Google Finally Pulls Chinese Apps Stealing Personal Data - Security Boulevard

Bogus Baidu Boo-Boo

Wait, what? As the researchers who discovered the problem point out, #Baidu has no business sniffing your phone’s #IMSI or #IMEI. In today’s #SBBlogwatch at @SecurityBlvd, we give thanks: https://t.co/sWA34RH756

— @Richi Jennings (@RiCHi) November 25, 2020

Should you pen-test WFH staff? Consumer gear has terrible security. - TechBeacon

The moral of the story? Audit the equipment your users use in their working-from-home networks. You’re going to have to keep up with the security status of that too, and mandate replacement of devices that can’t be secured

You know it makes sense. In this week’s #SecurityBlogwatch at @TechBeaconCom, we give thanks: https://t.co/ZThqgCX7In

— @Richi Jennings (@RiCHi) November 25, 2020

Congress Passes IoT Security Act, but is it Toothless? - Security Boulevard

NIST and OMB to Lead

… But it was just a bill. Yes—only a bill. And they voted for it on #CapitolHill. In today’s #SBBlogwatch at @SecurityBlvd, it’s off to the @WhiteHouse, where it’ll wait in a line, with a lot of other bills, for the @POTUS to sign (or not): https://t.co/OSM9EylIea

3/…

— @Richi Jennings (@RiCHi) November 24, 2020

Japanese Orgs Hacked ‘by China’ in Long, Widespread Campaign - Security Boulevard

Stop Monkeying Around

… Here we go again. In today’s #SBBlogwatch at @SecurityBlvd, we get déjà vu—and 既視感: https://t.co/AdUFlrxbye

3/…

— @Richi Jennings (@RiCHi) November 20, 2020

App SDKs sell location data to US military in ‘war on terror’ - TechBeacon

Your tax dollars at work.

The moral of the story?
Dev: Don’t use third-party SDKs unless you’re sure what data is collected.
IT: Help your users choose the best privacy settings on their devices.

… Are you happy this is being done in your name? In this week’s #SecurityBlogwatch at @TechBeaconCom, we fear fear itself: https://t.co/OePjjY1Ahh

4/…

— @Richi Jennings (@RiCHi) November 19, 2020