Facebook Could Face Billions In Fines

RBS signs up to Facebook

In response to the news that Facebook could face billions in fines for its recent data breach, please see below comments from Hitesh Kargathra, Lead Security Consultant at Falanx Group. Hitesh Kargathra, Lead Security Consultant at Falanx Group: “Organisations are being judged less on whether they have suffered a data breach and more on how these […]

Hackers Issue Voting Machine Security Warning Ahead Of US Midterm Elections

It has been reported that just weeks ahead of the US midterm elections, security experts are warning that America’s voting systems are still vulnerable to being hacked. Attackers could manipulate the outcome of November’s votes which will establish the support that President Trump has in Congress for the rest of his term, according to those warnings. Tim Mackey, […]

Head Of Compliance At Securityscorecard On Bupa Fine

Following today’s news that Bupa has been fined £175,000 by UK regulators for “systematic data protection failures” after an employee stole thousands of customers’ data and offered it for sale on the dark web, please see below for commentary from Fouad Khalil, Head of Compliance at SecurityScorecard. Fouad Khalil, Head of Compliance at SecurityScorecard: “This […]

Torii Botnet – Not Another Mirai Variant

Avast’s threat labs team have uncovered “the most sophisticated botnet that they have ever seen”, and it is targeting IoT devices. The new IoT malware strain/botnet labelled ‘Torii’ has spread over poorly secured Telnet services, with the attack coming from Tor exit nodes. The malware captures data from IoT devices and gives attackers remote code execution – […]

Could Your Organisation’s Servers Be A Botnet?

Most organisations are aware that they could be the target of a DDoS attack and have deployed protection to keep their public-facing services online in the face of such attacks. However, far fewer have thought about the potential for their servers to be harnessed for use in a botnet, the group of servers used to […]

Tory Party Conference App Flaw

Data-Centric Security Protection Enhancements

On Saturday it was reported that the Tory Party Conference app had a flaw within it that exposed all the contact details and other personal information on those registered to attend the conference – including those of senior Tory party members, such as Boris Johnson – and allowed them to make changes to the details. […]

Potential Misuse Of Legitimate Websites To Avoid Malware Detection

Some common malware will attempt to gather information about its environment, such as public IP address, Language, and Location. System queries and identifier websites such as whatismyipaddress.com are often used for these purposes but are easily identified by modern network monitors and antivirus. Everyday interactions with legitimate websites provide much of this information and is not monitored […]