With the Brexit deadline looming, the possibility of a no-deal Brexit increases and with the Operation Yellow Hammer documents released last week, Matt Lock, Technical Director at data protection firm Varonis shares his views on the potential ramifications of a no deal Brexit in in terms of data privacy and sharing below.
ISBuzz Team
A privilege escalation vulnerability discovered in Forcepoint VPN Client for Windowsdiscovered by Security Researcher Peleg Hadar of SafeBreach Labs can be used by attackers to evade detection and achieve persistence.
Incident Response Plans require frequent workouts to be fit for purpose NEW YORK – Businesses are more aware than ever of how cybercrime could impact their reputation, and their bottom line. Annual reports such as the Verizon Data Breach Investigations Report and the Verizon Insider Threat Report continue to flag those cyber-threats and trends that should be on every organization’s radar. However, while knowledge is essential in understanding the cyber-threat landscape, being prepared to deal with a cyber-security incident requires a much more comprehensive approach. Based on three years (2016-2018) of Incident Response (IR) Plan assessments and data breach simulations conducted by Verizon for its customers, the Verizon…
Subsidiaries of Indonesian low-cost airline Lion Air, including Malindo Air and Thai Lion Air, have suffered a massive data breach, resulting in the information of millions of passengers being leaked onto data exchange forums. The breached data includes: full names home addresses email addresses dates of birth phone numbers passport numbers and expiration dates The files of passengers who flew with Thai Lion Air and Malindo Air, were stored in an open Amazon Web Services bucket, where a hacker gained access and dumped the files online.
It has been reported that Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired. The email to users said that although the company said it’s seen “no evidence” of any unauthorised access to user’s account data, it did not rule out any improper access to user data. https://twitter.com/BleepinComputer/status/1174792468488998926
Roomleader, a digital marketing and web development services provider that helps hospitality companies build out their online booking functionality through their library module which saves viewed hotel information in visitors’ browser cookies, was the victim of a magecart attack according to a Trend Micro Report. The hackers injected malicious code into Roomleader’s “Viewed Hotels” module initiating a supply chain attack that has so far infected two hotel chains, one with 107 hotels in 14 countries and the other has 73 hotels in 14 countries https://twitter.com/neirajones/status/1174804338704900096
NHS employee was found accessing medical records of over 2,000 patients. The employee had legitimate access to the trust’s electronic health record system, but was accessing them over a period of 18 months with no legitimate reason for doing so.
It has been reported that MITRE has released a list of the top 25 most dangerous software weaknesses and errors that can be exploited by attackers to compromise our systems. The non-profit’s 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors report is a compilation of errors, bugs, and potential attack vectors developers should make sure they are familiar with in the interest of security.
The UK’s National Cybersecurity Centre has issued an advisory which warns UK universities that “state espionage will continue to pose the most significant threat to the long-term health of both universities and the UK itself”, adding that there is a real possibility that “the threat will increase in-line with increased scrutiny of foreign direct investment and the minimizing of other avenues to gain insight and advantage,” TEISS reported. https://twitter.com/SonicWall/status/1171845630534279171
Trend Micro has just published the following findings: Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites. Forbes is reporting on the findings, noting that Trend Micro discovered credit card skimming malware in the reservation systems of two international hotel chains. The significant attack affects hotel chains with over 180 locations in 14 different countries. The affected hotel reservation platforms were developed by Roomleader, a company from Spain that helps hotels build their online booking websites. The malicious code wasn’t injected directly into the website but rather into the script of Roomleader’s module called “viewedHotels” that was provided to its clients and…