Despite what movies might show, most hacks don’t involve frantic typing or brute-force attacks. In fact, Verizon’s “2017 Data Breach Investigations” report revealed that 90 percent of successful hacks aren’t hacks at all: They’re social engineering. Simply put, social engineering is about manipulating people rather than computers. Modern hackers have discovered that it is easier to ask for data than it is to take it by force. These manipulators continue to trick everyone from secretaries to CEOs into giving up passwords, network access, and everything else they want. To safeguard against hacking, cloud service providers don’t need stronger firewalls; they…
ISBuzz Team
The cloud is changing the nature of business with a powerful approach to streamlining operations and staying current with the latest technology. But as the saying goes, with great power comes great responsibility. In this case, that responsibility breaks down into two sides: cloud vendors and the companies that use them. Cloud service providers are responsible for security of the cloud; companies are responsible for security in the cloud. Without the right approach on both sides, companies risk cyberattacks that can crash services or compromise customer data. For companies using CSPs, maintaining best security practices in the cloud is not simple. The cloud is…
It is well over a year now since the EU General Data Protection Regulation (GDPR) came into effect. It was a defining moment in the history of data privacy. It shone a spotlight on data protection, helping to turn it into a top priority for organisations worldwide. It engendered stricter laws in California, New Zealand and Brazil and a range of other states and countries. According to the European Data Protection Board, regulators in 11 countries issued fines totalling €56 million for GDPR violations over the first year of GDPR. Recent months, however, have seen some particularly high-profile cases and heavy…
One in four people would be willing to buy back their private information from the black market, according to new research. A study of 2,000 people explored the value placed on private information available online and keeping their passwords secure — and it found the number willing to buy back their information jumps to nearly 50 percent when asked of people who’ve previously experienced a hack. In fact, a third are willing to shell out the big bucks if their personal information had been stolen. The average respondent revealed they’d be willing to spend $29,332 to buy back their stolen information…
Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS, WeLiveSecurity reported.
The European Central Bank (ECB) confirmed it suffered a breach that involved attackers injecting malware which led to a potential loss of data, and forced ECB to close down its Banks’ Integrated Reporting Dictionary (BIRD) website until further notice. https://twitter.com/LukaMilinkovi1/status/1163341582151671808
Every connected device multiplies the vulnerability of a network. The recent explosion in IoT devices in modern homes has created a treasure trove for hackers. With so many unsecured devices, which are all potential gateways – it is easier than ever for hackers to make their way into home networks. Even your home alarm system, designed to keep physical intruders at bay, may actually be a means for virtual intruders to steal sensitive and personal information. The safest solution is to keep home security systems off the network When it comes to home security systems, they’re not as secure as…
Without the ability for employees to communicate in real-time, regardless of location, the modern workplace would not be feasible. In fact, businesses with effective communication practices are 50 percent more likely to have lower-than-average employee turnover rates. This has given rise to a host of messaging platforms, all with the same promise – removing barriers to collaboration and offering an easier approach to workplace communication than messaging’s more formal sibling, email. For all the collaborative and productivity benefits many messaging platforms offer, they also open companies up to a host of security risks if they don’t have the right protocols…
According to this link, https://www.abc.net.au/news/health/2019-08-15/bupa-immigration-medical-data-breach/11413740, the personal health information of 317 people applying for Australian visas was accidentally emailed to a member of the general public, an ABC investigation has revealed. The security bungle occurred when a spreadsheet was sent by mistake to an unknown individual’s email address, because of a typo. Documents obtained under a Freedom of Information request by the ABC reveal that in August 2015, an SHP employee accidentally sent the names, dates of birth, and passport numbers of 317 people, along with “brief notes, summaries and comments about the status of the medical tests being conducted” to…
Several countries have been targeted by a long-term campaign operated by financially motivated threat actors who used a backdoor and a remote access Trojan (RAT) malicious combo to take control of infected computers. The two malicious payloads dubbed BalkanDoor and BalkanRAT by the ESET researchers who spotted them have been previously detected in the wild by the Croatian CERT in 2017 and, even earlier, by a Serbian security outfit in 2016. However, ESET was the first to make the connection between them, after observing several quite significant overlaps in the entities targeted by their operators, as well as Tactics, Techniques, and Procedures…