As reported by BBC News, smart cameras and baby monitors can be watched by criminals over the internet by default, security chiefs have warned. The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them. Easy-to-guess default passwords might let a hacker secretly observe a home through connected devices, it said. The NCSC’s technical director, Dr Ian Levy, warned while the devices were “fantastic innovations”, they were vulnerable to cyber-attackers.
ISBuzz Team
Recently, RiskIQ published its 2019 Mobile App Threat Landscape report, which analyses the ‘murky mobile app underworld’, including app stores across the globe. This report found that 9Game.com- a mobile app store offering free Android games- is the most dangerous store to download apps from. The report also discovered that there were almost 62,000 new malicious apps uploaded to the store in 2019 alone.
It has been reported that Israeli marketing company Straffic has leaked personal sensitive data of millions of unsuspecting users mostly from the US and Europe. The leak took place due to a misconfigured Elasticsearch database. Unlike other data breaches involving search engine software Elasticsearch, where databases are accessible without a password due to misconfiguration, the database was protected in this case. However, the password to access the database was in a plaintext file exposed to the public on another domain. Originally, the database was identified by a security researcher “@0m3n” who gained access to 140 GB worth of records. This included 49 million unique e-mail addresses, names, gender, telephone numbers and…
Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of control. As with any on-going security practice, there are countless ways you can botch VM. Often the devil is in the details as well as the larger processes. That’s why it’s a good practice to step back and evaluate your vulnerability management program from end to end. Below we list a few common pitfalls organizations need to avoid when it…
For the past 30 months, an online printing platform with a cover store for well-known magazines has been constantly infected with malicious scripts that steal customer payment card data. At least 18 skimmers or sniffers – scripts that copy credit card info at checkout, were identified since August 2017 on Reprint Mint photo store that prints covers of ESPN sports magazine and of the American military publication Stars and Stripes.
A specialist cyber force of hackers who can target hostile states and terror groups is due to be launched later in the spring, after many months of delays and turf wars between the Ministry of Defence and GCHQ. The National Cyber Force – containing an estimated 500 specialists – has been in the works for two years but sources said that after months of wrangling over the details, the specialist unit was close to being formally announced.
“According to the recently-published DLA Piper GDPR Data Breach Survey 2020, more than 160,000 data breach notifications have been reported across Europe since the General Data Protection Regulation (GDPR) came into force in May 2018. The survey also found that data protection regulators have imposed €114 million in fines under the GDPR regime for a wide range of GDPR infringements. It is clear therefore that that many businesses are still facing challenges when it comes to meeting and maintaining compliance. Backup and recovery can play key roles in helping ensure organisations remain compliant with GDPR at all times avoid a breach…
The UK’s cybersecurity agency has updated its guidance on what to do after a ransomware attack, following a series of incidents where organisations were hit with ransomware, but also had their backups encrypted because they had left them connected to their networks. Keeping a backup copy of vital data is a good way of reducing the damage of a ransomware attack: it allows companies to get systems up and running again without having to pay off the crooks. But that backup data isn’t much good if it’s also infected with ransomware — and thus encrypted and unusable — because it was still connected to…
In response to new ransomware policies released by the UK’s National Cyber Security Centre, experts offer perspective below.
In response to reports that indicate cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes, experts provide an inisght below.