Month: September 2017

“Turns out that all the major voice assistants — Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa — listen at audio frequencies the human ear can’t hear. Hackers can hijack those systems with inaudible commands that their owners can’t hear.” reports Bruce Schneier

CNET’s Alfred Ng & Steven Musil, Brian Krebs and CNBC are all reporting that Equifax has had a data breach and 143 million records, almost half the US population, are exposed.

Schneier on Security is reporting that AT&T Uverse routers made by Arris have multiple vulnerabilities.

https://www.schneier.com/blog/archives/2017/09/security_vulner_9.html

CNET is reporting electrical power grids around the world have been infiltrated by hackers.

Read Alfred Ng’s captivating story.

https://www.cnet.com/news/hackers-access-to-hundreds-of-global-electric-systems-dragonfly-cyberattack/#ftag=CAD590a51e

Gizmodo is reporting that “thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year.”

“The files have been traced back to TigerSwan, a North Carolina-based private security firm. But in a statement on Saturday, TigerSwan implicated TalentPen, a third-party vendor apparently used by the firm to process new job applicants.”

This points to the need for strong third party vendor management. How is your vendor risk assessment program, and do your need a review to ensure compliance?

http://www.stumbleupon.com/su/1eIONR/:1+6vAnVj:5VHr_L2N/gizmodo.com/thousands-of-job-applicants-citing-top-secret-us-govern-1798733354