Total Number of Records Exposed Reached 11.5 Million in 2018, More Than Twice That of 2017 Bitglass, the Next-Gen CASB company, has released its fifth annual Healthcare Breach Report. Each year, Bitglass analyzes data from the U.S. Department of Health and Human Services’ “Wall of Shame,” a database containing information about breaches of protected health information (PHI) that affected 500 or more individuals. In 2019’s report, the latest data is compared to that of previous years, revealing key trends and cybersecurity challenges facing the healthcare industry. Breaches recorded in the HHS database are categorized into one of the following groups: Hacking or IT…
ISBuzz Team
Changes in Workforce, Workplace, and Technology by 2025 Present New Challenges and Call for Innovative Solutions, According to OneLogin Survey OneLogin, the leader in Unified Access Management, released a study that found the workforce, workplace, and the technologies that support them will be so different by 2025 that enterprises need to provide global access and ensure continuous uptime now. Enterprises must start addressing global digital transformation strategies, including Unified Access Management, to remain agile and relevant. OneLogin’s study of 100 CIOs of companies with at least 5,000 employees is available for download here. The majority of the CIOs surveyed, across the U.S., EMEA, and Asia-Pacific, agreed that…
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. This particular Office 365 phishing fraud starts with an email impersonating a Microsoft alert for renewing the subscription for the Office suite of services. When a potential victim fails to log into their Office365 account on the fraudulent website, they can turn to the customer support service, which is conveniently visible on the page. https://twitter.com/TruOFFICE/status/1100339211218112512 Experts Comments below: Tim Sadler, CEO and Co-founder at Tessian: “This is an example of advanced spear phishing—attackers masquerade as a legitimate and well-trusted company…
Yesterday at MWC, alongside Executives from McAfee and Twilio, Callsign joined a discussion about maintaining consumer trust in a digital economy. One of the topics raised was whether consumers need to take more responsibility in terms of keeping themselves safe online. Ultimately it is the consumer who is the weakest link in security – but can we go as far as to say that consumers are stupid? Experts Comments below: Zia Hayat, CEO and Founder at Callsign: “Rather than not understanding the security issues associated with the digital economy, a lot of consumers just don’t have the right tools available. Technology…
Point-of-Sale Solutions Provider – North County Business Products was hacked and credit-card stealing malware was put on the networks of clients across the country like Dunn Brothers Coffee, Zipps Sports Grill and Someburros outlets. https://twitter.com/shah_sheikh/status/1098901489945178112 Ryan Wilk, VP of Customer Success at NuData Security: “Point of sale (PoS) systems are a prime target for cybercriminals because they can access a variety of businesses and customers. To avoid getting hit by any creative form of malware, it is essential to continuously monitor PoS devices and update security patches regularly. Once, however, that the credit card information is stolen, businesses have to combat fraudulent online transactions. Companies offering services in the…
In response to today’s news reports that Intuit has informed customers that their tax records were exposed through a breach and their account has been deactivated, an expert with STEALTHbits commented below. Adam Laub, SVP Product Management at STEALTHbits Technologies: Human nature is the fuel within the Credential Stuffing machine. If your email address is your typical username and you use the same password across different sites, you’re ripe for the picking. Credential Stuffing ceases to be a viable attack technique when users leverage different, unique passwords across the various sites and services they log into. However, our innate desire to remember as little information as…
It has been reported that Alphabet Inc’s Google said on Wednesday it had made an “error” in not disclosing that its Nest Secure home security system had a built-in microphone in its devices. Earlier this month, Google said Nest Secure would be getting an update. However, the device’s published specifications did not mention a microphone. Gavin Millard, VP of Intelligence at Tenable: “With the recent concerns on how large companies are leveraging our private data, the disclosure that NEST devices had a secret mic is obviously going to cause consternation. Many, including myself, prefer not to have active mics linked to cloud services embedded in technology, and…
Supply chain attacks in 2018 were nearly double the amount of the year before according to the latest Symantec Internet Security Threat Report. https://twitter.com/RunSafeSecurity/status/1009828477456080897 Matan Or-El, Co-founder and CEO at Panorays: “Cybercriminals are testing and finding successful new attack strategies and then rolling them out across industries. They are escalating their efforts and maximizingtheir results with fewer attacks. These attacks have put pressure on the entire supply chain, especially on smaller companies that may not have the IT expertise to defend themselves. To stay on top of these dynamic cyberattacks, companies must automate continuous monitoring of the supply chain to spot holes in security before…
Following the news that a power monitor by Rockwell Automation, that is used by energy companies worldwide, is vulnerable to public exploits, Andrea Carcano, Co-founder and CPO at Nozomi Networks commented below. Andrea Carcano, Co-founder and CPO at Nozomi Networks: “Both the reported vulnerabilities are related to the web interface exposed by the device for configuration purposes; they require a very low skill level to be exploited. In the first case, CVE-2019-19615, the issue is Cross-Site Scripting (XSS) and it is quite common in web applications; An XSS vulnerability occurs when a web page displays user input (usually JavaScript) that…
Following the news that the Labour Party has been forced to lock down access to its membership databases over rumours of a data breach, IT security experts commented below. Jake Moore, Cyber Security Expert at ESET: “Political parties will always be on a hacker’s radar so their security teams should never take their foot off the gas. Cyber criminals are usually motivated by either financial gain, political reasons, or the desire to cause damage. As this concerns the Labour party, all three likely play a role. Being immediately transparent and upfront with any sort of breach is the best course of action to take. Understanding this guaranteed risk…