Page 7 - Threat Intelligence 12-20-2019
P. 7
Regulatory and
Privacy News
Internet of crap (encryption): IoT gear is generating easy-to-crack keys. A preponderance of weak keys is
leaving IoT devices at risk of being hacked, and the problem won't be an easy one to solve. This was the
conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA
certificates gathered from the open internet and determined that number combinations were being repeated
at a far greater rate than they should, meaning encrypted connections could possibly be broken by attackers
who correctly guess a key. Comparing the millions of keys on an Azure cloud instance, the team found
common factors were used to generate keys at a rate of 1 in 172 (435,000 in total). By comparison, the team
also analyzed 100 million certificates collected from the Certificate Transparency logs on desktops, where they
found common factors in just five certificates, or a rate of 1 in 20 million. The team believes that the reason
for this poor entropy is down to IoT devices. Because the embedded gear is often based on very low-power
hardware, the devices are unable to properly generate random numbers.
Source: https://www.theregister.co.uk/2019/12/16/internet_of_crap_encryption/
Chrome 79 has better password protection and real-time phishing warnings. Google released a stable build
of Chrome 79 on Tuesday, which included several improvements. Many of the new features focus on end-user
security for password and phishing protection. It also made it more easy to see which account you are synced
with if you use multiple profiles. Previously, Google had a separate Password Checkup browser extension that
warned users if they were reusing passwords on different websites. Now, Chrome will be able to do this
natively. It will also let users know if their password has been compromised as part of a data breach. The
browser will run these checks as you enter your credentials into websites. The password protection feature
can be accessed through Chrome’s sync settings. Another security feature in Chrome 79 is real-time phishing
protection. Google has found that scammers running phishing websites frequently change domains to try to
outsmart users and Google’s spider-bots. So Chrome implements a feature that references a list of phishing
websites that the search giant updates every 30 minutes. Google claims that it should improve the browser’s
phishing detection by about 30 percent.
Source: https://www.techspot.com/news/83142-chrome-79-has-better-password-protection-real-
time.html
Data Breaches and Damages: Consumer Action Under the CCPA. With less than two months to go before the
California Consumer Privacy Act of 2018’s (“CCPA”) effective date of January 1, 2020, businesses should be
aware of the potential litigation that awaits them. The CCPA is a California privacy law that gives California
consumers the rights to know about and control the personal information that businesses collect about them.
In turn, the CCPA requires businesses to give consumers the ability to effectuate these rights. Among the rights
the CCPA endows on California consumers, is the right to bring an action for statutory damages if the
consumer’s information is subject to a data breach. This right, however, only applies to certain kinds of data
breaches.
Source: https://www.natlawreview.com/article/data-breaches-and-damages-consumer-action-under-
ccpa
www.accumepartners.com
7
