Software used to harvest potentially sensitive information about users is widespread across the websites of government departments and local authorities, The Irish Times has revealed. New research shows that almost all of the 16 departmental and 31 local authority websites surveyed had “trackers” installed, which help companies compile detailed profiles of users. The research, by Danish ePrivacy firm Cookiebot, scanned up to 1,000 pages on each individual website for tracking technologies. The worst performing departmental website was the Department of Foreign Affairs, which had 96 trackers detected on it. Kerry County Council had the most trackers operating on its pages of any local authority, with…
ISBuzz Team
Thycotic’s 2019 State of Privileged Access Management Maturity Report Reveals Alarming Shortcomings in PAM Security Practices Thycotic, a provider of privileged access management (PAM) solutions to 10,000 organizations worldwide, today announced its 2019 State of PAM Maturity Report. The report summarizes the aggregate data from more than 450 organizations across the globe that participated in Thycotic’s Q4 2018 PAM Maturity Model assessment survey to-date. According to survey results, while nearly four out of five organizations (78 percent) now include privileged credential protection as part of their cyber security policies, their PAM security practices are woefully lacking and even worse than you might expect. Eighty-five percent…
Email verification company Verifications.io leaked Email addresses of almost one billion people. Last week it was estimated as 700 million but number of exposed email addresses now reached one billion. https://twitter.com/RaymondTecIT/status/1108034195635478531 Even some reports number is more than one billion. https://twitter.com/steve_sacco/status/1112352481353363456 Experts Comments Below: Byron Rashed, VP of Marketing at Centripetal Networks: “Businesses and consumers should always verify and deal with trusted businesses. In today’s digital environment, giving electronic information out about one’s self is exposing the individual to a variety of cyber crimes. Credentials can be leveraged by a threat actor for identity theft on a personal level and corporate network infiltration and…
A critical SQL flaw that requires no authentication and may be exploited on card skimmers is identified on Magneto eCommerce solutions used by more than 300K customers. https://twitter.com/cfwebtools/status/1111715228562194437 Experts Comments Below: Ilia Kolochenko, CEO at High-Tech Bridge: “This may lead to one of the most disastrous web hacking campaigns. Magento is mostly used on trusted e-commerce websites and thus opens a door to a great wealth of sensitive PII including valid credit cards details. The most dangerous flaw is SQL injection that can be exploited without any pre-conditions, being sufficient to steal the entire database and likely take control over the…
Following the news that popular South Korean search engines have been targeted by a phishing campaign that utilises the watering hole technique to acquire login credentials from victims, Corin Imai, Senior Security Advisor at Domaintools, offers the following commentary. Corin Imai, Senior Security Advisor at Domaintools: “By spoofing popular search engine websites, attackers adopted a strategy aimed at maximising the number of potential victims. Unfortunately, it is very hard to prevent campaigns such as Soula, since users tend to have their guard down when visiting popular, reputable websites, and are more easily tricked into providing their credentials because the familiarity of the page creates…
Toyota announced its second data breach on Friday last week, making it the second cyber-security incident the company acknowledged in the past five weeks. While the first incident took place at its Australian subsidiary, last week’s breach was announced by the company’s main offices in Japan. Toyota said that hackers accessed servers that stored sales information on up to 3.1 million customers. The carmaker said there’s an ongoing investigation to find out if hackers exfiltrated any of the data they had access to. Toyota said the servers that hackers accessed stored sales information on up to 3.1 million customers.…
It was reported at the end of last week that there had been a data breach at Natural Health Services. It involves the personal health information of about 34,000 medical marijuana patients that was accessed in a data breach of an electronic medical record system used by NHS and its parent company Sunniva Inc. The NHS says patients have been informed in the last week of the breach that occurred between Dec. 4, 2018 and Jan. 7. It says the breach didn’t involve any financial, credit card or social insurance number information since those aren’t collected from patients. https://twitter.com/2BCyberbright/status/1112160214210490368 Don Duncan, Director of Business Development at NuData…
It has been reported that Earl Enterprises, the parent company of Planet Hollywood has confirmed a cyber attack against its point-of-sales systems, with 2.15 million credit card details discovered on the darkweb. The PoS systems were infected by malware which extracted sensitive data including card numbers, customer names, and expiration dates, over a 10 month period. https://twitter.com/loophold/status/1112672118997700608 Experts Comments Below: Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies “Point of Sales terminals are often an overlooked area of payment infrastructure. If an attacker is able to gain access to a single POS on the network, it is often possible to infect the entire network of terminals, as is the case…
A guide to keeping security at the heart of DevOps development cycles, by Josh Kirkwood, DevOps Security Lead, CyberArk Remember the famous engineering project triangle? It calls on organisations to forgo one of the following traits in exchange for a product development cycle to have the other two attributes: speed, quality and value. This essential model has sat at the very centre of project management issues for years, supporting the rise of cost projections, delay of deadlines and most importantly, increased rigidity around quality assurance requirements. As competition has transformed technology in recent years, C-level executives have started to opt…
Last year was a year of digital acceleration, as new technologies such as 5G, artificial intelligence and next-gen cloud moved into the realm of reality and started to radically transform how business operations work. In particular, these technologies enable real-time insights that are changing business behaviours. Organisations are wanting to build a ‘Real-Time Enterprise’, where they can make business decisions based on what is happening right now, rather than what happened last week, or last month – and this is particularly the case when it comes to security strategies. So what does this mean for how businesses will work with their security providers? Become a forward thinker with cyber…