The Security box, podcast 29: messaging applications, cloud security, news, notes and more

Hello folks, welcome to the security box, podcast 29. While the show notes has the topics on hand, the show notes on the rss did not cover any of the news notes items.

Don’t want RSS? No problem! Here is the download of the program (147.07mb) for you to have.

Now, without further ado, let’s get those show notes out for you.


Welcome to the security box, podcast 29. On this episode of the podcast, what seems to be the problem with messaging applications such as Whatsapp, Signal and others when it comes to their security? What do you think of for cloud security for 2021 as the pandemic continues? We’ll have news, notes, questions, comments and more including bits from Sans News bites, Trend Micro and more.

Topics

  • Security Now episode 802 was released and broadcasted the week of January 19, 2020. On this podcast, are we really concerned about what application we choose to use to message? Steve says that it doesn’t honestly matter, as metadata isn’t all that big of a deal. Who really cares if phone numbers, time of messages, and even how long audio messages may be? There are apps discussed for more private communication, but metadata doesn’t cover the content of the message itself. From Steve’s introduction taken from his security now page he writes in part:

    Then we wrap up by looking at various aspects
    of the frenzy caused by WhatsApp’s quite predictable move to incorporate its users’ conversation metadata into Facebook’s monetization ecosystem.

    This segment lasts roughly 20 minutes as I play the segment for all to hear. What do you think about this?

  • What about cloud security for 2021? The Top Worry In Cloud Security for 2021 is the Trend Micro article, and I found a video on their youtube page that seems to voice the article. We’ll play this video and we’ll discuss. Cloud Dynamics: Top Cloud Security Challenges for 2021 is the video. Your thoughts are welcome.

News notes and more

  • Cyberwire Daily for Friday, January 21st is talking about an android app called “daily food diary.” Apparently, this app doesn’t just care what you’re eating as you are to take pictures of what you’re eating, but it wants contact permissions, phone call permissions, foreground permissions, runs in the background, exfiltrates data, and more. Check out thecyberwire.com web site for more and for a link to the episode. “I can’t believe I ate all of those fries the other day” should probably not be written in this app, but using another application.
  • The Cyberwire Daily reports that Malwarebytes, a company talked quite a bit on Andy and Josh’s tech talk and Music show, recently gotten bit by the actors that may have been responsible for the Solar Winds breach. According to Cyberwire, the actors may have gotten to some of Malwarebyte’s email access through Microsoft365. Malwarebytes does not use Solar Wind products, the podcast states. UNC2451 is the name given according to the podcast, and it seems to be a name of a particular group. This link is the link to the notations for the podcast in which I’m writing about.
  • There’s always plenty in the news notes sections of Trend Micro. Some may include articles on APT attacks, an article on malwarebytes and their compromise by the supposed solar winds folks, VPN filter and how it is still being used as routers are still compromised, a phishing scam that lead thousands of passwords searchable through Google, a bug in Signal and other apps allowed attackers to listen in to calls, CISA warning about hackers using phishing to get at cloud services and more. If there is something that is of interest to you, I’ve got this week’s news, news ending January 22, 2020. Here’s the link to the article for you to peruse.
  • In a very interesting turn of events, we learn that someone who was to be released on Covid concerns will not be released. On the 22nd, I read an article that indicates that a hacker must stay behind bars, even though a judge said that he would be released due to Covid concerns within the place he was staying. He also was charged with new charges. The hacker in question stole personal data on 1300 U.S. Military government employees and giving it to an Islamic State hacker. The person’s name is Ardit according to the article. The new charges, according to the article stem from activity he has done behind bars. There’s more to the article, read it as it is entitled: New Charges Derail COVID Release for Hacker Who Aided ISIS. This article was written by Brian Krebs. I found this interesting. Another article on the same story is: After judge orders release of hacker tied to ISIS, US says ‘Not so fast’ which was written by Cyberscoop’s Jeff Stone.
  • A Health insurer, Excellus, penalized $5.1M by HHS for data breach. According to the article, The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA) which has a good start in protecting our data, but I’m sure it isn’t enforced. We’ve had too many breaches in the health care industry, and its time to send a message to health care that our data is important. Health insurer Excellus penalized $5.1M by HHS for data breach is the article, and I think it should definitely be read.
  • Rob Joyce is now the new NSA cybersecurity director, according to an article written by Cyberscoop’s Shannon Vavra. He replaces Anne Neuberger as director of the agency’s cybersecurity directorate. Anne will be joining the Biden team according to the article. For full details and links to other items, why not check out the article Rob Joyce named new NSA cybersecurity director for full details?

Thanks so much for checking out the program, and I welcome your questions, comments and concerns! Lets talk.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.