Bug Bytes: RSA, Equifax, and Auto – Oh my!


  •  
  •  
  •  
  •  

Closing out from RSA this week, where nearly every cyber company was pulling out all the stops, we couldn’t help but notice the extra light shed and proactive efforts made around diversity. In lead up to the conference, the San Francisco Chronicle sat down with Sandra Toms, chief organizer of the RSA Conference, to discuss the changes made to boost the presence of women in security this year. An estimated 20 percent of this week’s audience was made up by women – in part influenced by updated keynote submission practices, new training offerings for women, additional keynote speaker slots, and more.

In fact, Bugcrowd Security Researcher Advocate Chloe Messdaghi spoke at adjacent conference BSidesSF on tips for fixing the diversity gap in cybersecurity. If you missed this session but are also passionate about being a driver of change for women in the field and will be in Austin this month for BSides, be sure to stop by Chloe’s talk on March 29.

Over on the Hill, CNBC reported on Equifax CEO Mark Begor and Marriott CEO Arne Sorenson testifying to a Senate subcommittee on private-sector data breaches, including their respective breaches. The subcommittee released a report Thursday on Equifax’s breach that closely examined the behavior of senior executives around the time of the theft of the personal data of 143 million people, criticizing the company for not properly preserving assets about the breach.

The hearing started with a statement from Senator Rob Portman, who highlighted using hackers as part of the solution to “ensure criminals are no longer taking advantage of us as consumers.” We saw evidence of this where Bugcrowd hackers actually found and fixed the same vulnerabilities that compromised Equifax in similar institutions a full four months before the breach occurred. This changing narrative of hackers and hacker culture is just getting started and we’re excited to be at the forefront of it.

In other news, CNET covered Viper and Pandora, two popular smart alarm systems for cars, which were discovered to have major security flaws that allowed potential hackers to track the vehicles, unlock doors, and in some cases, cut off the engine. The vulnerabilities could be exploited with two simple steps, which is not surprising given today, cars are truly connected devices.

For this reason, automakers have become increasingly bullish about the cybersecurity. Several of which, including companies like Tesla and Fiat Chrysler Automobiles, have turned to crowdsourced security programs such as bug bounty. In fact, given the potential impact, critical auto vulnerabilities are among the highest paid on the Bugcrowd platform, with an average of nearly $5,000.

That’s all for this week’s edition of Bug Bytes. Tune in next week for another recap of the week’s cyber security news.