In this episode, we dive into the end of July headlines, covering a class action lawsuit against John Hopkins following a major data breach, emphasizing the need for better data handling and security practices. We also explore the complexities of IoT device regulation, questioning the absence of tech giants like Apple and Microsoft in this area. The episode educates listeners on online scams and provides essential tips to avoid falling victim to phishing tactics. Additionally, it stresses the importance of timely software updates and informed decision-making to enhance cybersecurity in the digital realm. All this and the building anticipation of the upcoming DEFCON.
You can subscribe to Unmasked wherever you get your podcasts.
Show notes
Headlines for the end of July
- John Hopkins- Hit with Class Action Lawsuit connected to data breach
- Filed by the patient named Pamela Hunter, alleges that Hopkins “failed to properly secure and safeguard” patients’ personal and medical information.
- If based on original MoveIT breach- not their fault/ hard to prove
- If plaintiff can prove negligence, then potential cancelation of cybersecurity insurance policy etc.
- Biden Administration is tackling smart devices with a new label
- US Cyber Trust Mark- would require smart products to meet certain thresholds, including ongoing software security support, to qualify for the program
- FCC says the mark will signify that the devices meet/ and maintain certain standards
- Main devices would be smart home appliances, TV’s, climate controllers, but also list smart fitness tracker
- Mark would be a shield – indicating that that device is meeting the standards
- Participating manufactures and retailers are: Amazon, Google, Samsung, Logitech, Best Buy
- Back to School Scams- Amazon Releases Scam warning email to all customers
- Unexpected calls, texts, emails that refer to costly membership fees going up if you do not act now…
- Issues with your membership- asking for bank account/ payment info
- Amazon issues warnings:
- Trust Amazon –owned channels
- Beware of false urgency
- Never pay over the phone
- Verify links first
- Apple fixes new Zero Day threat
- Apple is aware of a report that this issue may have been actively exploited,” the company said in an advisory describing a WebKit flaw tracked as CVE-2023-37450 that was addressed in a new round of Rapid Security Response (RSR) updates earlier this month.
- The other zero-day patched today is a new Kernel flaw tracked as CVE-2023-38606 that was exploited in attacks targeting devices running older iOS releases.
- exploited against versions of iOS released before iOS 15.7.1
- DEFCON – Mark to interview industry folks while out in Las Vegas this week