The Healthcare Information and Management Systems Society (HIMSS) recently published a report from the 2019 HIMSS Cybersecurity Survey. The findings show that malicious actors are successfully leveraging phishing attacks to initially gain access to networks across healthcare organisations in the US. https://twitter.com/HIMSS/status/1096076777447976960 Expert Comments below: Neil Larkins, CTO at Egress Software: “Today, the most sophisticated phishing emails are designed to look as real as possible, and can, to the untrained eye, appear nearly identical to an email from a trusted sender. When issuing a phishing attack to a large audience, attackers count on a scattergun approach that will be successful with…
ISBuzz Team
Google recently created a new quiz to test user knowledge against email phishing attacks, showing how easy it is to be fooled by a scam you think is coming from a trusted source. From fake support emails with malicious links to folders of photos to download from unknown sources, corporate users are getting better and better at spotting fake emails, and security tools are primed to catch them with advanced technology. But outside of the typical phishing and spear-phishing emails, attackers are using the browser more and more to fool users into clicking malicious links, entering login credentials, or downloading…
The Bank of Valletta, one of Malta’s main banks and the financial institution which accounts for almost half of Malta’s banking transactions, suffered a major cyber attack on Wednesday. The bank said it had closed its branches and ATMs on the small Mediterranean island after realizing hackers were trying to access its systems. Its website was also offline. https://twitter.com/grc_plus/status/1096012581993672704 Experts Comments below: Felix Rosback, Product Manager at comforte AG: “Banks are naturally the target of many breaches due to the highly sensitive data stored. Payment data is extremely useful for hackers to commit fraud and they can make a lot…
The new governor of the state of California, Gavin Newsom, stated he is to propose a “digital dividend” which would see consumers be paid for their data which is used by the major tech firms. During his “State of the State” talk, which took place on Tuesday, Newsom stated companies that make billions of dollars “collecting, curating and monetizing our personal data have a duty to protect it. Consumers have a right to know and control how their data is being used.” https://twitter.com/Bill_Bruner/status/1096007263553183744 Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG: “It’s refreshing to hear the new California…
In response to the news that global card expenditure is forecast to almost double over the next four years as a result of a continued growth in contactless payments, David Orme, SVP at IDEX Biometrics commented below as part of our experts comments series highlighting the need to address card fraud now to secure our future as a cashless nation. David’s comment also discusses how recent advancements in biometric fingerprint technology could provide the answer by allowing people to be far better protected, without having to compromise security for convenience. https://twitter.com/FintechBot/status/1095725234844590081 David Orme, Senior Vice President at IDEX: “The news…
In a report shared with BleepingComputer, the Agari Cyber Intelligence Division (ACID) outlines how a criminal gang out of Nigeria called “Scarlet Widow” targets those who are more likely to be lonely such as farmers, elderly, the disabled, and divorced with “romance scams.” Romance scams are months long, if not year long, campaigns where bad actors catfish, or pretend to be in love with, an unsuspecting victim in order to steal money from them. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak. https://twitter.com/techieappy/status/1096011640535949313 Tim Sadler, CEO and Co-founder at Tessian: “Phishing scams prey on…
Cybercriminals found a way to penetrate Image-I-Nation Technologies is a North Carolina-based provider of software and hosting services, a company that services the three largest credit reporting services including Equifax. The hackers had access to sensitive information including social security numbers. https://twitter.com/CtacPaladion/status/1095912543992700928 https://twitter.com/TechNadu/status/1095994828112965633 Experts Comments below: Tim Mackey, Technical Evangelist at Synopsys: “This breach disclosure highlights just how little control individuals have over the security and location of their personal data – let alone the purpose the data might be used for. Regardless of media coverage, it is highly unlikely that most people will pay attention to a data breach…
Following the news of a recent Webroot report titled “Size Does Matter”, which highlights SMBs’ perception of cybersecurity risks, Paul Norris, Senior Systems Engineer for EMEA at Tripwire, gives his take on how SMBs can protect themselves. Paul Norris, Senior Systems Engineer for EMEA at Tripwire: “SMBs used to feel safer from the threat of cyberattacks because they failed to see the potential value of their digital assets. Recently, criminals have figured out that through the weaker security layers of smaller contractors, they could not only obtain sensitive information, but they could also gain access to the networks of larger…
500px online photography network suffered as data breach last summer around July 5, 2018 but the incident was not discovered until last week. The breach has affected 15 million photographers who signed up . The stolen data includes: users’ names, email addresses, usernames, hashed passwords and birth date, gender and city/state/country if provided. 500px working with different email service providers to send email to all users but it may take sometime for all users to receive the email. https://twitter.com/500px/status/1095726628230045697 https://twitter.com/avast_antivirus/status/1095784419753902081 Experts Comments below: Dr Darren Williams, CEO and Founder at BlackFog: “Unfortunately this breach highlights that attackers will always get…
It has been reported that a security vulnerability in Docker and Kubernetes containers can be used to go after any host system running containers. The vulnerability allows malicious containers to overwrite the host and gain root-level code execution on the host machine. Tim Mackey, Technical Evangelist at Synopsys: “With the disclosure of CVE-2019-5736, the topic of container security and how malicious actors could breakout from a containerised application is headline news. While providers of container services like Amazon, Google, IBM and Microsoft will directly address the underlying vulnerability, any organisation embracing containerised applications should take this as an opportunity to…