Cyber-Security-in-120-Secs-WikiLeaks-VS-CIA-R1.pngThis week made everyone have a double-take with the latest release of WikiLeaks dubbed, "Year Zero", a leak of potential vulnerabilities of IoT devices such as, SmartTVs and Smartphones, the U.S. intelligence agencies are potentially leveraging;  Verifone is investigating the extent of a PoS breach; the news of the WikiLeaks may be an excelerator for signing the Cyber Security Executive Order which is currently in draft form.

 

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

 

 

 


Data Breaches

  1. WikiLeaks released a trove of documents containing vulnerabilities AKA Vault 7 potentially used by U.S. intelligence agencies to spy via smartphones, computers and SmartTV's

 

Why is this significant?

  • If these WikiLeaks are indeed legitimate, it details how U.S. intelligence agencies are discovering and exploiting vulnerabilities to gain intelligence on nation states. 
  • U.S. intelligence agencies are not confirming the accuracy of the leaked documents, although there is talk about how these vulnerabilities are old and already patched.
  • What the info proves is that IoT devices such as SmartTVs are hackable. They will be hacked and SmartTV manufacturers need to start paying attention to their security. The scare of surveillance – and just a single case of such an incident - will drive consumers to immediately replace their current SmartTV manufacturer, leading to a hefty financial impact.

 

Read the full story in Fortune

 

  1. Verifone is investigating the extent of a data breach

 

Why is this significant?

  • Verifone, Inc. is an international producer and designer of electronic payment solutions.”    Verifonesupports PoS services for many industries worldwide:  Large Enterprise Retail, SMB Retail, Petroleum & Convenience, Restaurant & Hospitality, Retail Banking, Healthcare, Transportation, Taxi, Acquirers.
  • In January 2017, Verifone sent out an internal urgent email message to employees;  it is believed that this is when the breach was discovered.  There is not a defined timeline, but there are suspicions that the hack took place ½ year prior to being discovered.
  • This Verifone breach is being compared to the Oracle MICROS breach that infected hundreds of thousands of retailers and hospitality firms believed to stem from a Russian source.

 

Read the full story in KrebsOnSecurity

 

Cyber Security Legislation

The cybersecurity executive order is still in the works.

 

Why is this significant?

  • The recent WikiLeaks could be a determining factor for President Trump to change gears, shifting toward the signing of the Cyber Security Executive Order.
  • “The draft executive orderalso would require federal agencies to adopt the National Institute of Standards and Technology cybersecurity framework as well as encourage agencies to employ shared IT services, including those for emailcloud computing and cybersecurity. In addition, the draft proposes modernizing the government's information technology and IT architecture.”
  • Due to the amount of vulnerabilities and the ever changing threat landscape. Can we assume that a U.S. Cybersecurity Executive Order change the current malicious madhouse of continuous cyber threats and attacks? 

**//Did you read the 2017 Security Prediction on Legislation?//**

 

Read the full story in Bank InfoSecurity