February 27, 2018
How Medrobotics’ CEO Thwarted Possible Corporate Espionage – Massachusetts, United States
Medrobotics CEO Samuel Straface has a habit of being last out the door – a habit that may have saved his company from corporate espionage. Although his peers and coworkers left to celebrate together at a nearby pub, Straface ended up spending the night dealing with a man he’d never met before: Dong Liu. In dealing with this stranger, he had to unravel why Liu was alone in a mostly secured conference room with several laptops and recording equipment after every other employee had left for the night. Straface said he believes Liu must have scouted out the facility at an earlier date, as he seemed to know the limits of the medical robotics company’s headquarters during his appearance Aug. 28. Staffers later told the FBI that they had seen Liu a month before trying to get into the building, but he was denied entry by an engineer who said he’d have to arrange a meeting, Straface told MDO. Straface said he thought he saw something out of the corner of his eyes as he walked past – which would be highly unusual, as he thought he was the last person left in the building for the night. He had no plans for visitors or meetings and assumed none of his employees would be hiding out in a conference room while their peers celebrated. “I saw what looked like a bank of laptops on the table and a tuft of hair sticking out of the top. You couldn’t identify a person,” Straface said. “The thing that got me was the fact that there were three laptops – side by side – sitting on the conference table with screens facing away from the doors.” He quickly turned on his heel and walked back into the room, although he had no malicious intent – Straface said he always stopped in to greet faces he didn’t know, even if they were wearing badges. So long as he didn’t know who they were, they earned themselves an introduction. Finding people that are the right fit and maintaining a personal connection with his team is an important aspect of Straface’s leadership principles, he said, so speaking to an employee he might not have met before wasn’t out of the ordinary. The incident, although troubling, hasn’t set the company back, he added, noting that the closeness of the team at Medrobotics was an essential element in his catching Liu – he never passed a face he didn’t know without saying hi, and that attitude is disseminated through the company.
Stress Free Global Travel Thanks to Blockchain and Biometrics – Canada
Flying was once a pleasure, but those days are long gone. Being searched prodded and poked through long, slow lines at the airport has become the norm in the post 9/11 travel world. However, a combination of blockchain and biometrics may soon relieve some of the stress of jetting around the world. pilot project developed by the consulting firm Accenture along with the World Economic Forum’s Security in Travel Project and the Canadian government is about to begin testing a new system that’s designed to speed up processing while increasing security in international travel. The Known Traveler Digital Identity System will use fingerprints, facial imagining, and passport numbers among other information that can be shared ahead of time to allow those in the system to pass through security quickly. The Known Traveler System has already built an impressive list of partners in its two years of development including Marriott International, the U.S. Department of Homeland Security, AccorHotels, Amadeus IT Group, AirAsia, Airports Council International, the governments of Canada and The Netherlands, Google, Hilton Worldwide, various international aviation and law enforcement organizations and Visa, among others.
Dozen Flaws Found in Trend Micro Email Encryption Gateway – United States
Core Security revealed this week that its employees found several types of vulnerabilities in the Linux-based email encryption product. The most serious of the security holes can allow a local or remote attacker with access to the targeted system to execute arbitrary commands with root privileges. Core Security has published an advisory detailing each of the vulnerabilities it has found. The flaws have been assigned the CVE identifiers CVE-2018-6219 through CVE-2018-6230. The most serious of the flaws, rated critical based on its CVSS score, is CVE-2018-6223, an issue related to missing authentication. System admins can configure the virtual appliance running Email Encryption Gateway during the deployment process through a registration endpoint. The problem is that this endpoint can be accessed without authentication, allowing attackers to set administrator usernames and passwords and make other configuration changes. Six of the flaws found in Email Encryption Gateway have been rated “high severity,” including an arbitrary file write issue that can lead to command execution, a couple of cross-site scripting (XSS) vulnerabilities, a command execution flaw related to arbitrary log file locations, and the lack of a validation mechanism for software updates.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!