News
02 Feb 2018

The Friday Tech Takeaway - 02.02.18

DIGITAL SOCIETY

Yup, more industrial control systems for kids to hack

The number of industrial control systems (ICS) connected to the internet has increased year on year – meaning more and more infrastructure is sitting on the 'net potentially open to attack. Of the 175,632 internet-accessible ICS equipment detected, approximately 42 per cent were in the US, marking a 10 per cent increase over the previous year (from 50,795 to 64,287). In Germany, which ranks second, researchers found ICS gear behind 13,242 public-accessible IP addresses, up from 12,542 in 2016. The UK ranks sixth. https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ICS-Security-2017-eng.pdf

Heat map released by fitness tracker reveals location of secret military bases

Over the weekend, the popular fitness tracking app Strava proudly published a "2017 heat map" showing activities from its users around the world, but unfortunately, the map revealed what it shouldn't—locations of the United States military bases worldwide. https://medium.com/strava-engineering/the-global-heatmap-now-6x-hotter-23fc01d301de

Six tips for building a data privacy culture

Given the expanding threat landscape, security professionals may think that the public at large doesn't have a good grip on what counts as sensitive information. But MediaPro's 2018 Eye On Privacy Report shows that the industry has made some progress. https://www.darkreading.com/operations/6-tips-for-building-a-data-privacy-culture-/d/d-id/1330914?image_number=2

SECURITY

(Unpatched) Adobe Flash Player Zero-Day Exploit spotted in the wild

South Korea's Computer Emergency Response Team (KR-CERT) issued an alert on Wednesday for a new Flash Player zero-day vulnerability that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea. https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998

Cryptocurrency Mining Malware infected over half a million PCs using NSA exploit

Several cybersecurity firms are reporting new cryptocurrency mining viruses that are being spread using EternalBlue—the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry. https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators

Hard-coded password lets attackers bypass Lenovo's fingerprint scanner

Lenovo has recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow leak sensitive data stored by the users. Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 and 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could also be configured to store website credentials and authenticate site via fingerprint. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3762

INDUSTRY

This is why we can't have nice things, BT tells Global Services after 3% sales droop

The telco fingered its troubled outsourcing division as the "main contributor" to revenue decline, with sales in the quarter falling 9 per cent to £1.26bn. "Challenging market conditions" and a reduction in IP Exchange volumes were blamed.

Capita contract probed after thousands of clinical letters undelivered

The National Audit Office is investigating a backlog of 162,000 undelivered items of clinical correspondence on the watch of Capita's £700m Primary Care Services contract. In September 2015, Capita commenced the seven-year contract to provide primary care support services, including the management of GP pay and pensions, medical records, patient registration, and maintenance of its new GPs. https://www.theregister.co.uk/2018/02/02/spending_watchdog_probes_clinical_correspondence_backlog_in_capita_contract/

ICO 12-step GDPR programme

Data privacy addicts are being urged to take a 12-step programme – by no less than the UK's Information Commissioner's Office. The ICO, which is the Brit government agency responsible for enforcing Britain's rather weak data laws, has issued guidance for companies to seek redemption ahead of the EU GDPR rules coming into force in the UK this May. https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

China plans to create hundreds of semiconductor R&D jobs in UK

CRRC Times Electric, the majority shareholder in Dynex Power Inc. and its subsidiary Dynex Semiconductor Ltd. (Lincoln, England), is planning to establish The Times Electric Innovation Centre (TEIC) in Birmingham, England in the first half of 2018. http://www.eenewsanalog.com/news/dynex-opens-power-semiconductor-foundry-unit

FUTURES

India bans crypto- currency, but embraces the blockchain

India will effectively ban the use of cryptocurrencies within its borders. “The Government does not consider crypto-currencies legal tender or coin and will take all measures to eliminate use of these cryptoassets in financing illegitimate activities or as part of the payment system,” Jaitley said at paragraph 112 of the speech. But the minister added “the Government will explore use of block chain technology proactively for ushering in digital economy.” http://www.indiabudget.gov.in/ub2018-19/bs/bs.pdf

Managed Wi-Fi market driven by enterprise and BYOD

According to research from MarketsandMarkets, the global managed Wi-Fi market size is expected to grow from USD 3.07 Billion in 2017 to USD 6.11 Billion by 2022, at a CAGR of 14.8 percent during the forecast period.

Major driving factors of the managed Wi-Fi market are increasing adoption of enterprise mobility services and the Bring Your Own Device (BYOD) trend. The growing demand for high-speed and widespread network coverage and increasing adoption of cloud managed Wi-Fi and associated services are also major factors for the market growth. http://www.marketsandmarkets.com/