach of privacy where they’d see a stranger’s personal information and call history. The cause of the breach hasn’t been announced but this is their second data exposure within a few months. Although the Three UK breach only affected a small percentage of their 9 million customers, I’m guessing back-to-back data leaks are not helping their retention rates.

McDonald’s Delivery App Vulnerabilities

The McDonald’s India-exclusive app service, McDelivery, is currently under fire for an API leak that has exposed millions of users. The vulnerability was originally reported to McDonald’s in early February and is still unpatched. While reporting these types of breaches isn’t mandatory in India, you’d think the sheer number of users who could be negatively impacted would motivate McDonald’s to release an update. I guess I wouldn’t mind people knowing how often I order off the dollar menu either — but having access to my phone number and address is another story.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

USAF Leaks Highly Sensitive Data

Our government is back at it again. Researchers discovered the exposure of an unsecured backup drive containing names, addresses, ranks, and Social Security numbers of over 4,000 United States Air Force officers and top security clearance information of other high-ranking officials. Personal records for several celebrities who had undergone security clearance checks prior to visiting foreign military bases were also exposed. It sounds like this breach could prove to be disastrous if the information gets into the hands of enemies to the United States.

Ohio County Facing Massive Ransom

In recent weeks, Ohio County officials have been recovering from a cyber-attack that forced the county to shut down over 1,000 computers to prevent the infection from spreading. The ransom for the return of their files was 28 bitcoins, roughly $35,000 at the time of writing, which the county correctly chose to ignore and instead restored their systems from backups. While the whole process cost the county nearly $50,000, the situation could have been worse if they paid and received nothing in return for paying the ransom.

Instagram Credentials at Risk

Researchers discovered 13 seemingly harmless apps on the Google Play Store that function as data collectors for your personal information. The apps themselves claim to increase your Instagram follower numbers by simply having users log into their accounts, only to be greeted with an error message. Fortunately, Google has already been made aware of the Turkish-based apps and has removed them.

PetrWrap Circumvents Ransomware Authors’ Cut of Ransom

As ransomware continues to evolve, some malware authors have begun acting against their peers, who wish to piggyback off the creations. By exploiting a bug found in the Petya ransomware variant, a new collection of cybercriminals have created a workaround to insert their own encryption keys over the Petya authors’ and collect the ransom themselves. This workaround comes months after Petya creators implemented methods to stop this very exploitation of their software.

New Updates on Phishing Tactics

People have been on the watch for tax-related phishing scams, as they appear around this time every year. The latest trend, however, appears to be PDF files that do not contain malicious code and use social engineering to direct victims towards compromised websites to input sensitive information. Additionally, there has been a recent influx of phishing attacks due to fake friend requests through email, as users are exceedingly likely to click on these types of links and attempt to “log in” to view the request.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Microsoft Services Go Offline

Was I the only one who wasn’t able to access my Xbox Live account earlier this week? Once again, Microsoft services were rendered inaccessible to users due to an issue with their authentication servers. The service interruption affected Outlook, Skype, and even Xbox Live not recognizing correct credentials, as we would attempt to log into the services. Fortunately for us, most services were promptly restored to working order and we were able to game-on.

Satan Ransomware Offers New Service

We all know that ransomware isn’t a new topic (nor one that is going by the wayside), but as new variants are created, the attacks are becoming more sophisticated. With the Satan variant, malicious actors are employing new tactics. I was surprised to learn that the latest evolution introduced a service signup sheet to begin running your own ransomware campaign. Scary, right? Now we have entrepreneur malware authors refining their skills and creating ransomware. The malware authors providing this service gain revenue by taking 30% of the earnings from everyone that uses the tool to distribute ransomware.

Anonymous Decreases Dark Web Activity by 20%

Did you think Anonymous was on vacation? Well, they’re rested and back to playing Robin Hood. Anonymous took down over 11,000 Dark Web sites and the majority of sites in question were distributors of child pornography or offered access to illicit drugs. Their targets were also responsible for the leak of over 380,000 user records.

Smart Utility Readers Failing to Read Anything

Our society is becoming more connected and ‘smart’ every day but sometimes things go wrong.  Over the last four months, EDF customers were paying next to nothing for their energy bills. As it turns out, the smart meters weren’t so smart and were failing to report energy usage data. Customers will receive updated bills as they’re charged for the energy usage that failed to send.

WikiLeaks Releases Immense CIA Data Vault

Don’t you love hearing about new ways our government is spying on us? If so, you’ll love what’s next. WikiLeaks has released an enormous trove of information regarding tools and methods used by the CIA to spy on us through our devices (again). By copying tactics used by large-scale malware samples, the CIA has created various tools to bypass secure messaging encryption or even turn IoT devices into spies! Creepy, right? And thanks to the selfie, we have two cameras that they can use.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Boeing Informs Workers of Data Breach

Am I surprised there’s another data breach in the news this week? Not at all, and you won’t be either after reading on. However, I am surprised to hear it happened with Boeing. It reported that one of their employees sent sensitive data outside of the company’s network. I have so many questions. “Do they have a security training program for employees?” “Was this an accident?” But before I offer up more of my thoughts, read DefenseNews’ account of the incident and let me know yours.

Russian Hacker Offers Access to University Databases

And the trends keep coming. Did you read the Daily Bruin’s article on a Russian-speaking hacker selling unauthorized access to databases for more than 60 universities and government agencies in the US and United Kingdom? I’m not pointing a finger at anyone, but I mean, another alleged Russian involved attack?! The takeaway for most is simple–SQLi attacks are definitely preventable. Organizations should take the extra effort and be more vigilant (read: do the research) when choosing pre-packaged software bundles.

Toy Maker Ignores Warning of Security Flaw

Instead of droning on about yet another data breach, I’m going to let you hear reactions from a few security experts on this one. But before taking you there, I’m have to ask, “Who hacks children toys?” (Rhetorical!) If you want to read more on the breach itself, feel free. Who am I to deprive you of the details?

Robots across Industries Share Vulnerabilities

I, for one, am glad the security of robotics is becoming more of a concern. We live in 2017 and should act accordingly when it comes to security in a connected world. Many devices lack user authorization, have default passwords that are unchangeable or left as the default, or are using insecure communication methods, all of which leave these machines vulnerable to an outside attack.

Amazon Web Services Go Offline

You all noticed the pretty big internet outage this week, right? If not, you’re either living under a rock or just arrived on planet earth. There’s no way you missed so many sites having issues. Not to mention, the social webs were buzzing. The outage was due to a problem that originated from an Amazon data center in Virginia. I think it’s safe to say interested parties were glad to hear Amazon officials state the issue has since been resolved. Amazon is likely to publish a full report on the cause and resolution to the issue in the coming days.