According to reports, a new piece of research issued today found that a worrying gap is appearing between the rapid growth of data being stored in the cloud and an organization’s approach to security. Surveying over 3,000 IT and IT security practitioners in several countries across the globe, the research uncovered that only one in three (31%) companies believe protecting data in the cloud is their own responsibility. A similar number – only one third (32%) of organizations – admit that they employ a security-first approach to storing data in the cloud, revealing a lack of awareness about the importance of protecting sensitive data in the cloud.
ISBuzz Team
Last week it was announced that after a GDPR fine of £183 million earlier this year, half a million British Airways customers were told they could sue the airline over a 2018 data breach which saw their bank details and addresses stolen by hackers. Whilst this certainly isn’t the first large firm to be hit by substantial fines, a worrying level of UK businesses do not yet appear to be fully GDPR-compliant, with many unclear about their state of compliance, even a year and a half after the regulations came in to effect.
Tū Ora Compass Health from New Zealand, a primary health organization (PHO) has disclosed a security breach that led to the exposure of medical and personally identifiable information (PII) of roughly 1 million people. The NGO notified the National Cyber Security Centre, Ministry of Health, Police, and other law enforcement agencies of the incident after its discovery on August 5 following the Tū Ora website’s defacement. https://twitter.com/JoanneSpruceC21/status/1180518132558884864 Commenting on the news are the following cybersecurity professionals:
FireEye at Cyber Defense Summit announced the release of its latest email threat update. The analysis of more than two billion emails is visually depicted within their new infographic (these findings are the result of FireEye analysis against a sample set of more than two billion emails from April through June 2019). To summarize, FireEye has identified several significant themes: Attackers Are Getting Ahead in the Cloud: As companies continue migrating to the cloud, bad actors are abusing cloud services to deploy phishing attacks. Some of the most common tactics include hosting Microsoft-themed phishing pages with Microsoft Azure, nesting embedded phish URLs in documents…
Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed it had more than 20,000 customers. The most notable compromise is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. At the time of writing, the malicious code is still on Volusion’s servers and is still being delivered to…
Google has found a vulnerability that resides in the Android operating system’s kernel code and can be used to help an attacker gain root access to the device. Ironically, the vulnerability was patched in December 2017 in Android kernel versions 3.18, 4.14, 4.4, and 4.9, but newer versions were found to be vulnerable, ZDNet reported.
Code42 has released new research showing employees take more risks with data than employers think, leaving organisations open to insider threat. Some key points: Over two-thirds (69%) of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time of the breach. Over three-quarters (78%) of information security leaders – including those with traditional data loss prevention (DLP) – believe that prevention strategies and solutions are not enough to stop insider threat. Over three-quarters (78%) of CSOs and 65% of CEOs admit to clicking on a link they should…
Cybercriminals have stolen the personal information of 1-million New Zealanders after Tū Ora Compass Health that provides data services to 4 other healthcare companies, was hacked. Tū Ora suffered four cyberattacks dating back to 2016 according to the Government Communications Security Bureau’s (GCSB) National Cyber Security Centre (NCSC).
New research shows an alarming surge in the creation of so-called deepfake videos, with the number online almost doubling in the last nine months. While much of the concern about deepfakes has centred on their use for political purposes, the evidence is that pornography, including revenge and fake celebrity porn, accounts for an overwhelming majority of 95% of the clips. https://twitter.com/CNN/status/1181474385309384704
Twitter and Facebook could be facing billions in fines after Ireland investigations. Ireland’s Data Protection Commission has concluded investigations into Facebook’s WhatsApp and Twitter over possible breaches of EU data privacy rules. The investigations will now move into the decision-making phase, according to Graham Doyle, head of communications for Ireland’s DPC. During this next phase, Ireland’s chief data regulator, Helen Dixon, will issue draft decisions, which are expected to come toward the end of the year.