The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published “Policy Principles for Building a Secure and Trustworthy Internet of Things.” They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and … Read More “IoT Security Principles” »
Category: Security technology
Auto Added by WPeMatico
There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, … Read More “ThiefQuest Ransomware for the Mac” »
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat’s phones are essentially modified Android devices, with some models using the “BQ Aquaris X2,” an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which … Read More “Hacked by Police” »
For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that’s a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that’s all profitable. Inefficiency, on the other hand, is waste. Extra inventory is … Read More “The Security Value of Inefficiency” »
Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »
Google has removed 25 Android apps from its store because they steal Facebook credentials: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to … Read More “Android Apps Stealing Facebook Credentials” »
iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads … Read More “iPhone Apps Stealing Clipboard Data” »
Interesting article on the rise of the jumbo squid industry as a result of climate change. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »