Apple Pay, unresolved issues, and Japan

The Daily Grind

One thing I can say about Japanese customers after living in the country for 30 years is this: Japanese customers are quiet, fair, possess a dry, critical but practical way of dealing with things and are hard-nosed, some of the most hard nosed customers in the world I think. They like what is good, dislike what is bad, and simply stop using something that doesn’t work for them. But once they feel betrayed by a product, they silently drop it and never come back.

iOS 11.4 Beta 3 Does Not Fix The iPhone X Apple Pay Suica Error Problem

Just a public service message that iOS 11.4 beta 3 (15F5061e) does not fix the iPhone X Suica Problem.

Meanwhile, in other news mentioned by atadistance.net, Generalissimo Francisco Franco is still dead.

Also on:

I think no one learned a valuable lesson …

Yahoo gets $35 million slap on wrist for failing to disclose colossal 2014 data breach

The SEC forced Yahoo to pay $35 million in penalties to settle charges that it misled investors. The breach has been widely publicized and is considered one of the largest data breaches on record.

Yahoo’s operating business, now known as Altaba, was acquired last year by Verizon for $4 billion.

What would have been paid under GDPR? $198M if this article is correct.

Calling this a “slap on the wrist” is an insult to wrist slaps everywhere.

Also on:

Supply Chain Security, Assumptions & Blind Spots

Chinese Cyberspies Appear to be Preparing Supply-Chain Attacks

First and foremost, attackers appear to favor spear-phishing individual targets, preferring to collect credentials and then entering accounts without utilizing malware for establishing an initial foothold.

We have observed spear-phishing campaigns that target human resources and hiring managers, IT staff, and internal information security staff, which are generally very effective,” 401TRG experts said about the 2017 campaigns.

Hackers focus on collecting network credentials and then spreading laterally inside a company.

Attackers then use a technique known as “living off the land,” which refers to the use of locally installed apps for malicious purposes. Tools often used in these intrusions include standard Windows utilities, but also penetration testing utilities such as Metasploit and Cobalt Strike. Malware is only deployed if necessary, attackers fearing detection, which often implies losing their foothold on a target’s network.

(Via BleepingComputer.com)

First, don’t forget the ‘supply chain’ isn’t just raw materials or parts or assemblies or their ilk. It’s the HVAC and fish tank maintenance companies, too.

I like the phrase LotL (“Living off the Land”). I think, tho need to check, it translates well.

Tl;dr: Orgs with strong security & defense-in-depth can still harbor blind spots & inaccurate assumptions.

Continue reading Supply Chain Security, Assumptions & Blind Spots

Shinjuku, Tokyo, Japan

Also on: