Friday Five 6/24
Read about how daycare apps may be putting your security at risk, why to double-check before ordering your COVID-19 test, the newest cybersecurity legislation signed into law, and more in this week's Friday Five!
1. Russian RSocks botnet disrupted after hacking millions of devices by Bill Toulas
The Russian malware botnet known as RSocks, which has been used to hijack millions of computers, Android smartphones, and IoT devices, has been seized by the U.S. Department of Justice. The RSocks botnet was used to turn such devices into proxy servers, allowing botnet customers to deter authorities by using residential IP addresses. Read the full story from BleepingComputer to find out how the investigation ensued and how you can prevent botnets like RSocks from hacking your devices.
2. Daycare Apps Are Dangerously Insecure by Alexis Hancock
In a 2022 investigation into daycare apps by the Electronic Frontier Foundation, research found that daycare app vendors knowingly and willingly avoided implementing necessary security and privacy controls. “Despite the knowledge that children’s data was at stake, security controls still hadn’t been pushed to the top of the agenda in this industry. Privacy issues remained as well.” Read the full story to better understand where these vendors are falling short in their security efforts and what they need to do to address remaining security concerns.
3. 80% of Firms Suffered Identity-Related Breaches in Last 12 Months by Robert Lemos
According to the results of a new survey of IT and security professionals, the large majority of organizations are experiencing rapid growth in number of identities that have to be managed. But “furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.” Read the full story from Dark Reading to discover what kinds of identity-related breaches are increasingly affecting organizations and how these breaches can be prevented.
4. Biden signs cyber bills into law by Zach Schonfeld
Two new cybersecurity bills—the Federal Rotational Cyber Workforce Program Act and the State and Local Government Cybersecurity Act—were signed into law by President Joe Biden this past week. Read more about which lawmakers pushed these bills, why they received bipartisan support, and what they mean for the government’s security posture moving forward.
5. NHS warns of scam COVID-19 text messages by Graham Cluley
The UK’s National Health Service is warning people of a new phishing scam fraudulently telling them that they’ve been exposed to the Omicron variant of COVID-19. The scam attempts to gain people’s sensitive information including full names, dates of birth, other personal information, and financial information by directing those people to fake NHS domains asking for payment for testing kits. Read the full story from Tripwire to see what to watch out for.