Weekly Threat Report - 8th November 2019
Flaw revealed in Amazon’s Ring Video Doorbell Pro
Security researchers at Bitdefender have revealed they discovered a flaw in Amazon’s Ring Video Doorbell Pro, which could allow an attacker to steal home Wi-Fi credentials.
It’s reported that the device’s smartphone app sent credentials in plain HTTP language during set-up and configuration. Researchers said an attacker – within close range – could target the device with a type of denial of service (DoS) attack and get it kicked off the Wi-Fi network. When the consumer reconfigured the device, details would then be exposed.
Bitdefender has been working with Ring's tech team to help mitigate this issue and say Ring Doorbell Pro cameras have received a security update that fixes the flaw going forward.
Alongside DCMS, we’re encouraging manufacturers to ensure the safety of their products and we’ve developed a code of practice to help keep consumers safe.
You can find the NCSC’s guidance on smart devices in the home.
Trend Micro discloses insider threat impact
Cyber security company Trend Micro has revealed that an employee has stolen and sold data affecting thousands of its customers.
In a statement on its website, Trend Micro confirmed that the unauthorised disclosure of personal data had been a result of a malicious insider.
Following investigation the company has taken action to ensure no further impact. It also confirmed that up to 70,000 of its 12 million customers has been affected.
Trend Micro has apologised in their online statement and has also given customers key information to consider in the aftermath of this incident including the fact that they would never call customers unexpectedly.
The risk of insider threat is a real one for organisations. The Centre for the Protection of National Infrastructure (CPNI) has guidance about reducing the risk of insider threats. Another good starting point for any business looking to secure themselves would be the NCSC’s 10 steps to cyber security.