Radboud University (NL) researchers today announced their discovery that widely used data storage devices with self-encrypting drives do not provide the expected level of data protection. A malicious expert with direct physical access to widely sold storage devices can bypass existing protection mechanisms and access the data without knowing the user-chosen password. Mounir Hahad, Head of the Juniper Threat Labs at Juniper Networks: “For most cyber threat activity, the vulnerability of hardware full disk encryption makes no difference to the attack’s success. Typically, remote attacks using malware or hacking require the victim’s computer to be up and running, and disk access is…
ISBuzz Team
A widespread scam pretending to be from Elon Musk and utilizing a stream of hacked Twitter accounts and fake giveaway sites has earned scammers over 28 bitcoins or approximately $180,000 in a single day. This scam is being pulled off by attackers hacking into verified Twitter accounts and then changing the profile name to “Elon Musk”. They then tweet out that he, being Elon, is creating the biggest crypto-giveaway of 10,000 bitcoins. Even worse, these posts are being promoted through Twitter advertising in order to give them wider visibility and to add legitimacy. Commenting on how Twitter’s verification system facilitated the scam is Paul…
The news dropped that criminals are selling the private messages of 81,000 Facebook account for 10 cents per account on the Dark Web. These bad actors also have access to the information of 120M Facebook users. Rich Campagna, CMO at Bitglass: “Malicious browser extensions highlight the harsh reality that an unknown vulnerability can pose a major threat to data security and brand reputation. It is the responsibility of companies to ensure appropriate configurations, deny unauthorized access, and protect sensitive data at rest. In addition to losing login credentials, this hack likely exposed a plethora of sensitive personal information. It will be interesting…
The world is becoming smaller and the need to be connected whenever, wherever you are, is growing stronger. The advent of smartphones, and features such as Apple’s FaceTime, have made it increasingly easier and cheaper to connect with people across the world. This change in consumer behaviour marks the death of arguably one of the most ground-breaking inventions of all time – the landline telephone. The death of the landline Statistics support the view that the landline is dying a slow death. In the UK, the percentage of homes with fixed cable phones has fallen from 81 to 76 per…
The Radisson Hotel Group has experienced a data breach impacting members of the firm’s loyalty and rewards scheme. The chain accounts for over 1,400 hotels in over 70 countries and includes the Park Plaza brand, Country Inn & Suites, Park Inn, and Radisson Collection. Commenting on the cause of the data breach, and how Radisson Hotel Group can prevent them going forward, is Paul Walker, Technical Director at One Identity. Paul Walker, Technical Director at One Identity: “The hotel chain’s advisory suggests that potentially employee accounts, which had permission to access this data, were at fault and fraudulently accessed by an attacker. An obvious response…
A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor – Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service. Commenting on how the controversial news could affect users, and the steps they can take to protect themselves, is Paul Bischoff, Privacy Advocate with Comparitech. Paul…
It has been reported that security researchers have found two severe vulnerabilities affecting several popular wireless access points, which, if exploited, could allow an attacker to compromise enterprise networks. Please see below for commentary from several security experts at Synopsys. Thomas Richards, Associate Principal Consultant at Synopsys: “Bluetooth has been added to Wireless APs to extend the technology available to wireless devices on the network. It allows organisations to develop applications that support BLE devices including location-aware applications. The flaws appear to be very serious. If exploited, an attacker could run arbitrary code on the affected devices. This could lead to compromise of the…
Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari. Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run the largest public cloud computing platforms, which are widely used by companies undergoing digital transformation projects. Providing comment on the report and the current trends in advanced email attacks is Tim Sadler, Co-Founder and CEO at Tessian. Tim Sadler, Co-Founder and CEO at Tessian: “The reason Microsoft and Amazon are…
On the 30th anniversary of the world’s first cyber attack, Matt Lock, Director of Sales Engineers UK at Varonis offers the following comment. Matt Lock, Director of Sales Engineers UK at Varonis: “We’ve come a very long way since the first computer virus. Viruses, worms, spyware, botnets, the list goes on – these are simply the tools in the cybercriminals’ toolbox. The tactics evolve but the goals remain the same: to steal, expose, turn a profit, and gain control. Spies once used fake credentials and tiny concealed cameras to capture important plans behind enemy lines and criminals robbed banks to steal money. Today’s cyber-spies…
Cybercrime is a growing epidemic that affects businesses of all sizes. Organisations have a responsibility to protect the data of their employees and customers. So they are investing in expensive hardware and software solutions. Yet businesses don’t realize that without effective management of those solutions, every component they add to their IT inventory becomes a new point of vulnerability. Cybercriminals can exploit unaccounted and out-of-date hardware and software to hack systems. So companies need to put effective IT asset management solutions in place. What IT Asset Management (ITAM) Entails IT managers have to keep track of their IT inventory. They…