Recently, it was confirmed that the British Transport Police’s website has been hacked. Whilst at first appeared to be a minor problem only affecting the ‘newsroom section’ of the website, subsequent checks carried out by BTP, the National Cyber Security Centre and the National Crime Agency found “a small number” of staff details were leaked. Expert Comments: Tim Dunton, MD at Nimbus Hosting: “It is no secret that cyber attacks are the fastest growing form of crime in the 21st century. The British Transport Police should be setting an example for online security, particularly when a catalogue of sensitive public and staff…
ISBuzz Team
Experts Comments: Chris DeRamus, Co-founder and CTO at DivvyCloud: “Since GDPR was implemented a year ago, it has sparked inspiration around the globe for similar data privacy regulations. We have already seen a few companies hit by GDPR fines, and they were far from frivolous. In fact, research from DLA Piper in February 2019, revealed that there had been a total of 91 fines issued under GDPR, a number which has since grown. Google has faced the highest fine yet, with its violation around lack of transparency costing the company €50 million. In the coming months, even more companies are likely…
In light of the news of a data breach by Scotland’s largest local authority, please find comment below from Jon Fielding, Managing Director, EMEA Apricorn. Jon Fielding, Managing Director, EMEA at Apricorn: “It is frustrating to see incidents like these continue to occur when the remedy is so simple. This breach of sensitive information by Scotland’s largest local authority rings many alarm bells. It’s concerning that an organisation such as this is still using hardcopy for PII. What’s worse, is that they do so and yet seem to have no process in place to dispose of it with any consideration for the security and privacy of…
ZDNet reported today that multiple Russian government sites have leaked the personal and passport information of over 2.25 million citizens, government employees, and high-ranking politicians. Ivan Begtin, co-founder of Informational Culture, a Russian NGO, has discovered and documented the leaks. Paul Norris, Senior Systems Engineer, EMEA at Tripwire: “The fact that the personal identifiable information that was leaked in this incident belongs to government officials makes the response of their organisations and of the people involved even more crucial. There is obvious value in obtaining passport information, job titles, email addresses, place of work and tax identification numbers of government workers but these are…
It has been reported that included in this month’s Patch Tuesday updates are fixes for publicly disclosed or exploited vulnerabilities. With the release of the May 2019 security updates, Microsoft has released 3 advisories and updates for 79 vulnerabilities, with 19 being classified as Critical. Satnam Narang, Senior Research Engineer at Tenable: “This month’s Patch Tuesday release contains updates for nearly 80 CVEs including a patch for a critical remote code execution in Remote Desktop Services (RDP) as well as an elevation of privilege vulnerability in Windows Error Reporting that has been exploited in the wild. “CVE-2019-0708 is a critical Remote Desktop Services Remote Code Execution vulnerability. An…
Ineffective protection, time-consuming management, high cost of ownership all play a role Cequence Security, a provider of innovative software solutions that protect web, mobile, and API-based applications from cyberattacks, today released a new Ponemon Institute report – “The State of Web Application Firewalls”- showing that only 40% of organizations are satisfied with their WAF. The report is based on data gathered from 595 organizations across the U.S. On average, they have each deployed 158 web, mobile, and API-based applications, on premises and in the cloud. “The research clearly reveals WAF dissatisfaction in three areas,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “First,…
Researchers have uncovered yet another flaw in Intel’s hardware. It can allow attackers to eavesdrop on virtually every bit of raw data that a victim’s processor touches. https://twitter.com/a_greenberg/status/1128346757279244289 Jake Moore, Security Specialist at ESET: “Spying tools should never be underestimated, as they are constantly being tried and tested in the wild. Being able to eavesdrop on a target is always a favourite in a cyber criminals’ toolkit but we also shouldn’t forget that tools such as this aren’t just used by the bad guys. We all remember EternalBlue and how that was used to exploit data by actors on both sides of the law. …
Fast Retailing, the company behind multiple Japanese retail brands, announced that the UNIQLO Japan and GU Japan online stores have been hacked and third parties accessed 461,091 customer accounts following a credential stuffing attack. Information accessed includes customer names, addresses, phone numbers, email addresses, genders, dates of birth, purchase history, clothing measurements and partial payment card information. Experts Comments: Kevin Gosschalk, CEO at Arkose Labs: “The recent Uniqlo breach shines a light on the seriousness of hackers carrying out automated attacks at scale. After nearly half a million accounts have been compromised, Uniqlo is urging users to not only reset…
Following the news that San Francisco has become the first city to ban the use of facial recognition in local agencies, such as law enforcement, please see a comment below from Matthew Aldridge, Senior Solution Architect at Webroot, who believes that while the technology can work well, the risk of biometric data being stolen is too great a risk for it to be deployed worldwide. https://twitter.com/nytimes/status/1128421740923817985 Matthew Aldridge, Senior Solution Architect at Webroot: It is great to see San Francisco leading the way on this debate. We’ll see in time whether this course of action is the best one, but it is…
Turkey’s first comprehensive data protection law was being launched in April 2016. The 2016 Law on the Protection of Personal Data (“Turkish Data Protection Law”) is based largely on EU Data Protection Law. As a candidate state for EU membership, Turkey aligns much of its legal system with EU law. Turkish data protection law consequently shares many essential features with Europe’s data protection regime. Turkey’s 1982 constitution conferred a right of privacy, but this was drafted well before the advent of the internet. Turkey’s 2016 Law on the Protection of Personal Data was the first comprehensive law to establish standard…