The 2019 National Cyber Security Centre’s (NCSC) Annual Review does not shy away from naming the four key protagonists when it comes to state-based cyber threats against our country. The review sites China, Russia, North Korea and Iran as being actively engaged in cyber operations against our Critical National Infrastructure and other sectors of society. That being said, the main cyber threat to businesses and individual citizens remains organised crime. But with the capability of organised crime matching some state-based activity and the sharing (if not direct support) of state-based techniques with cyber criminals, how are we expected to defend…
ISBuzz Team
Reports have surfaced stating that a smartphone app developed by the Home Office to help European citizens apply to live and work in the UK after Brexit has serious vulnerabilities that could allow hackers to steal phone numbers, addresses and passport details, according to researchers. So far more than 1m out of the estimated 3.5m EU citizens living in the UK have downloaded the EU Exit: ID Document Check app for Android smartphones.
The number of data breaches were up more than 33-percent in the third quarter of 2019 according to a RiskBased report – Data Breach Quickview Report 2019 Q3 Trends.* In total there were 5,138 breaches reported in the first nine months of 2019 with healthcare leading the pack with 343 breaches.
A new study found that over half of the Fortune 500 are regularly exposed to remote access hacks. A majority of these occur via remote working features that are rarely considered vulnerabilities. The study also found that these attacks happened regardless of the company’s technical expertise or cybersecurity budget.
Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week. USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads. This type of attack received its own name, as…
The academic and industry literature is full of extremely useful research, insights and advice on how people interface with security technology and how that interaction can be enhanced to reduce the chance of a malicious attack. However, the role of the human in enhancing the overall resilience of an organisation operating within an environment where the cyber risks of any type are high is discussed much less. Clearly, stopping the risk at source with technological measures such as security to prevent anything malicious penetrating the organisations IT systems and fool-proof systems that work first time every time is the ideal.…
Implementing cybersecurity can be a lot like the cluttered homes Marie Kondo has turned from messy to ones that inspire joy. Whether you’re a Marie Kondo fan or not, she makes you realize that at some point the ‘stuff’ you have is ruling you instead of vice versa. In security, many organizations are ready for a Marie Kondo experience. It is very rare that IT and security teams get the chance to start over with a clean slate and design an ideal, elegant cybersecurity defense. Invariably an existing security infrastructure will be a collection of different technologies, some of which…
Ray Pompon, Principal Threat Research Evangelist at F5 Networks, examines the ongoing challenge of API visibility and security The word is out. Organisations across the world are finally waking up to the potential of application program interfaces (APIs) transforming business models and directly generating revenue. Momentum has been building steadily. Back in 2015, the Harvard Business Review reported that 90% of Expedia’s revenue was driven by APIs. eBay and Salesforce also claimed 60% and 50% API-driven revenue, respectively In simple terms, an API is a user interface for other apps instead of users. They are often managed with API gateways, which…
With the release of the November 2019 security updates, Microsoft has released 2 advisories and updates for 74 vulnerabilities. Of these vulnerabilities, 13 are classified as Critical. The November 2019 Patch Tuesday also fixes a critical remote code execution vulnerability in Internet Explorer that was being actively exploited in the wild.
ZoneAlarm, a security firm owned by Check Point that offers security solutions to PC users worldwide, recently suffered an unauthorised intrusion into one of its web domains that compromised names, email addresses, hashed passwords, and date of births of up to 4,500 users. Upon contacting the security firm, The Hacker News learned that “attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorised access”. It also learned that the firm was running an outdated 5.4.4 version of the vBulletin software that contained a zero-day vulnerability that was revealed by a hacker in September this…