The month of June is flying by, and July is fast approaching! Another is in the books here in Boise, ID at the PlexTrac HQ. This passing of another week signals the need for another “Byte Sized News,” brought to you by us at PlexTrac. This week was yet another busy one for the cybersecurity industry! There are many interesting stories, new developments, and enormous breaches in the industry that are sure to both entertain and inform our readers. As always, this series isn’t intended to provide readers with details on every story and topic, but rather to fill busy professionals in on the most compelling developments in the field.
Without further ado, let’s get to this week’s top news stories!
Our first story from the week comes from InfoSecurity Magazine. We led with Zoom news last week too, but they continue to make headlines with another big time hire. This time the company has hired Salesforce SVP Jason Lee to be their new CISO. Before Salesforce, Lee worked for 15 years at Microsoft, where he rose from a position as senior manager to principal director of security engineering for the Windows Device Group. “Our customers’ security is extremely important and is at the core of everything we do. We are excited to welcome Jason, who has deep industry experience, understands the complexity of servicing a wide variety of users, and can lead Zoom’s efforts to strengthen the security of our platform during this time of rapid expansion,” said Lee’s new boss, Zoom COO, Aparna Bawa.
The next article we want to highlight this week also comes from InfoSecurity Magazine. This article discusses a recent claim that “medical devices, physical access operations and networking equipment are among the most risky when it comes to risks posed to business.” This conclusion was drawn using analysis from the Forescout Device Cloud, which identified the points of risk most inherent to device type, industry sector, and cybersecurity policies. It determined the riskiest device groups were smart buildings, medical devices, networking equipment and VoIP phones. This data was correlated and determined from information from around 11 million devices.
Our next article from the week comes from TechRadar. This article details Sony’s launch of a new bug bounty program for their enormous PlayStation brand. The tagline is simple: Find a critical security flaw in the PS4 and walk away with at least $50,000. PlayStation has done a private bug bounty program for many years now but is taking the program public for issues both on the PS4 and the PlayStation network. In a blog post from PlayStation themselves, senior director of software engineering Geoff Norton stated, “We recognize the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community.”
The next story from the week comes from Krebs on Security. This article details that hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. This collection, dubbed as “BlueLeaks” online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. This collection, which is nearly 270 gigabytes in total, is the latest release from Distributed Denial of Secrets (DDoSecrets). DDoSecrets is an alternative to Wikileaks that publishes caches of previously secret data. This data apparently contains “ten years of data from over 200 police departments.”
Our last headline of the week also comes from ThreatPost. This article details a new bill, named “The Lawful Access to Encrypted Data Act,” being decried as an “awful idea” by many security experts across the field. This new bill would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The three who introduced the bill, Lindsey Graham (R-SC), Tom Cotton (R-AR), and Marsha Blackburn (R-TN), argued that ending the use of “warrant-proof” encrypted technology would “bolster national security interests” and “better protect communities across the country.” Tech companies and security and privacy experts all staunchly disagree, arguing that the bill will instead open up a potential for abuse from law enforcement and obstruct on the data privacy of customers.