Week of October 20th, 2023
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Have You Heard? Hackers Are Using Bluetooth to Track Police Activity; Here’s How
Recently, there has been an uptick in threat actors tracking police activity via Bluetooth. But how are they doing this, and what information are they gleaning??
Let’s start from the top: all Bluetooth devices have a unique 64-bit identifier called a MAC address. Frequently, a portion of that address is composed of an Organizational Unique Identifier (OUI), a way for a device to state who it was made by. The concern this poses is that modern police kits are rife with Bluetooth-enabled tech–everything from Tasers to in-vehicle laptops, to body cameras and gun holsters–all tout some form of Bluetooth…and, as such, all of these tools can now be tracked and analyzed by hackers.
As such, threat actors can potentially gain access to historical data surrounding responded-to calls to police, when and what body cams were recording, areas that certain police frequent, Taser activation, and much more. This can not only put police in potential danger, but also help hackers more effectively avoid police in the wake of a crime being committed.
Moreover, this begs the question: are everyday people being tracked via Bluetooth as well? The answer is yes.? “In older devices, with earlier versions of Bluetooth, someone sniffing the Bluetooth signal could often eavesdrop on whatever information was being sent or received,” Roger Grimes of KnowBe4 told TechNewsWorld in a recent interview. “These days, with newer versions of Bluetooth, more information is encrypted by default and less prone to eavesdropping… but in general, someone sniffing a Bluetooth connection is going to learn the MAC address, can look up the vendor associated with that MAC address, and know if the Bluetooth device is active and transmitting information.”
To mitigate this, it’s recommended to maintain good cyber hygiene and update your organization’s Security Awareness Training as technology continues to develop.
Equifax Update: $13.4M Fine for 2017 Data Breach
It’s official: this Tuesday, credit bureau company Equifax has been fined US$13.4 million by The Financial Conduct Authority (FCA), a UK financial watchdog, following the credit bureau company’s involvement in what has been deemed one of the largest data breaches in history.?
The breach in question took place in 2017; Equifax’s US-based parent company, Equifax Inc., was impacted by a colossal attack that left the personal data of approximately 147.9 million US and UK customers accessed by threat actors. The data included, but was not limited to, membership login details, dates of birth, credit card details, addresses, and customer names.
领英推荐
This wasn’t the first cybersecurity-related fine to be leveled against Equifax: in 2018, the company was fined $60,727 by the British Information Commissioner’s Office (ICO) in response to the breach. During this most recent fine, Equifax came out to state that the FCA had their full cooperation during their investigation into the breach–and, in turn, that this most recent fine had been reduced due to their cooperation.
SecTor is Just Days Away–Here’s What to Know
Regardless of whether you’re attending this year’s SecTor 2023 event in Toronto, the takeaways from it promise to be endless. Marking its 17th year, SecTor–hosted by Black Hat – brings together IT security professionals, managers, and executives to enhance their cybersecurity knowledge and network with some of the industry’s best and brightest.
On top of their usual learning and networking opportunities, SecTor is unveiling two new offerings for the event: their Arsenal Lab and their penetration testing certification exam. Held over the course of two days (October 25th and 26th) in the Business Hall, SecTor’s Arsenal Lab has invited renowned researchers from the open-source sector to display open-source tools, processes, and techniques in an interactive and hands-on showcase. Security professionals of all skill levels are invited to learn from these otherwise difficult-to-access specializations.
Then there’s the BCPen exam: between the 23rd and the 24th, the full-day intermediate Black Hat Certified Pentester (BCPen) exam is open to registered pentesters, red and blue team professionals, SOC analysts, and more. Conducted 100% virtually, this new exam promises to cover a wide range of methodologies in order to deepen professional knowledge.
This year, Packetlabs is thrilled to be both sponsoring and attending SecTor . Don’t miss out on visiting us at booth S624 to discover our unmatched approach to penetration testing, how cybersecurity improves your bottom line, and how it’s designed to secure you against even the most stealthy of cyber threats.
Who you’ll get to meet:
Be sure to stop by at our booth to become eligible for our SecTor-only pricing, which can be applied to select services.