A big password cracking dictionary (1,493,677,782 words, 15GB) with every wordlist, dictionary, and password database leak found on the internet. Expert Comments: Jake Moore, Security Specialist at ESET: “This is an enormous database of passwords available to anyone who may want to get their hands on it. This shouldn’t be shrugged off as just another breach. When passwords are compromised, they are usually scrambled (hashed) but with this tool, there is a good chance that any cybercriminal would be able to reverse engineer it into the original password. You should not use passwords that are likely to have been used before – and…
ISBuzz Team
In light of the recent Quest Diagnostics breach, which compromised the credit card numbers, medical information and personal data of 11.9 million patients, Industry leaders commented below as part of our experts comments series. Experts Comments: Kevin Gosschalk, CEO at Arkose Labs: “The Quest Diagnostics breach is a timely reminder that when a company is working with a vendor, there is an added access point that needs to be protected. As hackers continue to evolve, they will target the endpoints that companies might not actively think of protecting. Credit card numbers, medical information, and personal data were stolen from 11.9 million people in this…
ISACA’s State of Cybersecurity Report Also Finds Only 1 in 3 Organizations Highly Confident in Their Ability to Detect and Respond to Threats Stand out data from this portion of the report includes: 1 in 2 respondents say cybercrime is underreported, even when its required to report it. 60% of information security professionals say it is likely or very likely that they will experience a cyberattack this year. 34% of respondents are highly confident in their organization’s cybersecurity team’s ability to respond to cyber threats. The highest levels of confidence are correlated with teams that report directly into the…
In response to news that of a major Security Platform Leaking Hotel Security Logs, Including Marriott Properties, an expert with Cequence Security offers perspective. Ameya Talwalkar, Co-founder and CPO at Cequence Security: Leaving applications that store sensitive information open to the Internet because of policy mismanagement or misconfiguration is a growing problem as cloud adoption grows. Although it results in security breaches which cause extensive damage to customers, losses to enterprises from fraud and brand loss, this is really not a traditional security attack problem. It’s more an issue of internal security discipline. Anytime an application is deployed on public…
It has been reported that tens of millions of records about users of different dating apps have been discovered in a single database with no password protection. About 42.5 million records were exposed. Dating logs made up 38.3 million records, while 3.87 million consisted of “geonames.” Records were discovered by researcher Jeremiah Fowler, and were mostly about American users, based on accessible IP addresses and geolocation information. Other data included age, location, and account names. These findings are among the many examples of sloppy database security practices potentially impacting unsuspecting victims. Nabil Hannan, Managing Principal at Synopsys: “Leaky databases are getting a lot of attention…
A marketplace for stolen “digital fingerprints” has recently emerged, with research highlighting that criminals are selling comprehensive digital histories of more than 60,000 individuals. Identity theft has risen to nearly 500 victims a day in the UK and the fact that it is at its highest levels ever is proof that enterprises, organisations and institutions are unable to protect and secure their personally identifiable information. It has been argued that it won’t be long before Dark Web marketplaces emerge for actual fingerprints, iris, retina or facial scans and other static biometric data. Once static biometric data falls into the…
Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named HiddenWasp, this malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. https://twitter.com/virusbtn/status/1134059388115804160 Experts Comments: Tom Hegel, Security Researcher at AT&T Alien Labs: “We link the HiddenWasp malware, which is a Linux implant, to the Winnti Umbrella (cluster of adversaries). There are a lot of unknowns, as pieces of this toolkit have a few code overlaps/reuse with various open source tools. However based on a large pattern of infrastructure overlap and design, in…
Scams on dating sites and apps were hard to tackle because they were usually not large campaigns and were not generated automatically. Profiles of fakes and scammers used more images and “emotive language”. The common words employed were “caring”, “passionate” and “loving”. The system was trained using almost 15,000 profiles from the free Dating ‘N More website. The computer science project used data from the service because it publicly posts fake profiles when they are discovered. Statistics gathered by the UK’s police reporting centre Action Fraud suggest British people lost £50m to romance scams in 2018, as reported by the…
Cyber Essentials will turn five in a couple of days (first launched on 5th June 2014). Expert Comments: Andy Kays, Technical Operations Director at Redscan: “In five years, the Cyber Essentials scheme has achieved a lot, despite also being an extremely modest standard for security. “Cyber Essentials strikes a balance between security and practicality. It is a simple and affordable process for most businesses, making it a fantastic place for companies to start on their cyber security journey, and its controls will also stop about 80% of attacks. “We’ve seen that Cyber Essentials is already forcing change in behaviour in…
New findings evaluate how organisations are managing vulnerability risks Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organisations, today announced the release of a new report on vulnerability management trends. The survey, conducted by Dimensional Research in May 2019, included responses from 340 infosecurity professionals. Tripwire evaluated how organisations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a result of unpatched vulnerabilities, with an even higher rate in Europe (34 percent). Vulnerability management starts with visibility of the attack surface, and…