CSS News Round-Up: Security Video Surveillance Systems Vulnerable to Access Due to IoT Bug
News Round-Up – Get a Quick Rundown of What You Need to Know
The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.
Security Video Surveillance Systems Vulnerable to Access Due to IoT Bug
A Gaurdzilla Video Security System was found to contain a bug that allowed any user to see everyone else’s surveillance footage that they had saved, according to Dark Reading. The bug was apparently created by an incorrect design and use of Amazon S3 credentials related to the firmware of the camera itself. Researchers that discovered the issue have attempted to contact the company, but they had not replied. In the meantime, Dark Reading says, researchers recommend that users turn off cloud storage settings in their devices.
HHS Releases Healthcare Cybersecurity Policies
After two years put into creating the document, the Department of Health and Human Services (HHS) has published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients, according to Info Security Magazine. The goal of this publication is to lessen cybersecurity risks that are faced by health care clinics, hospitals, and other organizations of all sizes in a cost-effective manner. The document serves as guidelines that may be followed voluntarily and are “actionable, practical, and relevant to a range of health care stakeholders”, Info Security states.
U.S. Payments Forum Takes on Challenge of Payment Security
As attackers continue to go after payment card data, says Bank Info Security, the U.S. Payments Forum has begun to detail plans for tackling this form of fraud, including both online and offline scenarios. Included in these plans for the new year are establishing a connection amongst stakeholders involved in payment card fraud, allowing each of them an opportunity to participate in the discussion of the issue. The forum also plans to increase education around payment card security, says the article.
Cyber Landscape Predictions as Critical Infrastructure Attacks Increase
As attacks on manufacturing, transportation, and energy systems increase, cyber attackers are gaining even more power to commit attacks that result in dangerous physical implications. Security Week released predictions for the upcoming year related to these forms of cyberattacks. The first of these predictions points out the possibility of an attack on the US power grid, resulting in a loss of power nationwide. Additionally, the article discusses the risk of criminals continuing to attack ports and other important components of the supply chain, as well as attacks targeting larger events such as sporting events that take place in stadiums through use of ransomware or other methods.