A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam. https://twitter.com/anoufriev/status/1138203215961346048 Ilia Kolochenko, Founder and CEO at ImmuniWeb: “Owners of large websites should not really be overly concerned, as such “attacks” will not have any real impact on them. However, smaller websites may truly suffer if cybercriminals execute what they threaten. Many existing blacklists omit any verification of incoming complaints and recklessly blacklist URLs upon receipt of an abuse report. Worse, some people who may get…
ISBuzz Team
Another story has run today about an unsecured cloud database. This time it was China’s Shanghai Jiao Tong University, which exposed over 8TB in email meta data. https://twitter.com/the_yellow_fall/status/1138388499541790722 Expert Comments: Steve Armstrong, Regional Director EMEA at Bitglass: “The number one responsibility of all organisations should be to defend their data. When migrating to the cloud, enterprises can easily make themselves susceptible to a number of security threats that, if not properly addressed, can expose data on a massive scale. Visibility and control are critical for securing sensitive information in the cloud. Fortunately, cloud access security brokers (CASBs) allow organizations to…
The government’s Technology Innovation Strategy policy paper explains that joint with DCMS, Oliver Dowden CBE MP will be working to ensure the safe and effective use of digital identities across the UK economy. In relation to data and technology, the policy outlines that the government will work collaboratively with stakeholders to support the development of the digital identity market. https://twitter.com/GovTechResearch/status/1138092883758764033 Expert Comments: Julie Dawson, Director at Regulation Yoti: “We welcome the new DCMS & GDS unit which will have a key focus on identity. However it is key that this body recognises that 1) the consumer has to come centre stage and 2) consumers want to use their digital identities across…
Reports have surfaced that U.S. Customs and Border Protection (CBP) officials have announced that photos of travelers have been compromised as part of a “malicious cyber-attack. Customs officials said in a statement yesterday that the images, which included photos of people’s license plates, had been compromised as part of an attack on a federal subcontractor. The agency maintains a database including passport and visa photos that is used at airports as part of an agency facial-recognition program. CBP declined to say what images were stolen or how many people were affected. https://twitter.com/gfabre_digital/status/1138390765661540352 Expert Comments: Tim Mackey, Principal Security Strategist at Synopsys CyRC (Cybersecurity Research…
Giridhara Raam, Product Evangelist, ManageEngine explores the impact of GDPR one year on and discusses what lies ahead GDPR One Year On: What Have We Learned? Businesses are comprised of different departments and professionals, with data flowing across the organisation. When there’s a data breach, it’s usually the data protection officers (DPOs), CIOs, and CISOs who take the brunt of the blame; however, since the introduction of the General Data Protection Regulation (GDPR), all staff are more responsible for data handling. The GDPR has brought in a unified approach towards data security management, increasing awareness among stakeholders at any organisation. The…
New research has found 87% of SME websites using the Magento platform are currently at high risk from cyber attacks. By contrast, under 10% of websites using other major e-commerce platforms surveyed register in the same high risk category. The research, from cyber security firm Foregenix, analysed nearly 9 million websites worldwide, including 150,000 in Oceania – Australia and New Zealand – and over 400,000 across Asia. 200,000 of sites surveyed worldwide use Magento (and companies using Magento 2 were also covered in the research). The analysis carried out in April and May by Foregenix’s Threat Intelligence Group using its website security solution, WebScan, further revealed the proportion of…
As attacks become more sophisticated and frequent, 86% of CISOs agree that cyber-incidents within their companies are inevitable. So, it comes as no surprise that the majority (76%) believe that speed and quality of incident response (IR) are the most important factors when measuring their performance. This means that heads of IT security departments are now focused not only on preventing attacks, but on identifying issues in time to minimise the damage. While having IR as a process is a necessity, CISOs still face the dilemma of organising it. There are five factors IT security leaders should consider when choosing how to organise IR in their organisation: 1.…
Many people streamed the Nations League fixture between England and Holland, illegally, please find below comments from security expert why it is unsafe to stream illegally as part of our security experts comments series. https://twitter.com/IPTVMagazine/status/1136999029030707205 David Emm, Principal Security Researcher at Kaspersky: “Any footie fans looking to watch the England-Netherlands game tonight should be aware of the risks posed by using illegal streaming sites to do so. Cyber-criminals looking to cash in on unsuspecting fans could use a number of threat vectors – from fake links containing malware to sophisticated phishing attacks. Recent examples of cyber-crime activity we’ve seen involving spikes in TV watching…
It has been reported that security researchers discovered a security lapse at IT giant Tech Data allowed them to access customer and billing data. The Fortune 500 information technology giant secured an exposed server shortly after researchers found and reported the leaking data. The server was running a database used for logging internal company events for its StreamOne cloud service, which let customers buy cloud services from a variety of providers and vendors. The logging data contained error data that Tech Data staff can use to troubleshoot issues that arise when customers try to buy service online. Amit Sethi, Senior Principal Consultant at Synopsys:…
A new research for a BBC Watchdog episode has uncovered the amount it costs to buy various types of stolen login information online. They found that stolen bank details commanded the highest price. Just like a regular eBay listing, stolen credentials are for sale on various marketplaces hiding on the dark web. Digital privacy and cyber security expert Simon Migliano carried out the research. He said the prices have increased on average by almost three times compared to the start of the year, meaning that someone’s entire identity could potentially now be worth £2,400, up from around £800 in February. Tobin Broadfoot, Product…