In light of the news today that Vision Direct customer card details were stolen in a data hack with 16,300 customers at risk, please see below for comment from David Emm, Principal Security Researcher at Kaspersky Lab. David Emm, Principal Security Researcher at Kaspersky Lab: “Today’s news of the Vision Direct breach – the data of which was obtained using a fake Google Analytics script which had been placed in its website code that let hackers breach security defences – serves a stark warning for providers to do all they can to protect their customer’s data. “We share an alarming amount of information when we shop…
ISBuzz Team
Security web scans and analysis on over 4,500 Australian and New Zealand Magento websites, the most popular e-commerce platform globally, reveal over 78% are at high risk from cyber criminals, according to leading global cybersecurity experts. The latest survey carried out by Foregenix identifies the most significant vulnerability for Australian and New Zealand SMEs’ are hackers looking to exploit the absence of critical security patches. Global cybersecurity experts Foregenix, which operates out of Sydney, found almost 90% of websites using Magento 1 were at risk, however, the figuresfell sharply to around 35% for Magento 2 websites. The global analysis – which examined…
The Dutch domain registrar SIDN and the nation’s internet service providers group NBIP are warning small businesses of increased risk of DDoS attacks according to Telecom Paper. The jointly-issued report finds that web shops selling consumer goods such as clothes, cosmetics and garden equipment have a greater chance of being hit by DDoS attacks. The two European organizations also note DDoS trends, including: Shared hosting puts SMB e-tailers at 35X increased risks, as they’re impacted if another site on the server is hit by an attack; Public sector entities and larger banks are among those mostly likely targeted by direct attacks; and The organizations estimate total costs of DDoS attacks at EUR 1 billion per year. In response,…
Researcher Lukas Stefanko has just warned (via Twitter) about malware embedded in fake apps available on Google Play, noting that 13 apps have been installed more than 560,000 times. A OneSpan mobile cybersecurity expert offers perspective on the goals of the attackers and how brands can prevent their apps from being repackaged by criminals. Will LaSala, Director of Security Solutions, Security Evangelist at OneSpan: “Application repackaging has been on the rise for a while now. Earlier this year it was reported that applications were being hijacked to install cryptocurrency miners. We saw a decline in these attacks when governments started to address the…
As tomorrow marks 6 months since the implementation of the General Data Protection Regulation (GDPR), please find below commentary from security experts in relation to GDPR. Chris Mayers, Chief Security Architect at Citrix: “Today, there is still a strong chance that a number of organisations could be struggling with issues around data sprawl, the volume of personal customer information and uncertainty around data ownership – as our research from around a year ago suggested. “The poll also found the average large UK business was reliant on 24 systems to manage and store personal data, with one in five (21 per…
In light of the news that the One Planet York app – used by York City Council and its residents – has been hacked and up to 6,000 people may have had their data stolen, IT security experts commented below. Martin Thorpe, Enterprise Security Architect at Venafi8: “This is a serious breach, with thousands of people having their personal data at put at risk. Unfortunately, hacks of these kind are rising year on year though; York is certainly not alone. There are now over 15.5 billion apps in the UK, often containing very personal information – from health data to financials. Yet developers are often more focused…
Attackers suspected of working for the Russian government masqueraded as a US State Department official in an attempt to infect dozens of organizations in government, military, defence contracting, media, and other industries, researchers from security firm FireEye have warned. The tactics, techniques and procedures are akin to those used previously by the Russian APT group Cozy Bear, aka APT29. At least 38 FireEye clients have been targeted so far in the spear-phishing campaign. Commenting on the approach and possible intentions of the attack, and the US government’s need to protect it’s agencies, employees and citizens, is Tim Sadler, co-founder and CEO at Tessian.…
News broke today that ministers are failing to act with “a meaningful sense of purpose or urgency” in the face of a growing cyber threat to the UK’s critical national infrastructure (CNI), a parliamentary committee has warned. The joint committee on national security strategy said at a time when states such as Russia were expanding their capability to mount disruptive cyber-attacks, the UK’s level of ministerial oversight was “wholly inadequate”. Israel Barak, Chief Information Security Officer at Cybereason: “The spectrum of cyberattacks against critical infrastructure providers in the UK and the profile of adversaries who targeting these environments continues to broaden. Critical infrastructure is generally…
SOC/NOC Integration Breeds Increased Efficiency and Effectiveness SOCs (security operations centers) and NOCs (network operations centers) both serve vital functions in your network. And while each serves a different function, significant overlaps exist that can be leveraged to create more efficiency and effectiveness in your organization. SOC staff must assess and respond to security events quickly to resolve cybersecurity issues before they can negatively impact the business, while NOC staff are responsible for making sure your network maximizes uptime and ensuring that bandwidth and demand can be managed properly. Your SOC and NOC have demanding work that they need to…
The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting sensitive and confidential information shared with third-party vendors and partners. According to the findings, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent — up 5 percent over last year’s study and a 12 percent increase since 2016. Javvad Malik, Security Advocate at AlienVault: The use of third parties has risen over the past few…