The Changing World Of Encryption: TLS Deployments In 2020

Online privacy is no longer about simply staying away from prying eyes. Encryption on the web plays a key role in affording us our privacy and it is constantly changing. Once reserved for login and checkout pages, cryptographic protocols like Transport Layer Security (TLS) have risen in prominence in recent times, providing a way for […]

Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack

As reported by The Verge, Uber’s former security chief has been charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management, according to a statement from the Department of Justice. Joseph Sullivan, who was Uber’s chief security officer from April 2015 to November 2017, allegedly concealed […]

Expert Insight: Instacart Discloses Security Incident Caused By Two Contractors

Grocery delivery and pick-up service Instacart disclosed a security incident caused by two employees working for a company providing tech support services for Instacart shoppers. According to a press release published today, Instacart says the two employees “may have reviewed more shopper profiles than was necessary in their roles as support agents. Grocery delivery & […]

BlueLeaks Exposed Some COVID-19 Patients’ IDs – Cybersecurity Experts Perspective

A South Dakota news site reveals that the June 2020 “BlueLeaks” massive data breach resulted in the exposed identities of the state’s citizens who tested positive for COVID-19: Massive data breach affects SD COVID-19 patients. In response, cybersecurity experts offer thoughts. Experts Comments August 24, 2020 Dan Piazza + Follow Me – UnFollow Me Technical Product Manager Stealthbits […]

Multiple Vulnerabilities In Discount Rules For WooCommerce Plugin – Comment

Critical Vulnerability in Wordpress Plugin

According to researchers, hackers are attempting to exploit SQL injection, authorization issues, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities in the Discount Rules for WooCommerce WordPress plugin which has more than 30,000 installations. Experts Comments August 24, 2020 Ameet Naik + Follow Me – UnFollow Me Security Evangelist PerimeterX Third-party plugins are an attractive target for hackers seeking […]

Expert Reaction To News Of Personal Data Of Over 200 Million Social Media Users Exposed Online

Social Data, a company that sells social media data to marketers, has left nearly 235 million YouTube, TikTok, and Instagram profiles exposed, according to The Independent. A report Comparitech revealed that the company managed a database that was neither password-protected nor had any authentication methods. The data involved reportedly includes information including names, contact information, personal […]

Expert Reacted to University of Utah Paid a Ransomware

The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. https://twitter.com/lordboots/status/1297363684809990145 Experts Comments August 24, 2020 Jonathan Reiber + Follow Me – UnFollow Me Senior Director of Cybersecurity Strategy […]

Security Awareness: Preventing Another Dark Web Horror Story

As the world transitioned to widespread remote work, the accompanying move online presented countless new avenues for cybercriminals to attack. Security awareness has become more of a focus than ever before as the lines between our personal and professional lives became increasingly blurred. Companies across every industry have been quick to supplement traditional channels with […]

Vulnerability In Java-powered 3G System Could Impact Millions Of IoT Devices

mobile

A vulnerability in Thales’ Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday, as reported by The Register. The bug (CVE-2020-15858), was discovered by IBM’s X-Force Red and disclosed to Thales, who addressed it in a patch made available to IoT vendors in February. This […]

Expert In News: Cisco Bug Warning: Critical Static Password Flaw In Network Appliances Needs Patching

Cisco has disclosed a critical flaw affecting its ENCS 5400-W Series and CSP 5000-W Series appliances, which is due to their software containing user accounts with a default, static password. During internal testing Cisco discovered its Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for the appliances have user accounts with […]