News is breaking that a leading retailer has seen a website glitch put the privacy of customers’ personal data at risk. This time, Card Factory, a popular UK-based greeting card business, has been storing customers’ data in an insecure way, letting the public access their photos with a basic URL trick, specifically through an ‘insecure direct object reference.’ Bryan Becker, Application Security Researcher, WhiteHat Security, commented on the incident. Bryan Becker, Application Security Researcher at WhiteHat Security: “The Card Factory security incident is an important reminder that our personal information is constantly at risk. Unfortunately, Card Factory’s response to the personal data breach…
ISBuzz Team
The state of workplace mobility The continued white-hot proliferation of personal devices has led to businesses adopting cultures where employees can contribute remotely, using whatever device is accessible. For many, this has led to Bring Your Own Device (BYOD) initiatives, where businesses formally embrace the use of personal devices and enable remote access to corporate data and applications. For others, a specific line of business drives the increased usage of personal devices, such as a sales team becoming increasingly mobile or a customer-facing team leveraging tablets to execute transactions. According IDC’s Worldwide Semiannual Mobility Spending Guide, worldwide spending on mobility…
A vibrant, connected community of ethical hackers has an important role to play in the increasingly complex fight against cyber-crime, explains Brigitte d’Heygère, Vice President Security & Consulting Services at Gemalto Buried treasure is not just the stuff of fiction and legend. For at least some of our ancestors, it was quite simply the most effective means of protecting prized possessions from unwanted attention. And whilst the methods of defense have inevitably evolved over time, the basic game of cat and mouse between legitimate owners and those who seek to steal from them has never gone away. Of course, in…
In response to the recent discovery of GreyEnergy, a highly sophisticated piece of malware targeted industrial control systems, please see below comments from Moreno Carullo, co-founder and CTO of Nozomi Networks. Moreno Carullo, Co-founder and CTO at Nozomi Networks: “The recent discovery of yet another undocumented advanced malware, now dubbed GreyEnergy, was inevitable. We are seeing a trend in ICS cybersecurity where this, and other malwares do exist, and they are threatening our world’s most critical infrastructures. This specific report claims that GreyEnergy could be a successor of BlackEnergy, the malware that targeted and successfully attacked Ukrainian facilities in December…
Asher Benbenisty, director of product marketing at AlgoSec sets out how organizations should approach managing their ACI deployments holistically with their overall network infrastructure Demand for software defined networking (SDN) solutions is booming, so much so that the market is expected to rise to $88 billion by 2024. SDN offers multiple benefits, including cost reduction, centralized management, quicker application deployment, enhanced scalability and reduced downtime, so it’s easy to see why it is so appealing to organizations that want to have more flexible and agile networks. One of the market-leading SDN offerings is Cisco’s Application Centric Infrastructure (ACI), a multi-tenant,…
More than a third of organizations still use paper based records and surveys to assess their third-party risk according to the 2018 Third-Party Risk Management Benchmark Report from NAVEX Global.* Matan Or-El, Co-founder and CEO at Panorays: “The problem with paper-based records is that they are out of date almost as soon as they are completed. Risk management is not a checkbox, but an ongoing process where third-party risk is assessed every day. The price for lagging behind with paper processes could result in a third-party breach with a financial average cost for Enterprises of up to $1.47 million, according to Kaspersky Labs.…
It has been revealed that nearly half (46 percent) of executive-level and C-level respondents say their organisations have experienced a cybersecurity incident over the past year. With more than 1500 executives surveyed, the Deloitte poll found forty-nine percent of respondents admitting that their organisation does not conduct cyber wargaming exercises, with more than one-third (34 percent) indicating that they do not know their individual role within their organisation’s cyber incident response plan. Javvad Malik, Security Advocate at AlienVault: “Attackers continue to target users within companies as it is often easier to trick someone that is distracted or overworked. Raising security awareness is therefore of utmost importance;…
Breaking news from Barclays this morning revealed findings that dating scams cost victims an average of £2,000, while NSPCC highlighted that children are at increased risk of blackmail and grooming due to a surge in live-streaming. Dating site scam victims ‘lose £2,000’ – Raj Samani, Chief Scientist and Fellow and McAfee commented below. Raj Samani, Chief Scientist and Fellow and McAfee: “It’s not surprising to hear dating scams are costing people dearly – we previously found that 38% of people openly share their email address in their dating profiles and 7% of people even share their passwords with people via dating sites. Sharing this personal…
Among findings in the new Ponemon report 2018 State of Endpoint Security Risk report: 64% of enterprises have been compromised in the past 12 months by attacks, the cost of a successful cyber-attack increased 42% year/year, and organizations are now 4x more likely to be hit with a zero-day attack bypassing existing defenses compared to traditional attack methods such as a fileless attack. In response, an expert with Virsec offers perspective on these findings. Satya Gupta, CTO and Co-founder at Virsec: “It’s not surprising that fileless attacks are on the rise, because they work. What is worrisome is how slow many organizations been to respond to these new tactics…
Please see below for comment from cyber security recruitment specialist, Acumin Consulting regarding news today from (ISC)2 that the cybersecurity industry faces a worldwide shortage of almost 3 million staff. Ryan Farmer, Compliance Manager at Acumin Consulting: “With such a broad statistic it’s important to contextualise and focus on the local rather than global. The 142,000 shortfall of security professionals in EMEA somewhat pales in comparison to those in Asia and the US. The relatively small number is reflective of greater market maturity and stability across Europe. Although the gap may seem daunting, findings such as the fall in average…