Hackers exploit lack of IT investment to target scientific, medical, economic and defence research In 93 percent of cases, research programmes have been commissioned directly by UK government sources, with almost a third of research in the interests of national security One in 10 respondents ‘strongly agree’ a successful attack on their research could have a harmful impact on the lives of UK citizens One in four believe their security and defence research may have already been infiltrated And over half (53 percent) say a cyberattack on their institution has led to research ending up in foreign hands VMware and Dell EMC today reveal findings from a research study regarding the scale of the challenge UK universities are facing…
ISBuzz Team
Researchers are warning of flaws in three WordPress plugins – Slick Popup, WP Live Chat Support and WP Database Backup – including one that remains unpatched. WordPress plugin Slick Popup has 7,000 active installs and provides a tool for displaying the Contact Form 7 as a popup on WordPress websites. However, researchers with Wordfence said that they found a privilege escalation flaw in all versions (up to 1.7.1) of the plugin. This is reportedly unpatched. The WP Live Chat Support vulnerabilities, which have been patched, allow unauthenticated attackers to update the plugin settings by calling an unprotected “admin_init hook” and injecting malicious JavaScript…
The Stop Hacks and Improve Electronic Data Security Handling (SHIELD) Act is expected to be passed shortly in the New York State Senate that would update the state’s data breach notification law to cover more personal information and compel firms to disclose ransomware infections and more. The legislation would also extend to businesses that holds sensitive data of New York residents, rather than only firms that do business in the state. https://twitter.com/CenDemTech/status/1134445925630451712 Experts Comments: Chris Olson, CEO at The Media Trust : “New York will be taking more than a page from the EU’s GDPR if it passes the SHIELD…
People Inc. is Western New York’s largest nonprofit, serving more than 12,000 individuals. Nearly 1,000 current and former clients of People Inc. have been notified of a security breach that may have exposed their personal identification information as well as personal health information. The nonprofit agency, which serves both older adults and individuals with developmental and intellectual disabilities, first discovered in mid-February that an unknown individual had gained access to an email account belonging to a People Inc. employee. An investigation followed by an independent forensic investigation firm, along with notifications to the Federal Bureau of Investigations and the Health and Human Services…
It has been reported that a old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.Nearly one in five of the most popular containers available on the Docker store have no password for root access.The finding is important because containers, most frequently with Docker as the container manager, are becoming popular for deploying virtualized applications. Gavin Millard, VP of Intelligence at Tenable: “The discovery of an old vulnerability in Alpine Linux containers being present on the Docker Store is not at all surprising. Last year, Tenable’s Research Team assessed 6000 of the most popular images and found…
Nearly all businesses have suffered some form of phishing attack during the past year, according to new reports. Research from Mimecast found that 94 per cent of organisations experienced either phishing or spear phishing attacks in the past 12 months – which for half of them was an increase on the previous year. Corin Imai, Senior Security Advisor at DomainTools: “Anyone familiar with the cybersecurity threatscape will not be surprised with these findings. Phishing remains one of the most successful methods of gaining access to a network, with organised gangs leveraging multiple phishing websites from a single IP address (such as DomainTools discovered this week), and independent non-technical actors taking advantage of…
The Slick-Popup plugin for Wordpress sites has been compromised by hackers who can enable a backdoor administrator account with hardcoded credentials according to Wordfence. The Slick Popup enables website administrators to customize the Contact Form 7 plugin and place it anywhere on a website. Experts Comments: Usman Rahim, Digital Security and Operations Manager at The Media Trust: “Attacks on the digital supply chain are on the rise because they give hackers more bang for their buck. By attacking one developer, a hacker gains access to users of multiple websites. What’s more, these developers tend to be soft targets—testing for security and privacy is not…
Flipboard, a social sharing site and news aggregator, has reset millions of user passwords after hackers gained access to its systems several times over a nine-month period. The company confirmed in a notice Tuesday that the hacks took place between June 2, 2018 and March 23, 2019 and a second time on April 21-22, 2019, but the intrusions were only detected a day later, on April 23. Hackers stole usernames, email addresses, passwords and account tokens for third-party services. According to the notice, “not all” Flipboard users’ account data were involved in the breaches, but the company declined to say…
Victorian Auditor General’s Office in Australia has found that patient data in Victoria’s public health system resides on a system riddled with weaknesses and is easily hackable. The report found that the public health sector in Victoria is highly vulnerable to cyber-attacks and staff awareness of data security is low, with major issues detected around physical security, password management and other access controls. In two of the five health agencies examined, the auditors gained access to systems storing critical technology infrastructure, and they managed to get into restricted administration and corporate offices of all the agencies. https://twitter.com/InfoSecHotSpot/status/1133907751237763078 Expert Comments: …
https://twitter.com/LJ_Skipper/status/1133988966275932160 Following today’s news that EE’s 5G network has now gone live in six UK cities, Leigh Moody, UK Managing Director at SOTI commented below. Leigh Moody, UK Managing Director at SOTI: “In a world that becomes more connected by the minute and reliant on the infrastructure that permits that connectivity, today’s news that EE’s 5G network has now gone live in six UK cities is extremely exciting for UK business. Mobile is about to get faster, smoother and better with 5G. It is a more capable cellular standard that has positive implications for the Internet of Things (IoT). As the demand for data increases, 5G…