There are few things in cybersecurity that aren’t up for endless debate. Yet one thing that is universally agreed upon is that anything with an Internet address can and will be attacked. We’ve certainly witnessed this happening on a large scale with the proliferation of Internet of things (IoT) devices in recent years, and we’re likely to see the scale and complexity of these attacks escalate in the years ahead. And due to their newness on the security scene, IoT devices will cause large headaches for enterprise security during those years. IoT, on the whole, remains a misunderstood risk. When…
ISBuzz Team
Cyber criminals are actively exploiting the vulnerabilities in mobile device managment (MDM) solutions to successfully gain access to networks across government, healthcare and other industries as reported. An alert warning is issued by UK’s National Cyber Security Center (NCSC) to warn the users that multiple actors are exploiting MobileIron Vulnerability (CVW 2020-15505). MobileIron is a provider of MDM which allows system administrator to manage the company mobile devices from the central server.
Global identity verification provider, Onfido today announced the results of its survey “Customer attitudes to digital identity: meet the expectations of tomorrow”. The survey evaluated the online behavior of around 4000 respondents in the UK, US, France, and Germany in August 2020. Onfido’s survey found that UK consumers are more actively using online accounts since COVID lockdowns in March, yet report security and privacy concerns about opening accounts, leading to a high number of abandoned sign-ups and lost revenue opportunities for businesses. Between April and July 2020, 65% of Brits increased how often they access products and services online, with 22% reporting…
Researchers have uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account.
The year 2020 reinforced the saying “disasters happen.” It’s the busiest Atlantic hurricane season on record, and of course there’s the ongoing COVID-19 pandemic. There’s always potential for disruption, especially when it comes to corporate data. In 2020 or any year, to effectively protect from a disaster, a plan needs to be in place before the catastrophe strikes. Sounds exceedingly simple, but unfortunately some firms have to have a disaster in order to understand the importance of having a plan. Creating a Dynamic Roadmap Build a plan that functions as a detailed roadmap. And accept that the plan can (and…
As data breaches emerge rapidly, maintaining information privacy and security has become a significant concern in the present-day data-driven world. To protect customer data privacy, the governments and industrial bodies are regularly implementing new laws and regulations while adapting existing ones. Businesses and IT organizations are compelled to meet data privacy and security standards that apply to their specific industry and geographical location. Even though keeping up with the latest compliance regulations and rules can be both expensive and resource-intensive, organizations must acknowledge that compliance brings significant benefits to the business. Beyond ensuring compliance and avoiding costly data breaches, here…
Spotify has issued a rolling password reset to some user accounts following the discovery of an open Elasticsearch database containing user credentials. The 72GB database contained over 380 million records and some Spotify users have been impacted. It is estimated that roughly 300,000 to 350,000 accounts were embroiled in the leak, in which email addresses, Personally Identifiable Information (PII), countries of residence, and login credentials — both usernames and passwords — were available to view. The information was not encrypted. According to researchers, the origins of the database are unknown, but it does not belong to the music streaming service itself. Instead,…
It has been reported that Lennert Wouters, a security researcher at Belgian university KU Leuven, revealed a collection of security vulnerabilities in keyless entry for Tesla Model X which can be exploited to steal the car.
It’s been reported that two Android applications belonging to Chinese tech giant Baidu have been removed from the official Google Play Store at the end of October. The two apps —Baidu Maps and Baidu Search Box— were removed after Google received a report from US cyber-security firm Palo Alto Networks claiming that the two apps contained code that collected information about users. According to Palo Alto Networks, the data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps.
A public service announcement from the Federal Bureau of Investigation (FBI) has been released to help the public recognize and avoid spoofed FBI-related Internet domains. The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future malicious activity.