BACKGROUND: Researchers have discovered a new type of attack, dubbed ALPACA, that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim’s web browser to a different TLS service endpoint located on another IP address to steal sensitive information. An expert with XSOC Corp offers perspective.
ISBuzz Team
BACKGROUND: Volkswagen has revealed a data breach impacting over 3.3 million customers. On Friday, the automaker said that a compilation of data used for sales and marketing purposes between 2014 and 2019 was left unsecured and exposed online “at some point” between August 2019 and May 2021, although the exact timeline has not been established. An associate vendor has been identified as the source of the breach but the company has not been named. Audi and Volkswagen were alerted that “an unauthorized third party” may have accessed this information on March 10.
Tessian have released a major new report revealing that over one-third of workers have picked up bad cybersecurity behaviours since working from home. The report, which analyses ‘Back to Work’ security behaviours also revealed: · 30% believe they can get away with riskier security behaviour when working remotely · 49% say that this is because they aren’t being watched by IT · Over two-thirds of IT leaders anticipate a surge in ransomware and phishing attacks when workers return to office Tim Sadler, CEO, Tessian comments: “The shift to an all-remote workforce was one huge challenge for IT leaders, but the…
The increasingly distributed nature of corporate IT networks poses problems for legacy on-premises access management and authentication. With users accessing cloud-based applications and other corporate resources from multiple device types in any location, businesses need to securely manage access across a wide range of contexts within a diverse IT ecosystem. This article describes cloud-based access management, including its benefits and some key considerations when choosing a solution. The Pandemic and Rapid Change The Covid-19 pandemic caused rapid shifts in corporate IT environments as companies scrambled to enable work-from-home arrangements for employees. Cloud adoption, remote desktop protocol (RDP) connections, and VPN…
BACKGROUND: In recent news, Irish police will have the power to compel people to provide passwords for electronic devices when carrying out a search warrant under new legislation. Should police to be given powers over password, expert provides an insight in light of fundamental security best practices.
BACKGROUND: As reported by TIME, recently, TikTok made a change to its U.S. privacy policy, which will allow the company to collect your biometric data including your faceprints and voiceprints. TikTok updated the “Information we collect automatically” portion of its privacy policy on 2nd of June giving itself permission to collect your physical and behavioral characteristics.
This morning a news story broke on the topic of how ransomware is now representing the biggest threat to online security for most people and businesses in the UK. Lindy Cameron, chief executive of the National Cyber Security Centre, will say in a speech that the phenomenon, where hackers encrypt data and demand payment for it to be restored, is escalating, and becoming increasingly professionalised.
It has been disclosed that a serious vulnerability in Microsoft Teams has been discovered by Tenable’s Zero-Day Research Team. By abusing PowerApps functionality (a separate product used within Teams for building and using custom business apps), threat actors could gain persistent read/write access to a victim user’s email, Teams chats, OneDrive, Sharepoint, and a variety of other services by way of a malicious Microsoft Teams tab and Power Automate flows. Exploit of this vulnerability is limited to authenticated users within a Teams organisation who have the ability to create Power Apps tabs, meaning it can’t be exploited by an untrusted/unauthenticated attacker. However, the permission…
Today, our physical characteristics are becoming the key to digital authentication, gradually replacing PINs and passwords. With many services becoming digital and automated, our unique biometric data is becoming a vital element in unlocking them. Biometric authentication is used to access mobile phones, personal and corporate laptops, industrial systems, commercial and government offices – but the number and the variety of applications for these technologies is growing. Whether customers are unlocking a shared vehicle using a fingerprint scanner or accessing their Spotify or Netflix account via facial recognition, biometrics enable developers to create detailed, digital customer profiles and a truly seamless user experience. The popularity of solutions such as Apple’s TouchID can certainly be considered proof that biometrics…
BACKGROUND: It has been reported that McDonald’s, the world’s largest burger chain, has suffered a data breach today. Locations in South Korea and Taiwan have had data exposed including some customer and employee information, making it the latest global company to be targeted by cybercriminals. It is also believed U.S. operations have also been impacted. The attackers accessed e-mails, phone numbers and delivery addresses, but the breach did not include customer payment information, the company said. The details of the breach in the two regions were the result of an investigation by external consultants following an unauthorized activity on the company’s network.…