Why the reluctance in adopting MFA? The sad reality is that organizations that don’t use multi-factor authentication (MFA) are open to attack when their employees share passwords or fall for phishing scams. So, how can you explain the reluctance in adopting MFA? Compromised login credentials are one of the biggest security threat to companies today. The reason is that the attacker is using valid credentials, even though they are stolen. Keeping that in mind, why would any of your security tools detect anything suspicious? IS Decisions’ research into the access security priorities of 500 IT Security Managers in the US…
ISBuzz Team
Facebook has quietly revealed another privacy breach involving approximately 100 developers. On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible. Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information. Despite restricting information access to just the group’s name, the number of users, and post content — unless users opted-in to share their name and profile picture — in April last year, Facebook says that some apps retained…
Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, spoke with “CBS This Morning” about his concerns for the 2020 elections. On election night 2020, dozens of states will have members of their National Guard cyber teams ready and waiting to deal with attacks on their voting systems.“The election network security is a very state-centric thing,” said Air Force Gen. Joseph Lengyel. “It’s not military responsibility, or National Guard responsibility, to secure it. We’re an additive measure.” More information here: https://www.militarytimes.com/news/your-military/2019/11/05/the-national-guard-is-shoring-up-to-fight-2020-election-hacking/ https://www.cbsnews.com/news/2020-presidential-election-homeland-security-official-says-russian-foreign-interference-threat-remains/
Following the news that Michel Barnier, the chief negotiator on Brexit at the European Commission, has stated that a joint response to security threats will be a key part of the future relationship, cybersecurity expert commented below to highlight the cybersecurity issues because of Brexit.
This morning, Trend Micro confirmed that a rogue employee stole data belonging to 120K customers and sold it to cyber fraudsters. Trend Micro only became aware of the insider threat after customers complained about fraudulent calls claiming to be Trend Micro employees. https://twitter.com/chey_cobb/status/1192120265838354432
The City of Ocala in Florida fell victim to a business email compromise scam (BEC) that ended with redirecting over $742,000 to a bank account controlled by the fraudster(s). The swindle involved a phishing email impersonating an employee of a construction company the city is using to build a new terminal at the Ocala International Airport.
Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments. Sources with knowledge of the November 16 meeting said Huawei will privately present its new bug bounty program, which would allow researchers to get financial rewards for submitting security vulnerabilities.
Two major Spanish companies, including radio company Sociedad Española de Radiodifusión (Cadena SER) and NTT-owned IT services firm Everis, have become the latest victims of a targeted ransomware attack, which began in the early hours of yesterday morning. Both companies have told employees to shut down computers, and have disconnected their networks from the internet. More on the story here: https://www.euronews.com/2019/11/04/cyber-attack-hits-spanish-companies-including-radio-network
At this year’s GeekPwn 2019 conference in Shanghai, hackers made an incredible claim: they could unlock any smartphone fingerprint scanner in under half an hour. The X-Lab team asked members of the audience at the event to touch a glass. The fingerprints left behind were then photographed using a smartphone and passed through an app that the hackers developed. The team did not reveal their precise methodology, but the app is thought to extract the data required to clone a fingerprint using a 3D printer most probably.
A newly discovered data leak in the AsusWRT, a web-based GUI app from Asus that allows users to manage their wifi network. AsusWRT becomes a centralized access point for all internet devices such as phones, tablets, or laptops connected to the network, and for smart devices and Amazon Alexa products. Researchers discovered that hackers could access AsusWRT users’ IP Address, name, device name, usage information, location and other data, and Alexa user behavioral data.