Why phone scams are so difficult to tackle – BBC News
Why phone scams are so difficult to tackle BBC News
Why phone scams are so difficult to tackle BBC News
Have I Been Pwned founder’s keynote offered a sobering counterpoint to the well-meaning ‘World Password Day’
Imagine a parent’s terror when the geolocation of their child’s smart watch suddenly switches from tennis practice to the middle of the ocean.
This was precisely the scenario simulated by Ken Munro of UK infosec firm Pen Test Partners via exploitation of an insecure direct object reference (IDOR) vulnerability in an IoT device, and with help from Troy Hunt, creator of data breach record index Have I Been Pwned, and his daughter.
This was one of many eye-opening tales of shoddy security behind the “endless flow of data” into Have I Been Pwned recounted today (May 6) during Hunt’s keynote address at the all-virtual Black Hat Asia 2021.
Another API flaw in the TicTocTrack kids watch meant Munro’s colleague, Vangelis Stykas, successfully initiated a voice call through the device with zero interaction required from the wearer.
Logged into his own account, Munro also compromised other ‘family’ accounts by simply changing an identifier parameter. A subsequent security patch created an even more egregious regression bug.
Hunt also cited a purely physical intrusion that nevertheless “perfectly illustrates” his digital insecurity theme.
Having notified the vendor that he had dismantled their $47.99 biometric lock, a popular YouTube lock-picker was told the contraption was “invincible to people who do not have a screwdriver”.
During his keynote, Hunt noted that even supposedly security-conscious organizations are “making it very difficult for people to make good security decisions”.
The infosec pro cited a ‘phishy’ email he received from Australia’s ANZ Bank featuring a suspicious, HTTP URL that redirected to another suspicious URL: ‘c00.adobe.com’.
The email turned out to be a genuine ANZ communication.
“Over and over again”, lamented Hunt, we see “legitimate organizations sending legitimate communications that are indistinguishable from phishing attacks”.
Australian infosec pro Troy Hunt delivered the Black Hat Asia 2021 keynote
Founded in 2013, Have…
DUBLIN, Jan. 20, 2021 /PRNewswire/ — The “Digital Security Control – Global Market Outlook (2019-2027)” report has been added to ResearchAndMarkets.com’s offering.
Global Digital Security Control market accounted for $13.15 billion in 2019 and is expected to reach $40.22 billion by 2027 growing at a CAGR of 15.0% during the forecast period.
High-level safety attains by biometric technologies and extensive growth of information security is the major factors propelling the market growth. However, they require for high-priced and difficult tools are hampering the market growth.
Digital security control essentially deals with the protection and safety of an individual’s digital identification and other types of interactions that are being carried out in the world of digitalization. It is the network or a type of Internet equivalent of individual physical identity. Digital security comprises dissimilar tools which are being used to safe the physical identity of the subscriber, assets, and the technology in the mobile and online world.
Based on the hardware, the smart card segment is going to have a lucrative growth during the forecast period due to its heavy existence in the online payment segment which proposes superior security by limiting the security risk.
By geography, North America is going to have a lucrative growth during the forecast period due to the increasing demand for digital security systems in the telecommunication and internet security industry in this region. Increasing demand in commercial, industrial, transportation, and mobile security industries would provide the market growth in this region.
Some of the key players profiled in the Digital Security Control Market include 3M, Fireeye, Inc, Gemalto NV, HID Global (Actividentity, Inc.), Morpho S.A.S (Safran), NEC Corporation, Oberthur Technologies, RSA Security LLC, Safenet, Inc, and Vasco Data Security International, Inc.
What the report offers:
2 Recent Alleged Episodes of Chinese Espionage Raise Worrying – and Difficult – Questions The Diplomat
“china espionage” – read more