Karl Barton, Senior Director, International Channels and Alliances at SecureAuth commented below, in regards to how cybersecurity has changed along with the 30th anniversary of the world wide web. Karl Barton, Senior Director, International Channels and Alliances at SecureAuth: “It’s 30 years since Tim Berners-Lee invented the World Wide Web, and today we celebrate the innovation that connected people, ideas and information. Berners-Lee, nor the world – anticipated it evolving into the pivotal entity that we have today. But with the ever expanding platform and connection came great repercussions with the spread of disinformation, privacy and security threats. From a cybersecurity perspective we’ve spent three decades…
ISBuzz Team
A story broke overnight about an exposed MongoDB database revealing the PII of 1.8 million Chinese women. The unusual aspect of this story was not that the data was exposed – but more because it identified which of the women were ‘breed-ready’. https://twitter.com/shah_sheikh/status/1102521981625225217 Expert Comments below: Steve Armstrong, Regional Director at UK & Ireland: “The likely poor Chinese to English translation which has resulted in the ‘breed-ready’ phrase overlooks the far bigger story here – and that is the number one responsibility of all organisations to defend their data. Leaving individuals’ personal and sensitive information unprotected is both careless and irresponsible. The need for…
It has been reported that security experts have found multiple vulnerabilities in Moxa industrial switches (in the EDS-405A, EDS-408A, EDS-510A, and IKS-G6824A series) that are used to build industrial networks for oil and gas, transportation, maritime logistics, and numerous industrial sectors. By exploiting these flaws, hackers could recover the password from a cookie intercepted over the network or by using Cross-Site Scripting (XSS), extract sensitive information, or bruteforce credentials using the proprietary configuration protocol to obtain control over the switch and possibly the entire industrial network. Ofer Maor, Director of Solutions Management at Synopsys: “Unlike many disclosures, where a single vulnerability is identified, the collection of…
The Pen Test Partners has released information on major vulnerabilities it found in premium car alarm systems Viper and Pandora, which could have allowed hackers to locate cars, disable alarms, unlock doors, and even switch the engine immobiliser on/off. https://twitter.com/valeonetworks/status/1104068070283333632 Main key points are: Cyber security researchers from Pen Test Partners found a serious vulnerability affecting cars using widely used premium alarm systems from Viper and Pandora. It would have allowed hackers to geo-locate 3m cars using these alarms in real time, disable alarms, unlock doors and even switch the engineimmobiliser on/off – all remotely through an app. In tests, it also allowed for an engine…
Rolf Gierhard, VP of marketing at Link11 busts the most dangerous and pervasive myths about DDoS attacks – and shows how organizations can protect against them Most organizations understand that DDoS attacks are disruptive and potentially damaging. But many are also unaware of just how quickly the DDoS landscape has changed over the past two years, and underestimate how significant the risk from the current generation of attacks has become to the operation of their business. Here, I’m going to set the record straight about seven of the biggest misconceptions that I hear about DDoS attacks. There are more important…
According to research by the BBC’s Click technology programme, security flaws in three specialist car alarms have left vehicles vulnerable to being stolen or hijacked. Jake Moore, a Cybersecurity Specialist at ESET: “Cybersecurity flaws and breaches can make or break a company. Despite the risk of fallouts, it is insane that companies don’t constantly test their applications with inside ethical hackers. If a car can be stolen by someone with very little knowledge and an insecure app, then how can the public get behind such technology and trust an industry we are trying to protect? Especially when companies are making bold…
The State of AI 2019 is comprehensive study which shows that corporate adoption of Artificial Intelligence has tripled in the last 12 months, with one in seven large companies now adopting some form of AI. Expert Comment below: Matt Walmsley, EMEA Director at Vectra: With 40% of Europe’s so called “AI companies” being exposed as not actually using AI in their offerings* it’s understandable that there’s scepticism around the liberal use of AI in many companies’ claims. So how can we get beyond the buzzwords to understand what’s real, and what works in AI? Here’s a few tips from Vectra who were founded in…
News of a second major data breach took place because of unprotected databases and servers, which has now left 763 million unique emails from Verifications.io exposed. This breach just equipped cybercriminals with 763 million opportunities to commit fraud, but it also exposed “business intelligence data,” including employee and revenue figures, in an unusual circumstance. https://twitter.com/YalePrivacyLab/status/1104810260966068224 Kevin Gosschalk, CEO at Arkose Labs: “This is the second major data breach in one week resulting from companies leaving business-critical databases and servers unprotected, which is alarming. Cybercriminals are engaging in digital warfare, and the frequency and scale of data breaches are increasing. Companies must take…
It has been reported that Equifax appeared before the United States Senate yesterday to discuss what the company has learned from one of the largest data breaches to hit corporate America. Last night, the Senate released a report on how Equifax handled its data security leading up to the data breach. The report details that they “neglected” cybersecurity ahead of the devastating breach. Tim Mackey, Senior Technical Evangelist at Synopsys: “The Equifax breach, related to the Apache Struts vulnerability, showcased the disconnect between commercial software security practices and their open source equivalents. With a commercial software solution, the vendor is in a position to push security information…
Tomorrow, the House of Lords Communications Committee will publish a report calling for a new overarching regulatory framework so that digital services are held accountable to an enforceable set of shared principles. The report states that big tech companies are not doing a good enough job of protecting consumers – and that it’s time for the regulators to step in, implementing a single set of principles to govern digital services. In response, please see comment below from Dr Iain Brown, Head of Data Science at SAS and fellow of Southampton University, on why an ethical framework for data is essential – and what practical steps the Lords…