Password managers, long heralded as the gold standard for consumer password safety, have been shown to have vulnerabilities. Research shows that password managers can leak login credentials to the PC’s memory, making them vulnerable to hacking. In light of this research, it’s certainly time for consumers to examine their password management best practices. Consumers should move towards more secure authentication methods, like multi-factor authentication, dedicated authenticator devices (like YubiKey), or enabling more secure authentication protocols (WebAuthn). But, what about businesses and access to their critical IT infrastructure in particular? Is it also time to rethink password and access management –…
ISBuzz Team
A panel of industry experts at the 2019 ISC West conference in Las Vegas are predicting that biometrics are going mainstream with the mobile sector leading the way to adoption. Robert Capps, VP and Authentication Strategist at NuData Security: “Biometrics technology is increasingly implemented across the market, including the financial and ecommerce industries. Today, passive biometrics is an option to verify users online that doesn’t require an additional step up and it’s widely used to identify customers by their inherent behavior. The benefit of this type of technology is that it is seamless – customers don’t have to take an additional step to identify themselves.…
Security professionals reveal the reasons and concerns behind the adoption of automation and AI as security tools in the 2019 Ponemon Institute and DomainTools survey DomainTools, a leader in domain name and DNS-based cyber threat intelligence, today announced the results of the study “Staffing the IT Security Function in the Age of Automation”, conducted in conjunction with the Ponemon Institute. More than 1,400 security professionals based across the US, the UK and APAC provided answers on the impact that automation and artificial intelligence (AI) will have on the staffing of IT security functions. All respondents participate in attracting, hiring, promoting and retaining IT security personnel within their organizations. Results clearly indicated a…
It has been reported that pregnancy club Bounty UK has been given a £400,000 fine by the ICO for illegally sharing the personal information of more than 14 million people. Experts Commets: Anjola Adeniyi, Technical Leader for EMEA at Securonix: “With this kind of illegal data sharing, mothers and babies may be unable to tell if they have suffered a data breach with one of Bounty’s third parties. The fine may have been greater if it wasn’t that the breach happened before GDPR came into effect. Hopefully the wider market can learn from Bounty’s experience, and avoid such misconducts.” .…
It has been reported that ‘Dragonblood’ vulnerabilities seep into WPA3 secure Wifi handshake. The research identified vulnerabilities in early implementations of WPA3™-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. An attacker within range of a victim can still recover the password of the Wi-Fi network. Gavin Millard, VP of Intelligence at Tenable, has provided the following comment on the vulnerabilities. Gavin Millard, VP of Intelligence at Tenable: “WPA3 hasn’t even been rolled out fully yet but, as is to be expected, there are numerous interested parties lined up ready to…
Making the internet safer, especially for children and vulnerable individuals, is a decidedly noble pursuit. Doing so, however, would certainly be a considerable undertaking, and not without significant ethical, legal, and societal concerns. In an ambitious effort to make the internet a safer place for people to interact and communicate, the UK government has laid out an extensive framework for how it would go about executing its vision for a safer internet through increased regulations. These regulations would be aimed at companies that operate online and would require them to take responsibility for protecting their users from certain “online harms”…
The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details. It blamed an “administrative error” for sending an email that revealed 240 personal email addresses – a likely breach of the Data Protection Act. The Home Office sent the email on Sunday 7 April asking applicants, who had already struggled with technical problems, to resubmit their information. But it failed to use the “blind CC” box on the email, revealing the details of other applicants. https://twitter.com/LwFcmMGDs2MpVsZ/status/1116682924609421312 Expert Comments: Shlohmie Liberow, Technical Program Manager at HackerOne: “Whilst it is important to ensure staff are appropriately…
Avanan’s report found that a quarter of phishing emails bypass default Office 365 security. https://twitter.com/sikur/status/1009789323963699208 Dr. Simon Wiseman, CTO at Deep Secure: While some vendors may jump on these results to point the finger at Office 365’s solution specifically, as a means of promoting their own detection solution, what this really shows is how cybercriminals tactics have become sophisticated to the point that they can completely circumvent ‘detect and protect’ cybersecurity solutions identify malware – in both phishing attacks and other attack vectors. Anti-virus, quarantine and sandboxing solutions can all be circumvented, whether that’s because threats lie dormant for a number of days until the…
It has been reported that a cyber espionage group believed to be out of Iran and known for targeting telecommunications providers and government bodies in the Middle East has added to its arsenal malware for targeting Android devices. The so-called MuddyWater hacking group, which has been in action since at least 2017, also has created new backdoor malware for spying on its targets, and has been spotted employing false flag tactics to throw off researchers and investigators, according to security researchers at Trend Micro, who here today shared the details of the Iranian hacking team’s latest activities. Tom Davison, EMEA Director at Lookout: “This is another example of a potential…
This was reported by local Minneapolis news yesterday afternoon: A data breach last year at the Minnesota agency that oversees the state’s health and welfare programs may have exposed the personal information of approximately 11,000 individuals. The state Department of Human Services (DHS) notified lawmakers Tuesday that an employee’s e-mail account was compromised as a result of a cyberattack on or about March 26, 2018. A hacker unlawfully logged into a state e-mail account of a DHS employee and used it to send two e-mails to one of the employee’s co-workers, asking that co-worker to pay an “invoice” by wiring money.…