Today is a serious news day in the security world, so I won’t break down everything that’s going on, but instead will just recap a few highlights and put some of them in context.
So, number 1: Remember the ShadowBrokers? I do too. The ThreatPost has an interesting article summing up what we do and don’t know as of now about the group. Most people seem to agree that this is the GRU – but I don’t know that anybody has this definitively (if they do, it’s not public). And the “dump of the month” service? Who knows where that is. Remains a mystery. Like Amelia Earhart I guess.
Number 2: Russian dude, apparently involved in BTC-e, was arrested for Mt. Gox attacks. If true, this guy stole a bunch of money, conducted some serious money laundering, and knocked out a competitor at the same time. How’s that for efficiency?
Number 3: New attack allows malicious use of Docker containers. This is an interesting one and should highlight why using certificate-based authentication for API access is a good idea. Are you using certificates? Good for you, I knew you would be.
Number 4: There’s now something akin to a UL listing but for medical devices. It includes a consortium of device manufacturers, academia, technology firms, and (presumably) providers. Finally. Let’s hope people take it seriously. It would also be nice if there was some regulatory “encouragement” to select products that have been accredited in some way.
Anyway, that’s all for now. Happy Friday.