In a serious case of insider threat, CyberScoop reported that the website of popular WordPress plugin WPML had a former employee exploit an old password and a hidden vulnerability the employee previously inserted into the site to gain access after leaving the company. The employee appeared to use his access to post a message on a website and spam the same message to WPML clients. https://twitter.com/experttheme01/status/1087985706385985537 WPML said the incident caused it to lose client data, forced it to rebuild its server from scratch and prompted it to reset all customers’ passwords. OnTheGoSystems said that the plugin itself was not vulnerable and…
ISBuzz Team
Well, here’s where you can start and learn the ropes. There are over 350,000 security analyst job openings currently available and many have starting salaries in the six-digits. On top of that, organizations are struggling to find good security analysts due to the shortage of cybersecurity skills. And that will continue to be the case in the coming years. There could be a 1.8 million cybersecurity talent shortage by 2022. (1) So what’s the deal? Why is this happening? Many reasons but most of all, we’re human. We are creative, social beings that need to grow, learn, evolve and have a…
Becrypt has been in the disk encryption business for more than 15 years and have carried out extensive work with governments and large enterprises. Today, a lot of what we’re doing is working with small businesses, typically organisations that are looking at adding encryption for the first time, driven by regulation such as GDPR, and those that require encryption as part of the privacy enforcing mechanisms. Based on the experience and feedback that Becrypt has attained, I have summarised the top-five issues that small businesses should think about if they are looking at adopting disk encryption, or if they’re looking…
CNIL, the French data protection watchdog, issued its first GDPR fine of $57 million to Google, claiming that they failed to comply with GDPR when new Android users set up a new phone and follow Android’s onboarding process. https://twitter.com/damase/status/1087624060891205632 Experts Comments Below: Anurag Kahol, CTO and Co-founder at Bitglass: “Google being fined for its noncompliance with GDPR will likely pave the way for penalties for other prolific companies that have not yet met the demands of the new law. Until this point, data protection authorities have been incredibly patient with companies – GDPR has been in full effect for nearly a…
Research conducted by Kenna Security and Cyentia Institute demonstrates companies can be smarter and more efficient in their security efforts “In our ongoing mission to apply the tenets of data science to cybersecurity, we have begun to benchmark the realities of vulnerability remediation strategies. We’ve found that remediating the riskiest vulnerabilities is within reach for many organizations. Despite recent high-profile data breaches, our findings show that enterprises can and should delay efforts to remediate a majority of vulnerabilities, which often number in the millions. Most vulnerabilities pose little to no danger of being exploited. That means companies can prioritize their…
ZDNet reported that a password-less ElasticSearch server belonging to a variety of online casinos has compromised the information on over 108 million bets, including customers’ payment card info, full names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information and more. The payment card details indexed in the server were partially redacted however, meaning that they were not exposing each user’s full financial details. The leaky server was found last week and was just taken offline today and is not accessible anymore. https://twitter.com/ZDNet/status/1050386922449731586 https://twitter.com/AIESEC/status/1087491892839940098 Experts Comments Below: Mark Weiner,…
Following Theresa May’s defeat in Parliament earlier in the week, the Brexit process looks to be in a state of confusion. With that confusion comes the question of how the cybersecurity industry in the UK will keep its reputation of a world-class workforce when visas and potentially employees not wishing to stay in the UK comes to pass. https://twitter.com/advantexuk/status/1083358549844078592 James Lyne, Head of Research and Development at SANS Institute, and creator of the Cyber Discovery programme, believe that we should be doing far more to nurture homegrown cybersecurity talent in the UK – as it may be the only way…
Ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previously distributed another ransomware called Blackheart and promotes other infections such as a RAT. BlackRouter was originally spotted in May 2018 and had its moment of fame when TrendMicro discovered it dropping the AnyDesk remote access program and keyloggers on victim’s computers. https://twitter.com/samh5621/status/1087031297967566850 https://twitter.com/shah_sheikh/status/1087253852569518080 Israel Barak, CISO at Cybereason: “Ransomware is one of the most effective and successful forms of cybercrime, yet attacks have slowed considerably in the past few years. But as long hackers find it simple to construct and deploy, it will be a low-risk,…
Elizabeth Denham, Information Commissioner, has advised businesses to consider “alternative data transfer mechanisms” in the event of a no-deal Brexit, which might have implications on cross-border data flow. https://twitter.com/pyxiGDPRteam/status/1084903868163547136 Ian Smith, founder and CEO of Gospel Technology commented below, whose data security platform harnesses permissioned DLT to allow organisations to securely share critical data with third parties outside their perimeter of control. Ian Smith, CEO at Gospel Technology: Whatever the outcome of the Brexit negotiation, it’s crucial to the ongoing relationship between the UK and its European counterparts that information is able to move across borders seamlessly and securely. If the UK ends…
A serious vulnerability in a popular Android file has been discovered and exposes all the user’s data to attackers on the same network. In essence, the victim would only need to open the app once. This bug was found by researching Elliot Alderson, who posted about it on Twitter. Expert Comments below: Craig Young, Security Researcher at Tripwire: “The ES File Explorer ‘Open Port’ vulnerability is far more serious than originally reported. The truth is that attackers do not need to be on the same network as the victim phone thanks to DNS rebinding. With this attack model, a web site loaded on…