"Smart Spies" in your "smart speakers" (Alexa, Google) - They could perform eavesdropping and voice-phishing, or using people’s voice cues to determine passwords

The vulnerability lies in small apps created by developers for the devices to extend their capability called Skills for Alexa and second app called Actions on Google Home, according to a report by Security Research Labs (SRLabs). These apps “can be abused to listen in on users or vish (voice phish) their passwords,” researchers said.

https://threatpost.com/new-way-found-to-use-alexa-google-to-voice-phish-and-eavesdrop-on-users/149352/

Apparently, If you don't use the right screen protector - Any fingerprint can unlock your Samsung Galaxy S10.

Ultrasonic fingerprint scanners can have problems with some screen protectors, as they may register the sound of a “fingerprint” which is bounced back off the screen protector rather than the actual fingerprint’s ridges.

In short, the phone has “registered” a fingerprint which may look like any finger pressing through the screen protector.

In other words – a fingerprint was not reliably registered in the first place.

https://www.grahamcluley.com/about-that-any-fingerprint-can-unlock-your-samsung-galaxy-s10-report/

Did you know that you can BLOCK unknown callers in iOS 13

This is a great way to get rid of nuisance and spam callers.

To enable this feature, go to Settings > Phone > and toggle to Silence Unknown Callers.


https://www.zdnet.com/article/ios-13-security-and-privacy-settings-you-need-to-tweak-and-check/

Be aware that your CyberInsurance may not cover "stolen funds" - Example - AIG

Hackers fleeced SS&C out of $5.9 million in 2016 by emailing company employees from spoofed email addresses, and requesting monetary transfers. AIG says its policy stipulates that the insurer will not cover losses stemming from criminal activity.



https://www.cyberscoop.com/aig-cyber-insurance-lawsuit-bec/

We hear that Cybersecurity is a hot field, did you know that - 60% of IT Security Professionals are looking to leave current Job

• 53% - [An] unhealthy work environment ; 
• 46% - lack of IT security prioritization from C-level or upper management ; 
• 37% - unclear job expectations; 
• 30% -  lack of mentorship

In the workforce, it might look like this:
Situation -> Anger -> Action -> Unemployment and the cycle regenerates back to even more anger

https://www.hackread.com/information-security-professional-degeneration/

One common (forgotten) security issue that exists in our home - Vulnerabilities that will NEVER be patched because the system in unsupported (EOL) (Router, TV, IoT, or anything that can connect to internet).

For Example - The security researchers disclosed their findings to D-Link on September 22. Within 24 hours the hardware vendor had confirmed the vulnerability, and three days later, D-Link said that as the products are at End of Life (EOL) support, no patch will be released.

https://www.zdnet.com/article/d-link-routers-contain-remote-code-execution-vulnerability/

MFA - We constantly hear about two-step verification failure so, please remember this - All Authenticators Are Vulnerable but NOT all authenticators equally vulnerable.

Here’s a list of common credential types with an assessment of vulnerabilities (excluding coercion)

https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/All-your-creds-are-belong-to-us/ba-p/855124

Free Cyber Security Awareness Resource Kit - From SANS

Get it here


https://www.sans.org/security-awareness-training/resources/ncsam-toolkit?utm_medium=Email&utm_source=Houselist+Ouch&utm_campaign=STH+Ouch!&utm_content=NCSAM+Toolkit

Free Cyber Security Awareness Resource Kit - From KnowB4

Get it here

https://www.knowbe4.com/ncsam-resource-kit

You know/have Cyber Insurance , do you have Cyber Catalysts

These are Services the Cyber Insurers consider effective in reducing cyber risk. Here is a list from Marsh.
I am not happy that they are recommending products. I wish they had just recommended threat categories (but, it is a good start). Hopefully, customers will not treat this as a check list to get discounts.


https://www.claimsjournal.com/news/national/2019/09/25/293273.htm

NEW SANS OUCH Newsletter - Just in time for CyberSecurity Month

Get it here

https://www.sans.org/sites/default/files/2019-09/201910-OUCH-October-English.pdf