Mozilla is working on a new feature for the Firefox web browser that helps users generate random secure passwords when they create new accounts on the Internet. The feature is part of a concentrated effort to make the password manager of the Firefox browser more useful. Mozilla launched a first batch of improvements in Firefox 67 which it released on May 21, 2019 to the public. Among the new features were options to save passwords in private browsing mode and support for an authentication API. https://twitter.com/elasside/status/1140233058857234432 Expert Comments: Jake Moore, Cybersecurity Specialist at ESET: “Password managers are still massively underused and…
ISBuzz Team
It has been reported that a state-back cyber-attack poses a huge danger for UK banks. An attack of this nature could secretly corrupt the records of British financial institutions over a period of months, posing a risk that banks would probably struggle to guard against on their own. https://twitter.com/worldnewsdotcom/status/1141264914545123328 Expert Comments: Andy Heather, VP at Centrify: “Today’s warning from the Bank of England underlines the huge risks cyber-attacks pose to the UK’s financial services industry, particularly when criminals are able to infiltrate organisations undetected. A key trend we’re seeing across Europe is malicious parties gaining access to critical systems using legitimate log-in…
ZDNet has reported that Eatstreet, an online and mobile food ordering service, disclosed today a security breach that took place last month and during which a hacker stole the company’s database, complete with customer and partner details. ZDNet learned that responsible for this breach is Gnosticplayers, a hacker who previously breached many other online services, including big names such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, Evite, and others. For customers who ordered food through the EatStreet app and website, this included names, credit card numbers, expiration dates, card verification codes, billing addresses, email addresses, and phone numbers. Israel Barak, Chief Security Officer at Cybereason: “With it appearing that more than…
Yesterday, Netflix issued an advisory identifying several TCP networking vulnerabilities in FreeBSD and Linux kernels. While patches are already available for the identified vulnerabilities, Linux is the most popular system on the Internet. This means that the issue will remain widespread and dangerous until every single company has applied patches. https://twitter.com/zackwhittaker/status/1140725252781236226 https://twitter.com/anthraxx42/status/1140738832435990528 Expert Comments: David Atkinson, CEO at Senseon: “While it is Netflix that identified these flaws, the issue is much, much bigger than one company or service. Linux is used by 40 percent of the world’s websites. It is embedded in thousands of devices, from Internet routers to IoT products, and…
A computer science student has scraped seven million Venmo transactions to prove that users’ public activity can still be easily obtained, a year after a privacy researcher downloaded hundreds of millions of Venmo transactions in a similar feat. Venmo is a mobile payment service owned by PayPal and offers an app that allows users to share and make payments with friends for a variety of services from. https://twitter.com/BentleyAudrey/status/1140593591598878720 Expert Comments: Ilia Kolochenko, Founder and CEO at web security company ImmuniWeb: “Transparency may often be used against the legitimate interests of end-users. Probably, very few of us wish to share all their payment transactions with the rest…
It has been reported that Xenotime, the threat actor behind the 2017 Trisis/Triton malware attack, is now targeting — in addition to oil and gas organizations — electric utilities in the United States and the Asia-Pacific (APAC) region. Xenotime initially appeared to target only the oil and gas sector in the Middle East, but Dragos reported in May 2018 that the hackers had started attacking organisations worldwide, including the United States, and safety systems other than Triconex. In a blog post published on Friday, Dragos revealed that the threat group had been spotted targeting electric utilities in the United States and the APAC region through tactics similar to ones…
Okta’s Passwordless Future Report finds: 78% of all respondents admit to using insecure methods to help them remember passwords 69% of UK workers feel stressed or annoyed as a result of forgetting a password, a worrisome statistic considering the importance of mental health in the workplace More than three in five workers say they would benefit from biometrics in the workplace, but 86% have some reservations about sharing biometrics with employers Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity for the enterprise, today debuted The Passwordless Future Report, which demonstrates how passwords negatively impact the security of organisations and mental health of employees. The research, which surveyed 4,000+ workers across the UK, France and the Netherlands, also found that there is…
The US and Russia are currently locked in a series of escalating cyber-attacks, with the US reportedly attacking Russia’s power grids and the Kremlin responding with a warning of potential cyberwar. https://twitter.com/gregotto/status/1140650063355662336 Expert Comments: Dr Darren Williams, CEO and Founder at BlackFog: “The current cyber standoff between the US and Russia is heralding a new era of cyber warfare where critical infrastructure like power grids is the target of choice. Escalating tensions between the two states have implications for nations across the globe, with British Army chief General Sir Mark Carleton-Smith recently saying computer software is the greatest threat to Britain’s security…
According to this link, https://www.zdnet.com/article/new-echobot-malware-is-a-smorgasbord-of-vulnerabilities/, security researchers have found a new Mirai variant called Echobot that targets a wide range of IoT devices and enterprise apps. Echobot is based on Mirai malware, like hundreds of other botnets that emerged once the source code became publicly available Uses 26 exploits to propagate The targets of the latest Echobot variant include network-attached storage devices (NAS), routers, network video recorders (NVR), IP cameras, IP phones, and wireless presentation systems. Javvad Malik, Security Awareness Advisor at KnowBe4: “There is a compounding challenge where IoT device security is not being improved and, at the same time, these insecure devices continue…
According to Reuters and The FT, who have both seen the report, Russian sources mounted a disinformation effort in order to ‘suppress turnout and influence voter references’ at the elections. Alongside this, both outlets have confirmed that the report calls for social media companies to do better, claiming they fell short in their efforts to tackle malicious activity and stating they risk regulation if they fail to do more. Expert Comments: Joep Gommers, CEO at EclecticIQ: “Today’s review from Brussels certainly raises concerns in the run up to the 2020 US elections and with a UK general election looking more and more…