Amazon is releasing their Sidewalk network feature that creates a local network among neighbors with Amazon products like the Echo devices and Ring security cameras. Such a network could enable a host of new capabilities but might also introduce new cyber risks to participants. Connecting to other networks can expose your personal devices and data. As this is a new service, the cybersecurity industry has not yet tested its security.

Amazon is sending notices to customers and indicating this will be TURNED ON BY DEFAULT! That is concerning. The recommendation is to make such a service Opt-In and let customers decide if and when they want to participate.

For now, the recommendation is to DISABLE Amazon Sidewalk for now, until the security and privacy aspects are better understood.


Image for post
Image for post

Looking forward to speaking with Anand Oswal, SVP & GM at Palo Alto Networks, in a fireside chat at the ASEI 2020 virtual convention! We will be discussing cybersecurity threats and opportunities for Engineers!

Dec 5th-6th 10am Pacific. Come join the discussion.

http://www.aseiusa.org/NC


The Need to Secure Data in Modern Computing

Image for post
Image for post

We are surrounded! Smart devices are everywhere and being integrated into all facets of our lives, from toothbrushes to automobiles. Entire cities are becoming ‘smart’, as are factories, governments, global retail, freight logistics, and all national critical infrastructure sectors. As individuals, we are becoming hubs for multiple connected devices in our homes and on our persons. Phones, watches, health monitors, medical devices, and clothing manufactures have joined in to develop connected apparel and accessories. Cameras, doorbells, appliances, televisions, thermostats, voice assistants, and light fixtures are just the beginning of the digitalization of our homes. …


Another vulnerability and exploit named VoltPillager has been published for Intel Corporation’s SGX security technology. The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to the chip was manipulated to undermine SGX enclave protections. PlunderVolt was able to recover secret information like encryption keys from Intel’s hardened security SGX vault, but a patch has been released to close the risks. However, VoltPillager bypasses that patch by directly manipulating voltage on the hardware itself.

The hardware to accomplish this feat is very inexpensive, coming in at around $36. …


Image for post
Image for post

A hack is executed every 39 seconds and impacts one in three Americans every year.

Join us in the discussion on Future of Offensive Attack Simulation: Strategies, Tools & Techniques with Bikash Barai and Matthew Rosenquist

Click Here to Join the CISO Platform Fireside Chat: https://register.gotowebinar.com/register/3356142006680293903


Image for post
Image for post

Criminals are offering stalking services, through the use of Moscow’s camera system, to identify and track people for $200. Customers provide a picture and the criminals will return a report of where that person has been, where they frequent, and more. Apparently, the data is being gleaned from the police facial recognition camera system, that includes over 100,000 cameras positioned to watch the city.

It is a disturbing example how mass surveillance, coupled with biometrics, can be hijacked and misused. Tech is a tool. Even tech that is created to serve and protect, can be twisted to abuse and enslave.

All technology comes with risks. It is far better to address and manage those risks proactively so the benefits can be realized without suffering blatant abuses. …


The small country of New Zealand is showing great privacy leadership by releasing a tool to help businesses determine if a cybersecurity incident is considered a Data Breach.


I may offend some people, so for those who don’t want to hear my rant, skip this video.

Recent cybersecurity predictions aren’t just wrong, they are dangerous

I am disappointed in the recent comments that Michelle Zatlyn, the co-founder and COO of Cloudflare, made regarding the future of cybersecurity.

She stated Cybersecurity would be “a thing of the past the next decade” and that instead it will work like a water filtration system.

She is wrong. Dead wrong.


A website tied to an event that quizzed people on their hacking knowledge, launched by major a security consultancy firm, is itself vulnerable to being hacked.

This incident showcases a number of important lessons for every organization that wants to avoid such embarrassment.

If you like these updates, click the Like button and be sure to subscribe to the Cybersecurity Insights channel for more rants, news, and perspectives.


Bad news for cryptocurrency criminals!

Cryptocurrency watchers were stunned when they recently saw a billion dollars of Bitcoin being moved from a very old account that has been inactive for years.

The mystery was solved as the U.S. Dept of Justice unsealed court filings related to the Ross Ulbricht 2015 Silk Road case.

This is momentous! Such a seizure puts most others to shame and it will likely drive some changes in law enforcement.

In today’s video, I discuss how this case will change enforcement and criminal practices moving forward.

Subscribe to the Cybersecurity Insights YouTube channel for more perspectives, rants, and news.

About

Matthew.Rosenquist

Cybersecurity Strategist and CISO specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store