The popular video platform DailyMotion’s disclosed a credential stuffing attack on Friday. In response, experts with Cequence and Shared Assessments offer perspective. https://twitter.com/safebits/status/1090081233856389120 Mike Jordan, CISSP, CRISC, CTPRP, Senior Director at The Shared Assessments Program: “Credential Stuffing is the unfortunate consequence of using the same password on different sites. Just last week, over 772 million passwords were offered for sale in one of the largest public data breaches of this sort. It’s no surprise to see a corresponding breach. “Hacking passwords on public video sites and forums could be used for troll farming and disinformation campaigns. More troubling are the breached banks…
ISBuzz Team
Delivering seamless connectivity is vital to ensure that your communications strategy is effective. Despite the concerns of legacy technology, intuitive intelligent solutions can alleviate collaboration complexity and provide seamless interoperability to give the workforce an enriched and enduring experience. The workforce dynamic is changing dramatically. More people are working remotely and integrated, easy to use communications are crucial to improving communications. The demand for intelligent solutions is on the increase. Video conferencing, instant messaging, and meeting room systems are essential tools to create an environment that can quickly bring stakeholders together and to interact efficiently. Enterprises have the opportunity to…
We recently discovered that the latest version of Scapy, a powerful packet manipulation tool used by cybersecurity researchers and network engineers, is susceptible to a Denial of Service (DoS) vulnerability. Ironically, we found this vulnerability while researching ways to better detect and fight DDoS attacks. Written in the very popular Python coding language, Scapy uses a heuristic algorithm to determine the type of network packet it is inspecting. Because the algorithm relies on port numbers, the packet type can be easily spoofed. In this case, the vulnerability occurs when Scapy is tricked into thinking a network packet is a RADIUS packet. The…
It has been reported that the Japanese government has passed a new law amendment that will allow officials to hack into citizen’s Internet of Things devices to compile a list of devices that are prone to hacking. https://twitter.com/YvesMulkers/status/1089711445670014976 Gavin Millard, VP of intelligence at Tenable: “Rather than hacking back, it appears the NICT are going to notify users of exposed devices with simple passwords. A quick Shodan search only finds roughly 1000 devices currently connected in Japan with easily guessed passwords though, so unless they are going to go deeper leveraging a scanning tool like Nessus, it’ll be more PR than actual security improvements.…
Data Protection Day is acknowledged in the US, Canada, and 47 European countries, and has been upheld since it was launched 13 years ago by the Council of Europe. Its main purpose is to raise awareness and promote privacy and data protection – particularly among businesses. As technology continues to advance, and businesses become more reliant on leveraging customer data, its protection has never been more critical. Last year, organisations were concerned with being able to effectively implement GDPR. But twelve months on and, while regulations to protect data are in place, cyber-attacks still frequently occur. It has never been…
The Redaman Banking Malware is still on the rampage spreading through a spam campaign which downloads a malicious PDF attachment used to steal financial information according to security researchers at Palo Alto Networks. https://twitter.com/Balajinm3/status/1088668163905150977 Ryan Wilk, VP of Customer Success at NuData Security: “Banks are under continuous attacks as cybercriminals leverage one technique and dynamically change it to keep up the barrage of attacks until something gets through and they are able to steal critical consumer and banking information. This onslaught of online fraud is one of the biggest challenges for the financial community, but can be significantly mitigated with…
In response to an update from researchers on a new variant of the password-stealing Ursnif bank trojan that employs “fileless persistence which makes it difficult for traditional anti-virus techniques to filter out the C2 traffic from normal traffic,” an expert with Virsec offers perspective. https://twitter.com/wot_science/status/1089057920912842752 Expert Comments below: Ray DeMeo, Co-Founder and COO at Virsec: “This is just the latest example of how anti-virus and signature-based security tools are easily bypassed by creative hackers. There are hundreds of sophisticated hacker tools readily available, that can be morphed into endless numbers of new-looking attacks with new signatures that aren’t recognized. We need to assume these threats will continue to…
It has been reported today that Facebook plans to integrate WhatsApp, Instagram and Messenger, the technology giant has announced. The merger is intended to create “the best messaging experiences” for the billions of users around the world who use the Facebook-owned apps. Merging with Facebook Messenger and Instagram could force WhatsApp users to reveal information about themselves that they would prefer to keep private. Expert Comment Below: Sam Curry, Chief Security Officer at Cybereason: “How Herculean will the task become when blame is diffused, architecture can be blamed and no one is looking out for the sins committed across inter-company APIs? Now is the time for…
Scammers are apparently using Deliveroo to clear out bank accounts and the response from the company may be in breach of GDPR on three accounts. The sixth principle of Article 5, for example, requires companies to have appropriate security in place to keep customers’ financial and other personal data secure. It also appears to have breached Article 32, which provides more detail about what is expected in terms of data security – namely encryption, which appears not to have been in place. Lastly, there’s Article 34, which requires the “data controller” –Deliveroo – to tell anyone who may be affected by a data…
In response to news of millions of mortgage and bank loan documents exposed by Ascension, a data and analytics serving the financial industry which (as part of its core services) converts paper documents into readable digital optical character recognition (OCR) files, an expert on third party risk management with Shared Assessments offers perspective. Expert Comments Below: Mike Jordan, CISSP, CRISC, CTPRP, Senior Director at The Shared Assessments Program: “This brings to mind one of the complexities in Third Party Risk Management. At least one of the banks affected wasn’t even a customer of the company allegedly responsible for this data leak. Hacked subcontractors or…