Singapore introduces cybersecurity rating for ‘smart’ devices

From home Wi-Fi routers to robot vacuums, home appliances sold in Singapore can now opt-in to a voluntary rating system simplifying what kind of cybersecurity and privacy features they offer consumers. The Cybersecurity Labelling Scheme, the first of its kind in the Asia-Pacific region, will be similar to energy-use labels currently affixed to appliances. Singapore’s government says that it hopes other countries adopt the standards as well.

(Straits Times)

Watch out for Emotet, warns DHS 

The Emotet malware, originally a simple banking trojan when it debuted in 2014, is now “one of the most prevalent ongoing threats,” according to the Department of Homeland Security’s cybersecurity division. It’s been used to target high-profile government agencies in the U.S., Canada, France, Japan, New Zealand, and the Democratic National Committee, and its polymorphic nature makes it hard to detect and hard to stop.(Ars Technica)

Big takedowns don’t stop Dark Web markets, says Europol

Illicit marketplaces on the Dark Web continue to evolve even after officials bust their operations. That’s the conclusion of a new report by the European Union’s law enforcement arm. While no dominant marketplace has replaced Deep Dot Web which was shuttered in 2019, smaller, more resilient iterations still trade in crime-oriented malware, drugs, and other products. (CyberScoop)

Snobbery, obsession with rare threats hamstring cyber-intel teams

Call it a form of the insidious “insider threat.” Two recent presentations at cybersecurity conferences argue that cybersecurity intelligence teams need to do more to focus on the biggest threats to their organizations—phishing attacks and password reuse—and less on zero-days and nation-state attacks. Furthermore, their elitist isolationism makes it harder for their colleagues to trust their work. (Dark Reading)

Thanks to this week’s sponsor, Detectify


Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today!

Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today at Detectify.com.

Facial recognition at borders fuels more surveillance: report

Facial recognition software used at border crossings around the world can encourage governments to take on even more invasive forms of surveillance. That’s according to a new report by the Canadian Internet Policy and Public Interest Clinic, which found that once governments have biometric data on travellers, they share it with other government agencies and private organizations—often without the travellers’ knowledge. (Vice)

Influential QAnon evangelist is also major Wall Street exec

Jason Gelinas fit right in as a resident of his New Jersey suburb, working at Citigroup where he managed a team of software developers, except that he also ran the QAnon conspiracy theory’s biggest news hub. Bloomberg Businessweek explores how and why Gelinas came to believe in QAnon. (Bloomberg)

California’s privacy law may have resurrected ‘Do Not Track’

Organizations must respect universal opt-outs indicated by consumers on the Web, says the California Consumer Privacy Act, which came into effect on January 1. Technology exists to give the law teeth, and privacy-minded tech organizations, nonprofits, and publishers have introduced a new technical standard intended to be a global privacy control to make it easy for consumers to claw back their privacy. (Wired)

Terrible IOT is everywhere, even in your pants

A British cybersecurity testing company has found that an Internet-connected chastity device for men comes with numerable major security vulnerabilities. Thanks to multiple API flaws, hackers can lock the device against the user’s will, track their location, decode personal information, and read text chats conducted through the device. (PenTest Partners)