VFEmail.net is breached and customers’ data is wiped out from all of her US servers. The event took place on Februaury 11 and since then company’s site and webmail client went down without notice. Here are the few tweets from the company highlighting the issue. https://twitter.com/VFEmail/status/1095040044316925953 https://twitter.com/VFEmail/status/1095038701665746945 Experts Comments below: Stephen Cox, Vice President and Chief Security Architect at SecureAuth: “Two-factor authentication is certainly a step in the right direction, but as VFEmail founder Rick Romero points out, it falls well short of addressing today’s threat landscape. As we saw with some of the high-profile breaches of 2018, there are…
ISBuzz Team
Yesterday, Microsoft released its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company fixed 77 security flaws across a wide range of products, from Microsoft Edge to the Azure IoT SDK. The most critical of all fixed bugs is a zero-day vulnerability in Microsoft’s old Internet Explorer browser that the OS maker says it’s been already exploited in the wild. Satnam Narang, Senior Research Engineer at Tenable: “This month’s Patch Tuesday release contains updates for over 70 CVEs, including fixes for the Microsoft Exchange Server Elevation of Privilege 0-day vulnerability known as “PrivExchange” (CVE-2019-0686) that…
Fraudsters are able to operate with impunity on social media networks like Instagram and Snapchat, scamming users and running little risk of being caught, a Sky News investigation has found. Police and anti-fraud groups are also warning that a too-trusting Instagram generation is falling victim to get-rich-quick scams, worth many millions of pounds a year to criminals. Figures obtained by Sky News show under 25s are six times more likely to fall victim to criminals using social media platforms than over 50s. Paul Bischoff, Privacy Advocate at Comparitech: “These are old scams applied to a new medium. By tricking people…
With every passing year comes an exciting set of technological trends. Whether these are built around an entirely new idea or an upgrade to an existing technology, these trends bring with them promise, opportunity and excitement. Based on conversations with ManageEngine customers and partners as well as observations on IT and business developments, fintech acceleration is likely to be at the fore of upgraded technology as automated digital processes increase in 2019. Enterprise adoption of process automation technologies will continue with the same vigour as the technologies are expected to make the enterprises nimble, data-centric and quick to make decisions across…
An audit at the Federal Housing Finance Agency found more than one third of employees subjected to a fake phishing attack failed to follow the proper response protocols, along with a number of other vulnerabilities present at the agency’s network perimeter. According to the audit, just three of the 50 employees tested reported the suspicious emails to their superiors. https://twitter.com/christinayiotis/status/1095302204896960512 Corin Imai, Sr. Security Advisor at Domaintools: “Although the sample size taking part in this audit isn’t big enough to generalise the findings to an overall trend, it is enough to show that organisations – even those that invest in…
Dunkin’ Donuts has announced that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts. This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks. Experts Comments below: Stephen Moore, Chief Security Strategist at Exabeam: “The most seasoned and well-resourced security teams can be easily overwhelmed by the volume of organisational alerts they receive in a day. That complexity, when combined with the inherent difficulties of detecting credential-based attacks, because the attackers are impersonating legitimate users, creates an environment that lacks…
U.S. Senators Ron Wyden and Marco Rubio have sent an urgent plea to new Cybersecurity and Infrastructure Security Agency (CISA), Christopher Krebs to launch an investigation into foreign-owned virtual private networks to assess whether they represent a national security threat to government. Justin Jett, Director of Audit and Compliance at Plixer: “Apps developed by foreign companies should be seen as risky, especially as it relates to government agencies and their employees. Because the traffic may be routed to foreign servers, it could be very difficult to subpoena the data or to understand who has access to the data. Additionally, because…
It has been reported that hackers have apparently compromised some user accounts of dating service OkCupid. However, the company has denied any such attempt, triggering the debate on how safe online dating portals are. A user contacted TechCrunch to inform that some hacker broke in his account and changed the password. So much so, even the email address on the file was changed, disabling the user from resetting his password. Experts Comments below: Tim Mackey, Technical Evangelist at Synopsys: “The reported breach at OkCupid highlights a key issue we face with account and identity management – web sites often use…
Following the news that 620 million stolen account details from 16 hacked sites have been posted for sale on the dark web today, IT experts commented below. Jake Moore, Cyber Security Specialist at ESET UK: “This is typical of what happens once there is a large breach of passwords. After we saw “Collection #1-5” released in the wild last month, this news is sadly inevitable. However, the value of this database is massively reduced once all the users’ passwords are changed as the details cannot be used by anyone wishing to purchase the list. So, if you’ve owned an account…
Following the news that the teenager who reported Apple’s FaceTime bug is to be paid by Apple for his discovery, Jake Moore, Cyber Security Expert at ESET commented below. Jake Moore, Cyber Security Expert at ESET: “Bug bounty hunting is a fantastic way to encourage ethical hackers to quietly highlight bugs to the creators of the software. The amount of money saved by companies can largely outweigh the fines issued or reputational damage suffered after data breaches, so this sort of financial encouragement is a win win for all. However, if some companies do not offer such bug bounties, they…