Verizon has today released the 2019 Data Breach Investigations Report (DBIR), providing an analysis of over 40,000 security incidents and more than 2,000 confirmed data breaches investigated across 180 countries during the last 12 months. This year’s report includes data from the FBI for the first time, and highlights the risks faced by the C-Suite, with executives six times more likely to be a target of social-engineering than they were only a year ago. Some of the key findings include: Can you keep a secret? – Espionage was the key motivation behind a quarter of all breaches, with over a fifth of these attacks traced back to nation states…
ISBuzz Team
The Verizon DBIR report has been made public today, and the key findings indicate an increase in cyberespionage and nation state attacks. Some of the key findings of the reports: C-Suite executives are the high target of social engineering attacks. Increase in Cyberspionage attacked (12% compared to 2018) Financially motivated breaches fell from 76% to 71% 32% of breaches and 78% of cyberespionage are victim of phishing. Most of the malware arrived via email (90%) 60% of web application attacks were on cloud-based email servers 52% of cyberattacks involve hacking 34% of attacks involved insiders 43% of cyberattacks were on small businesses A significant increase on HR…
Security researchers discovered an Elasticsearch server belonging to Freedom Mobile, Canada’s fourth largest cell network, that contained five million logs of customer data. The data was exposed without a password and includes full credit card numbers, expiration dates and verification numbers stored in plaintext as well as customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types and account numbers. None of the data was encrypted. The logs also include credit checks filed through Equifax and includes details of whether an application was accepted or rejected and why. A spokesperson for the company said about 15,000 customers…
Cryptocurrency exchange Binance has confirmed a “large scale” data breach in which hackers stole more than $40 million in cryptocurrency. https://twitter.com/TheHackersNews/status/1126000078823444480 Experts Comments: Jake Moore, Cyber Security Specialist at ESET: “This announcement could have a damaging effect on cryptocurrencies. After the rise and fall of crypto in 2017, people have exercised caution when it comes to digital currencies, so this could dramatically affect the volatility of the currency if people question the security of their finances. It seems to be a very well thought out and targeted attack with a damming outcome for all involved, so it goes without saying that…
In light of current events, scammers are targeting Facebook users with a new scheme that takes advantage of the buzz surrounding Prince Harry and Duchess Meghan Markle’s new baby. This scam is a “bait-and-switch” style ploy that relies on a fake website to scan the user’s computer for private information like bank accounts and credit card numbers. Experts Comments: Paul Bischoff, Privacy Advocate at Comparitech.com: “Fake video player updates are among the most common types of malicious ads that prey on web users. This scheme in particular leverages people’s inherit trust in their Facebook friends to get them to click through and install a…
The White House has issued a new Executive Order on America’s Cybersecurity Workforce. https://twitter.com/CISAgov/status/1124036088413208577 Expert Comments: Pravin Kothari, Founder and CEO of CipherCloud: “This has been long overdue. The level of hacking against the US has created an extraordinary threat to the national security targeting our businesses, infrastructure, stealing trade secrets, and meddling our election, challenging our democracy and freedom. This is a defensive step in protecting America by addressing a key aspect of cybersecurity – workforce – with education and preparedness. It’s a step in the right direction, but more needs to be done, and will require major funding and…
As organisations continue to innovate to realise efficiencies through the use of increasingly sophisticated and pervasive mobile technologies, many are continually challenged by the risks associated with managing an ever growing device estate. Successfully managing the complexity of multiple software and hardware mobile platforms necessitates a practical, secure and cost-effective way to manage, monitor and track devices. This is best achieved through implementing an end-to-end Mobile Device Management (MDM) strategy, that can sometimes require consideration of the entire software and hardware stack, to ensure valuable time and resources are used effectively in securing and monitoring mobile devices that accesses business-critical data. I have summarised four of the themes…
Microsoft unveiled new privacy-focused features which allow users to control how much data is sent back to Microsoft, as well as control how much data third parties receive when browsing the internet. https://twitter.com/WinObs/status/1125441430237749251 Expert Comments: Alex Heid, Chief Research Officer at SecurityScorecard: “The announcement by Microsoft that the Edge web browser is moving to the Chromium engine is quite significant and indicates that Microsoft has embraced the concept of open source software and will likely leverage open source code in the future for additional major development projects. The shift also indicates the full retirement of the antiquated and vulnerable Internet Explorer…
Mozilla is changing its policies and have let developers know that they will be blocking all Firefox add-ons that contain obfuscated code in an effort to clean out malicious third-party code. Expert Comments: Usman Rahim, Digital Security and Operations Manager at The Media Trust: “Paying closer attention to the risks that third-party code suppliers pose is an important step in the right direction. However, Mozilla should clarify a few potential issues: – First, where do Mozilla and Google, which has introduced a similar policy, draw the line on obfuscation? Most if not all developers at least slightly obfuscate code in…
It has been reported that Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit. The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10. According to the advisory, the software contained a hardcoded password set by the manufacturer, which if used would grant unfettered access to the system. https://twitter.com/zackwhittaker/status/1124040208259977217 Expert Comments: Sam Curry, Chief Security Officer at Cybereason: “Sadly, these latest headlines should not be a surprise to anyone because these weaknesses are in place and they are everywhere.…