The shift to home working means new distractions, systems and forms of communication. All of which can lead to mistakes, but the average attack takes 18 months to 3 years to be detected. So, how do you know if your business has suffered an attack as a result? Organisations need a cybersecurity strategy, and a strong foundation of knowledge will help to shape a coherent plan. The fallacy of a time-bound commitment must be demystified; however, as strategic thinking in the long or short term is less valuable than the depth of that thinking. Tom Martin Ball, lead auditor at…
ISBuzz Team
Following Boris Johnson’s announcement that the UK must prepare for a no deal Brexit, privacy expert warn that this could cause businesses to face fines in the million. The announcement means that the recurring nightmare of GDPR and data migration will once again be on the agenda for businesses. This will especially be the case for businesses that have taken their foot off the pedal over the last two years, believing that their work was done on this front. Even despite COVID-19 leniency, fines from EU watchdogs have been in the millions. These businesses could be next if they don’t…
Global software provider, Micro Focus, launches its 2020 State of Security Operations report, which reveals that SOCs across the globe are increasingly looking to AI and ML to detect advanced threats and proactively protect the enterprise. The research finds that over 93% of global organisations are implementing AI and ML technologies to improve threat detection capabilities, while over 89% expect to use or acquire a Security Orchestration and Automated Response (SOAR) tool within the next 12 months. Faced with an increasingly complex threat landscape amid the pandemic and working on teams that are becoming more and more stretched, today’s cybersecurity professionals are under more pressure…
British Airways has been fined £20m for failing to protect the personal and financial details of more than 400,000 customers, according to Business Live. This follows an investigation by the Information Commissioner’s Office (IC)) after the airline was the subject to a cyber-attack, which it did not detect for more than two months, in 2018. The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff, including names, addresses, payment card numbers, and CVV numbers of 244,000 BA customers. ICO investigators found that BA did not detect the attack on 22 June 2018 themselves but…
Krebs On Security is reporting that a popular dark web outlet for stolen credit cards is selling more than three million new card records this week, the result of a multi-year data breach at 100+ Dickey’s Barbeque Restaurant locations across the US. A Gurucul expert offers some perspective.
Yesterday, the Malwarebytes research team published their findings of the threat actor “Silent Librarian,” a group of Iranian hackers with a history of attacking academic institutions that have come back to life to launch a new series of phishing campaigns. The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals. The attacks consisted of emails sent to victims with links to a website posing as the university portal or an associated app, such as the university library. The websites were hosted on sites…
It has been reported that Barnes & Noble revealed that that its corporate systems fell victim to a cyber attack and that the hackers may have gotten away with some important information about B&N’s customers, potentially including their addresses. No financial information or payment details were pilfered during the attack. These are, Barnes & Noble explains, always encrypted and tokenized. It doesn’t, however, discount the possibility that this encrypted data was also stolen, which could still fall prey to attempts at decrypting them. The company, however, does admit that at least two pieces of customer information were left exposed. Those include user’s emails and their purchase…
It has been reported that hackers have gained access to US government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert recently published. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been detected, the two agencies said. “CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised,” the security…
Microsoft today took actions today “to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware,” which “cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems… “Today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses, and universities from the various malware infections Trickbot enabled.”
n the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license. It has been reported that Paul Litvak, a security researcher for cyber-security firm Intezer Labs, has compiled data on 129 open source offensive hacking tools and searched through malware samples and cyber-security reports to discover how widespread was the adoption of OST projects among hacking groups — such as low-level malware gangs, elite financial crime groups, and even nation-state sponsored APTs. The results were compiled in this interactive map.