It has been reported that Home improvement startup Houzz has suffered a data breach. The company said in an FAQ on its website that the breach was discovered in late December 2018, and that “a file containing some of our user data was obtained by an unauthorized third party.” https://twitter.com/secnews24/status/1092004300509888513 Tim Erlin, VP at Tripwire: “While it might not be clear how this sensitive data was obtained, this is a good example of the risks of password reuse. If you used the same password for your Houzz account that you used for a more sensitive account, then you’ve put that…
ISBuzz Team
Following the news that India’s national Aadhaar database has been revealed to contain a flaw, exposing Aadhaar card numbers and partial phone numbers of thousands of Jharkhand government employees, Max Vetter, chief cyber officer at Immersive Labs commented below. Max Vetter, Chief Cyber Officer at Immersive Labs: “There is a basic lapse in security here; the database should have been password protected, and naming files with confidential information was also a mistake. Though these security precautions should be obvious, these issues may go back to the way that the system was designed. It’s a lesson that those with adequate security…
It has been reported that Metro Bank has been targeted by attacks that bypass two-factor authentication using vulnerabilities in the mobile network. Flaws in the SS7 protocol, used by telecoms operators, mean that the codes sent out over SMS can be intercepted. https://twitter.com/Info_Sec_Buzz/status/743954901370277888 Experts Comments below: Michael Downs, Telecoms Cyber Security Director of EMEA at Positive Technologies: “For years, it has been known that the Signally Systems No.7 (SS7) protocol, widely used by telecoms operators, has major security flaws. Its security weaknesses can not only be used for SMS interception – as is the case here with Metro Bank -…
In light of the news that £34.6 Million was lost to cybercriminals in second half of 2018. https://twitter.com/andynorton27000/status/1090210218254819329 David Emm, Principle Security Researcher at Kaspersky Lab: “The news that cybercriminals were able to successfully steal £34.6 million during the second half of 2018 is incredibly worrying. People need to be more careful when engaging in online activities, as their lack of awareness could mean they play into the hands of cybercriminals. While technology plays an important part in protecting people from online threats, consumers also need to take it upon themselves to practise caution and develop an ‘online common sense’ to guard against…
The UK government has announced a total of £100m investment into improving the security of hardware, chip devices and IoT technology to promote ‘security by design’ for all IoT devices used by businesses and individuals. Up to £70 million has been promised through the government’s Industrial Strategy Challenge Fund to support research into the infusion of security and protection solutions into hardware and chip designs at the development stage. At the same time, the government has also promised to invest a further £30 million to ensure the safety and security of Internet-connected smart devices, 420 million of which would be deployed across…
Endpoint security has become a major battleground in the cybersecurity war as companies struggle to protect an ever-growing number of machines in an increasingly complex environment. With the widespread adoption of remote working arrangements, the onslaught of mobile devices and BYOD policies (or lack thereof), the endpoint landscape in many companies has become a wild west of devices, operating platforms and applications. As a result, endpoint vulnerabilities are being exploited on an unprecedented scale. According to the Ponemon Institute, 64 percent of organizations have experienced at least one endpoint attack that compromised their data or infrastructure in the past year.…
Less than half of Britain’s leading banks are doing enough to protect customers from hackers, according to a Which? investigation. Only five of the 12 investigated banks used two-factor authentication at login, a feature which makes it harder for criminals to hack into accounts. Dewald Nolte, Chief Commerical Officer at Entersekt: “The rise in popularity of internet banking has unfortunately been coupled with an increase in digital fraud. There was a time when social media had better authentication security thanks banks. Now, consumers expect banks to put a premium on security to ensure that they stay several steps ahead of…
The new California data privacy law is now starting to reveal the increase in third-party breaches as companies begin reporting under the new law according to the Office of the Attorney General. Matan Or-El, Co-founder and CEO at Panorays: “Hackers continue to target the weakest link in the supply chain, and in doing so are making whole industries vulnerable. Discover is the latest third-party breach that besmirches the reputation of the company to which it is connected. These breaches illustrate the need for more in-depth and continuous monitoring of all vendors in the supply chain, from the moment a vendor…
Hackers are passing around a vast database of 2.2 billion unique names and passwords skimmed from some of the biggest data breaches like Dropbox and LinkedIn. Collection #1 and #2-5 have been uncovered by several security researchers. https://twitter.com/shyftnetwork/status/1090993613574729728 Experts Comments below: Ryan Wilk, VP of Customer Success at NuData Security: “This latest dump of names and passwords reveals the enormity of the exposure of personal information worldwide and how cheap or free personal information has become as hackers try to race to squeeze the last value out of it. New technologies that don’t rely on passwords, like behavioral analytics and…
India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. Expert Comments below: Ilia Kolochenko, CEO at High-Tech Bridge: “In light of the economic slowdown in many developed countries, India is becoming a growing and dynamic market both for entrepreneurs and cybercriminals. Many new startups start offering various e-services related to micro-finance and other niches that involve the handling of personal and financial data. At the same time, the best cybersecurity minds of the country are employed by Western companies, creating a considerable skills shortage…