Brian Krebs broke the news late Friday that Fortune 500 real estate insurance giant First American exposed approximately 885 million sensitive records because of a bug in its website. The news has been picked up by various business media. Krebs reported that the company’s website was storing and leaking bank account numbers, statements, mortgage and tax records, and Social Security numbers and driving license images in an enumerable format — so anyone who knew a valid web address for a document simply had to change the address by one digit to view other documents, he said. There was…
ISBuzz Team
With greater connectivity, comes a greater risk. This can be a cause of concern and stress for many of us. In a world that expects us to be connected anywhere and at any time, we often fail to understand that this means we are also at risk – everywhere and at all times. As our work and personal environments become increasingly blurred, the challenge for organisations today is to achieve the correct balance between security and openness to staff working flexibly – especially when using mobile devices. A huge variety of ‘things’ are being connected to the Internet – and with data…
A recent report from Richard Breavington, a partner at RPC, found that 1% of cybercrimes are prosecuted, from the 17,900 reported cases of computer hacking last year. https://twitter.com/westtekIT/status/1133368228162486272 Expert Comments: Haroon Malik, Director of Cyber Security Consulting at Fujitsu: “The low prosecution rate for cybercrimes is concerning. Hacking tools are more widely available than ever before, and cyber-criminals are finding ever-evolving ways to ‘feed their habit’. What’s more, if hacking into a business and walking away with stolen funds or sensitive information is unlikely to see you get caught, then the incentive is clear. “But as easy as it is to…
Preceptics, a company that provides license plate readers, license plate recognition systems and vehicle identification products has been hacked and the consumer information gleaned from that hack is being offered on the Dark Web for free. https://twitter.com/sarahmarville/status/1133365812755140608 Expert Comments: Dov Goldman, Director of Risk & Compliance at Panorays: “When we drive through an electronic toll gate, we’re happy that our license plate is scanned and the toll is charged to our credit card. Most likely, we don’t think about the privacy implications of this great convenience. The data breach at Perceptics, the largest manufacturer of license plate scanning systems, will force us to…
Phishing is a business, much like any other, that’s designed to make money. And because the bad actors are keenly aware of how current technologies are trying to catch them, they have developed new techniques for not getting caught and staying in business. Today the hackers are capturing valuable personal information and quickly moving on to evade detection. One of the most dangerous trends involves web page domains and URLs which change so fast that standard blacklist-based engines can no longer keep up. The life-span of a phishing website URL has decreased significantly since 2016 (see diagram below). In fact,…
Following the news that the web site for Fortune 500 real estate title insurance giant, First American Financial Corp has just been informed it has been leaking hundreds of millions of documents related to mortgage deals going back to 2003, please see below comments from security experts at HackerOne: Jon Bottarini, Hacker and Lead Federal Technical Programs Manager at HackerOne: “At first glance it appears that this vulnerability is an Insecure Direct Object Reference (IDOR) because the developer who found the vulnerability stated that he was retrieving different documents by simply changing the document number. Modifying the document number in his link by numbers…
In response to this week’s downgrade by Moody’s of Equifax as a result of its 2017 massive breach of consumer data, six cybersecurity and risk experts offer perspective on this ongoing issue. Laurence Pitt, Strategic Security Director at Juniper Networks: “A stock downgrade following cyber-attack is not a surprise, in fact it cements what we have been saying for a long time: Cybersecurity is a boardroom issue. Think about it – everyone is in business with a single goal which is to make money, this includes the bad-guys except that they want to make their money by preventing someone else…
The Irish the Data Protection Commission is investigating Google after a complaint was lodged regarding Google’s DoubleClick/Authorized Buyers advertising system active on 8.4 million websites. The complaint alleges that the system relies on broadcasting users’ personal data without letting them know. https://twitter.com/ZaqsTech/status/1131266176221270016 Expert Comments: Chris Olson, CEO at The Media Trust: “Many companies continue to struggle to comply with GDPR one year since its enforcement. If big tech companies with deep pockets are having challenges, you can imagine how much further behind the law’s requirements smaller organizations are falling. Those that aren’t concerned are likely unaware that the law covers them.…
Digital supply chains are growing exponentially as organisations increasingly rely on data to power their business. They expect data to flow freely, without borders or delays – but as expectations for data-on-demand grow, risks grow along with it. Supply chains are often large and complex. With outsourcing an increasingly popular method of driving profits, there is little stopping your digital supply chain from having a long and frequently invisible tail that introduces unknown and unquantifiable risks. Once an organisation has agreed to engage with a supply chain partner, there is implicit trust that good practice will be followed⎯but in reality…
A new RSA report reveals that fraud attacks from mobile apps increased 300% in just the first quarter of this year. Expert comments: Don Duncan, Security Engineer at NuData Security: “Retail mobile eCommerce sales in the U.S. is expected to reach $338 billion by 2020 according to Statistica. Combine smaller screens with more people hurrying to shop with their smartphones and it adds up to cybercriminal’s dream. It is harder for users to detect a fake website or link on a smartphone or tablet and once their personal information is intercepted, their accounts and online identities are at risk.” “A change in…