ISBuzz Team

Password manager solutions NordPass has just issued findings on the 200 most commonly used passwords of 2020, including findings that some of the most commonly used passwords remain  “123456,” “123456789,” “111111” and “password” – as are “pokemon” and “princess.” Cybersecurity experts offer thoughts.

The UK government has announced an extra £16.5bn in defence spending which is biggest investment since cold war. A lot of this money is set to be invested in cyber-forces, with the creation of a National Cyber Force, which is a partnership between the military and the spy agency GCHQ.

73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, Skybox Security reveals.  The report also uncovered an alarming disconnect between confidence in security posture and increased cyberattacks during the global pandemic. Enterprises can’t keep up with the pace: 32% had difficulties validating if network and security configurations undermined security posture. 55% admitted that it was at least moderately difficult for them to validate network and security configurations did not increase risk.Security teams are overconfident in security posture: Only 11% confirmed they could confidently maintain a holistic view of their organizations’ attack surfaces. Shockingly, 93%…

Research from Amdocs reveals UK enterprises will place new cloud technology at the heart of their IT strategies New research from Amdocs has revealed that 75% of UK enterprises say that they will increase investment in technologies to make remote working easier, and potentially, permanent. Cloud technologies will play a significant role in this, with 67% of UK enterprises saying they will increase cloud spending in 2021. Upskilling and reskilling are going to be crucial to shifting work patterns, with 47% of UK enterprises aiming to upskill staff in cloud security practices. This is unsurprising given that almost half (43%)…

It is being reported that an increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Cisco has published advisories for three vulnerabilities in Cisco Security Manager, a tool used to manage Cisco devices. The vulnerabilities were recently discovered and disclosed by security researcher Florian Hauser of Code White.

It has been reported that The US military is purchasing private information gathered from apps around the world, including several used by Muslims that have been downloaded nearly 100 million times, a new report says. An investigation by the online magazine Motherboard published on Monday found the US Special Operations Command was procuring location data from several companies and applications, the most popular being a Muslim prayer and Quran app called Muslim Pro, with more than 98 million downloads worldwide. Others included a Muslim dating app.

As part of our “dot your expert comments” series, cybersecurity experts reacted below on the removal of Chris Krebs as Director of CISA. A Change.org open letter thanking Christopher Krebs for his service is at: https://www.change.org/chriskrebs.

An API bug in popular dating sites Bumble exposed personal information of users which includes like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. The bug is found by an independent Security Evaluators researcher Sanjana Sarda and she can able to access personal information for the platform’s entire user base of nearly 100 million.

It has been reported that Managed.com, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack. The ransomware impacted the company’s public-facing web hosting systems resulting in some of the customer sites having their data encrypted.The company is now working with law enforcement to identify the attackers and also working on to restore their customers’ data which were lost as part of this attack. This included WordPress and DotNetNuke managed hosting solutions, email servers, DNS servers, RDP access points, FTP servers, and online databases.