From suppliers and outsourcers, to service providers and distributors, a third-party breach can occur at any point along your supply chain. As attackers continue to look for ways to infiltrate companies through their partners and the third-party ecosystem continues to grow, so does this risk – last year, 59% of companies experienced a third-party data breach. And it’s not just small businesses that are at risk either, even high-profile, international businesses can fall victim of a third-party breach. In 2019, for example, both a US intelligence agency and a large social media company suffered breaches in which confidential information was exposed on…
ISBuzz Team
In early 2020, we had plans, we had goals, we had a roadmap. But since then most things have changed. When O’Reilly fielded the annual Cloud Adoption report in early 2020, there was anticipation about the results, but even they must be looked at through a new lens. Some changes will fundamentally impact the trajectory of cloud adoption, so we must take these into consideration. Originally, this survey was commissioned to understand changes to cloud usage throughout the enterprise from year to year. This would enable us to predict future trends, understand the motivations within sectors and acquire a better…
Following controversy and technical problems around NHS Test and Trace, BBC’s Panorama will hear from whistleblowers working inside the tracking system this evening. According to the BBC, these individuals are “so concerned about NHS Test and Trace that they are speaking out to reveal […] a system that does not appear to them to be working”. A crucial element of the UK’s response to the Covid-19 pandemic, the tracing programme has already been subject to fears around privacy, location tracking, and data misuse – and the official app was launched just last week.
TikTok could be banned from being distributed by U.S. app stores this Sunday if the US takes the case to a hearing this weekend. On Thursday, district judge Carl Nichols told the U.S. government to either delay a ban, or file their response to TikTok’s complaints against the ban by Friday afternoon U.S. time. If the latter happens, there will be a hearing on the weekend before the ban is set to come into effect. The US maintains that TikTok, which is in talks with Oracle regarding handing cloud provision, represents a national security threat because American user data could…
Security researchers at Check Point published research today, identifying a Remote Control Execution (RCE) vulnerability in Instagram. The attacker would only need a single, malicious image to execute the attack. Check Point researchers summarised the attack method to three steps: The attacker sends an image to a target victim’s email, WhatsApp or other media exchange platform. The picture is saved to the user’s mobile phone. This is can be done automatically or manually depending on the sending method, the mobile phone type, and configuration. A picture sent via WhatsApp for example will be saved to the phone automatically by default on…
The House recently passed the IoT Cybersecurity Improvement Act of 2020, requiring IoT devices purchased by the government to meet minimum security requirements based on guidelines developed by the National Institute of Standards and Technology (NIST).
A new cybersecurity report surveyed 937 IT professionals worldwide about the recent cyber threats they have faced and how quickly they were able to respond. Netwrix conducted this online survey to understand how the pandemic and ensuing work-from-home (WFH) initiatives changed the IT risk landscape. The survey revealed that every fourth organisation feels that they are exposed to more risks than before the pandemic. Of them, 63% reported an increase in the frequency of cyberattacks and 60% found new security gaps as a result of the transition to remote work. What is more worrisome is that 85% of CISOs said…
The final version of NIST SP 800-53 Revision 5 was released yesterday, in what NIST calls an “historic” update to its flagship security and privacy guidance, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations.
Geospatial data relates to information associated with locations around the world. It often comes to mind when people use navigational apps. It does factor into those tools but could improve cybersecurity, too. Bringing Geospatial Data to Access Control and Asset Management Access control is a crucial part of cybersecurity because it ensures people can use the resources they need. At the same time, it does not unnecessarily provide access to compromise a company’s security practices. The goal is to reduce friction for the user while upholding an organization’s security standards. Various options exist for setting the parameters that allow or…
Bing mobile app users on every platform – including iOS and iPadOS – are at risk after terabytes of user information have been stolen from an open server. Data related to the mobile app for iOS and Android has been found in an open server, which was storing over 6.5TB of data and growing by 200GB per day upon discovery. The white hat hacker group WizCase discovered the open server earlier in September, and promptly alerted Microsoft. The open server was secured by the Microsoft Security Response Center – but not before nearly 100 million records had been collected by bad-actors.…