Following the continued concern and coverage of the Huawei/5G issue, please find below a comment from Leigh Moody, UK Managing Director at SOTI. In this comment, Leigh warns that the data of UK businesses is at risk if Huawei is allowed to contribute to any part to the 5G infrastructure. Leigh Moody, UK Managing Director at SOTI: “The UK Government’s decision to allow Huawei equipment to be used in the country’s 5G infrastructure, even if only the ‘non-core’ parts, is concerning. Workforces are becoming increasingly mobile, using connected devices that require network access to stay connected and share information within the business. With the proliferation…
ISBuzz Team
Citycomp, a German company that offers multi-vendor maintenance and infrastructure services was hacked and cybercriminals got away with sensitive financial information of some of the company’s largest customers. After the company refused a cyber extortion attempt, cybercriminals dumped the information online. https://twitter.com/josephfcox/status/1123579866031456257 Ryan Wilk, VP of Customer Success at NuData Security: “Although there is no information about how this attack occurred on Citycomp, many of these breaches happen due to apt hackers that are able to find system vulnerabilities or to phish those who own admin accounts. Unfortunately, with phishing, bad actors don’t need to “hack” a site, instead they can get…
Passwords are often the weakest link and for this reason, it is crucial for individuals and corporations to find alternative solutions that will provide a greater level of security. With World Password Day coming up on the 2nd May, it is the perfect time to address this cybersecurity issue. https://twitter.com/cloudy_steve/status/1123862081089015808 Experts Comments: Terry Ray, SVP and Imperva Fellow at Imperva: “World Password Day reminds us all how important our cyber hygiene is to account safety, bringing to mind what we might be risking with vulnerable passwords. Now on everyone’s mind this Thursday, it is crucial for all users to reevaluate their cyber hygiene – with passwords…
The US Dept. of Homeland Security this week issued a binding directive, Vulnerability Remediation Requirements for Internet-Accessible Systems. The DHS Cybersecurity and Infrastructure Security Agency (CISA) issued the binding operational directive (BOD) 19-02 which requires federal agencies to remediate critical security vulnerabilities within 15 days since the initial detection. As explained by CISA, “A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.” https://twitter.com/MarcoBorger1/status/1123516602991960064 Mounir Hahad, Head of Juniper Networks’ Juniper Threat Labs: “This is a good initiative, one for which all reputable private sector enterprises already subscribe to…
World Password Day is this Thursday, May 2, but everyone knows the damage that weak passwords can cause. Why not use this day to talk about how other forms of authentication — like MFA, biometrics and behavioral analysis– can better protect consumers against fraud? OneSpan recently commissioned a study of top financial institutions regarding passwords and other authentication practices. It found that: – 96% of organizations still rely on legacy processes tied to usernames and passwords for authentication – 44% are challenged by the use of legitimate credentials (exposed in data breaches) in account takeover attempts -60% of respondents plan to invest in new multifactor authentication technologies in 2019,…
Data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen. They said: “Citycomp has been hacked and blackmailed and the attack is ongoing. We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.” https://twitter.com/derPUPE/status/1123363591275646986 https://twitter.com/GeoLangLtd/status/1123508141487005696 Experts Comments Warren Poschman, Senior Solutions Architect at comforte AG: “The data breach at CITYCOMP underscores that data theft for ransom isn’t dead and won’t be anytime soon. Although in most other regions outside of Latin America the focus is instead on ransomware as an attack, and theft of data is typically…
The UK Department for Digital, Culture, Media and Sport (DCMS) is consulting on regulatory proposals regarding consumer Internet of Things security. The UK Government takes the issue of consumer IoT Security very seriosuly and recognize the urgent ned to improve the security for these devices for the cosumer. The consumer is always the weakest link when it comes to IoT Security. Experts Comments: Peter Carlisle, Vice President at nCipher Security: Consumers and businesses are discovering and benefiting from the opportunities the IoT provides each day. Yet, IoT devices have also become one of the most vulnerable entry points for attackers. The IoT exposes consumers and businesses to new security vulnerabilities due to…
The number of data breaches and the level of cyber-attacks are continuing to rise. According to Absolute Market Insights “it is estimated that over the next five years, cybercrime could potentially cost companies US$ 5.2 trillion every year.” In line with this growth, we are seeing an escalating interest in cyber liability insurance. Market.us recently found that the global cyber liability insurance market was valued at $5.5 billion US dollars in 2018 and is projected to increase significantly at a CAGR of 26.5% from 2019 to 2028. The rationale for this growth is clear as cyber liability insurance helps cover the costs that businesses incur…
A relatively simple exploit in Chrome for mobile has been discovered and called ‘inception bar’. The attack allows for a site to spoof a URL in the mobile version of Chrome when scrolling, subsequently locking them into a false UI. https://twitter.com/maxitonline/status/1123183984995778560 Experts Comments: Gavin Millard, VP of Intelligence at Tenable: “Reminiscent of the age old trick of copying “Trusted Sender” notifications and inserting them into nefarious emails, this neat approach to spoofing the address bar could lead to many users falling foul to enterprising attackers. “Users fall for fake websites constantly, hence the continued scourge of phishing sites, but this new approach could fool even the most cyber savvy individual. Exploiting this…
Google has removed 100 applications with 600 million installs from its store after an investigation into a major Chinese app developer. The applications contained adware and forced users into click fraud. https://twitter.com/harpalnews_in/status/1123174187424550914 https://twitter.com/CraigSilverman/status/1122146142853025793 Expert Comments: Mike Bittner, Digital Security and Operations Manager at The Media Trust: Fraudulent adware is harmful to the ad networks they defraud and potentially to end-users by directing devices to steal information linked to the user’s device and behaviors, downloading unwanted—if not malicious–files, and redirecting users to malicious sites. This information can be as specific as the router a device is connected to and that…