Skip to main content

Friday Five: 6/15 Edition

by Chris Brook on Friday June 15, 2018

Contact Us
Free Demo

Apple finally confirms a feature it's bringing to iOS, hackers scamming Uber, and Dixons Carphone's breach -- catch up with the week's infosec news with this roundup!

1. Apple to Close iPhone Security Hole That Police Use to Crack Devices by Jack Nicas

An Apple spokesman confirmed this week that the company is planning to close what the New York Times referred to as a "loophole" in iOS that would have allowed law enforcement to hack into iPhones. The new feature, dubbed USB Restricted Mode, would prevent the phone's Lightning port from transferring data an hour after the phone is locked, something that will likely severely hamper hackers and law enforcement. This isn't exactly breaking news, especially if you've been following this space for the past couple of weeks. In fact we reported on this blog that Apple was testing the feature in beta releases just last week. What’s more interesting than the actual news at hand here is the fact that for some reason the New York Times, Reuters, the Washington Post, and the Wall Street Journal all held off reporting the story until Wednesday.

2. Randolph librarian wins surprise judgement against Equifax by Matt Hongoltz-Hetling

Sometimes it's the little things or in this story's case, the things you least expect. For Jessamyn West, a librarian at Randolph Technical Career Center, a technical school in Randolph, Vermont, it all came after she filed a case in small claims court over last year's mammoth Equifax breach. It cost West $90 to file the case and to her surprise the Judge presiding over the case, Bernard Lewis, the probate judge for the City of Chelsea in Orange County, Vermont, issued a ruling last week in her favor. Bernard said West was owed money to cover the cost of up to two years of payments to online identity protection services, plus her $90 filing fee. West is enjoying the fruits of her labor. The Valley News, a newspaper that services the area along the New Hampshire/Vermont border, around the 89/91 interchange recapped the story Tuesday. Even Krebs reached out to the librarian this week.

3. Dixons Carphone took nearly a year to discover massive data breach by Ben Woods

We learned this week that Dixons Carphone, an electronics retailer that services the UK, Ireland, and some of mainland Europe, has quite the security headache on its hands. The company announced via a statement Wednesday (.PDF) that it was hacked nearly a year ago, last July, to the tune of 1.2 million personal records. The attacker also attempted to access 5.9 million payment cards from one of the processing systems of Currys PC World and Dixons Travel stores. The company is stressing that the lion's share of cards, 5.8 million, have chip and pin protection, something which would prevent them from being used in card present transaction fraud but not card not present fraud, a transaction in which the cardholder doesn't have to present the card, like in online transactions.

Blog Post

Data Breach Experts Share The Most Important Next Step You Should Take After A Data Breach

4. Google Blocks Chrome Extension Installations From 3rd-Party Sites by Swati Khandelwal

The days of installing third party browser extensions, at least on Google Chrome, are numbered. The Mountainview company announced this week it will soon block the ability for sites to offer "inline installation," of extensions. That means beginning on September 12 that Chrome extensions only be available in the browser's official store. By the end of the year the company will remove the inline install API method from Chrome 71. The move should better protect users from downloading misleading or deceptive extensions.

5. Uber fights off scammers every day. Here's how it learned the tricks by Alfred Ng

An interesting read via CNET on how scammers have been tricking Uber in order to steal money using a combination of phony rides and GPS spoofing. “One of the most common scams occurred through GPS spoofing, in which fraudsters used two phones, one as a new rider and one as a driver,” reporter Alfred Ng wrote Thursday, “The new rider account has a stolen credit card signed up with it and requests a ride, which the scammer accepts using the driver account.” The trick is the ride never actually goes anywhere. The attackers still pocket money from the stolen credit card though. It's an interesting read, bolstered by insight around how machine learning is helping the company, from Ting Chen, Uber's data science manager.

Tags:  Mobile Security Data Breaches

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business