October 2020: Cybersecurity Roundup

October 2020 Roundup

October 2020: Cybersecurity Roundup

This past month in cybersecurity:

  1. October is Cybersecurity Awareness Month
  2. T2 security chip on Macs can be hacked
  3. ‘Security of your vote has never been higher’
  4. CLEAR, expedited security, expanding to a holistic identity verification platform
  5. Data breach at Barnes & Noble

October is Cybersecurity Awareness Month

This October marked the 17th annual cybersecurity awareness month. Cybersecurity awareness month is led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA). It is a collaborative effort between government and industry to ensure Americans have the resources they need to stay safe online.

The theme of the 2020 cybersecurity month was “Do Your Part. #BeCyberSmart.” Each week had a different goal, namely:

  • Week 1: If You Connect It, Protect It
  • Week 2: Securing Devices at Home and Work
  • Week 3: Securing Internet-Connected Devices in Healthcare
  • Week 4: The Future of Connected Devices

If you haven’t already, now is an excellent time to run through some of these short publications on keeping yourself secure (https://www.cisa.gov/publication/national-cybersecurity-awareness-month-publications):

Read More

T2 security chip on Macs can be hacked

Security researchers claim that it is possible to gain full root access and kernel execution privileges on macOS computers in models containing the T2 security chip made between 2018-2020. Since the vulnerable code is stored in read-only memory, it is not possible for Apple to patch this vulnerability. While this is clearly bad, physical access to the computer is required to exploit the vulnerability, which reduces the impact of this issue. Also, if you are using FileVault2 for disk encryption, an attacker would need physical access twice to get the contents of your disk (once to plant a keylogger and another time to decrypt and copy the contents).

The exploit involves using two exploits used to jailbreak iPhones. It is exploited via USB, so never connect anything to your Mac unless you trust the person or organization providing it.

While the risk to ordinary Mac users is low, you may have a higher chance of being targeted if you are a senior company executive or diplomat. Most people expect this issue to be resolved with the next Mac release later this year since it will use a different chip.

Read More

‘Security of you vote has never been higher’

There has been a considerable buzz surrounding voting security in the 2020 general election. A large portion of this stir can be attributed to misinformation and foreign interference.

Foreign counties, such as Russia that want to meddle in US elections, are attempting to attack both the election infrastructure itself and voters’ minds. Because meddling with the actual election infrastructure (like ballot counts) is very difficult, malign foreign countries are using “easier” methods to change American minds. This is accomplished by sowing seeds of doubt and worry via social media and attacking unrelated (but seemingly related) targets such as the takeover of Trump’s website. These issues do not impact the election infrastructure but make individuals worry over the security of the election.

The FBI and NSA are confident in the current voting process, and FBI Director Christopher Wray remarked that “you should be confident that your vote counts.”

Read More

CLEAR, expedited security, expanding to a holistic identity verification platform

If you’ve ever been at the security checkpoint in the airport and stared in disgust as someone skips the entire line and cuts in front of you, then you have probably seen CLEAR at work.

CLEAR is an expedited security service that allows members to skip long lines by verifying their biometrics (such as your eyes and face). CLEAR has now branched out to develop a holistic identity verification platform, mostly driven by the fact that lines are less of an issue at the airport with covid in full swing.

According to a CLEAR representative, “CLEAR plans to be the company that verifies your identity every time you would have swiped a credit card, shown your ID at a door, or handed over a health insurance card.”

Read More

Data breach at Barnes & Noble

Barnes & Noble suffered a data breach, which it became aware of on October 10. The data breach revealed customers’ email addresses and transaction history. According to the incident report, customer’s financial data, such as payment card information, was not exposed.

Data breaches seem to have become a part of our Halloween tradition. Three years ago, we dressed up as the “Equifax Data Breach” where I (dressed as “Security”) and my wife (dressed as “Equifax”) handed out (fake) social security numbers and other PII while I stood distracted without interfering.

Equifax Halloween Costume

It looks like we will be dressing as Barnes & Noble this year.

Read More

That’s All Folks

Thanks for reading! We’ll be back next month with a quick roundup of topics we found interesting.

Did we miss a super important story? Let us know! We’ll do better next time.

RPi Network Vulnerability Scanner September 2020: Cybersecurity Roundup
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now