Websites are facing a PHP deadline coming up in 10 weeks. The Popular PHP 05.x will stop security updates by the end of the year and currently 62% of all Internet sites are running on it. PHP is a general-purpose scripting language that runs on a web server. PHP is used mostly to create dynamic web page content or dynamic images used on websites. Mike Bittner, Digital Security & Operations Manager at The Media Trust: “The looming PHP crisis demonstrates how companies continue to underestimate the risks their websites pose to the organization. Websites connect companies with not only their markets,…
ISBuzz Team
It has been revealed that there has been a 93% increase in the number of people searching for cyber security recruitment and related terms in Google, according to the latest figures by technology recruitment company Finlay James. The news comes after the ISC anticipated a worldwide shortage of 1.8 million cyber security professionals by 2022 but the lack of skills to tackle cybercrime is already causing problems. James Hadley, CEO and Founder at Immersive Labs: “It is well known the cyber security industry faces a fundamental skills shortage, which traditional recruitment methods cannot solve. A new approach, which reaches out to untapped talent pools and upskills them in cyber security is needed. By…
With today’s IoT Code of Practice from the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC), wanted to share insight from Canonical – the company behind Ubuntu – around the need to instil a culture and OS rooted in security. Below Jamie Bennett, VP of IoT and Devices at Canonical commented, focused on why the Code is a good start, but could go further. Jamie Bennett, VP of IoT and Devices at Canonical: “IoT devices are now a staple of modern life, and the DCMS and NSCS’ Code of Practice is a welcome addition to consumer security. The…
CNBC is reporting today that the Pentagon disclosed a cyber breach of Defense Department travel records that compromised the personal information and credit card data of up to 30,000 U.S. military and civilian personnel. IT security experts commented below. Pravin Kothari, CEO at CipherCloud: “In context, this breach at DOD is potentially part of a much larger campaign by several well-known nation-states to build out a comprehensive database on our civilian and military population, our businesses, and all of their activity from one end of the supply chain to the other. They are possibly collecting databases and information, and building cross-indexes…
Following the news that a recent investigation has revealed that Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, IT security experts commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Due to the criticality of their services, government networks have become a key target for cyber criminals interested in cyber espionage, cyber warfare, hacktivism and cyber ransom attacks. Any cyber attack targeting a government entity, especially one against the MoD, could have a serious impact on national security, and it is understandable that the government has declined to confirm or deny an…
Following the news that a recent investigation has revealed that Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, Edgard Capdevielle, CEO of Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Due to the criticality of their services, government networks have become a key target for cyber criminals interested in cyber espionage, cyber warfare, hacktivism and cyber ransom attacks. Any cyber attack targeting a government entity, especially one against the MoD, could have a serious impact on national security, and it is understandable that the government has declined to confirm…
A report by Sky News has revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017. In light of this news, please see a comment from Jake Moore, cyber security expert at ESET UK, on what this means for national security and how future incidents can be avoided. Jake Moore, Cyber Security Expert at ESET UK: “The theft of any secret information is a serious threat to a business but when the stolen data includes military secrets it quickly ramps up to become a serious threat to national security. Disclosure of…
Preparing for the upcoming midterm elections, Facebook has removed 800 fake accounts and pages of bogus political ads. The company is cracking down on fake ads and other pages where spammers try to drive consumers to ad farms with authentic looking content. Chris Olson, CEO at The Media Trust: “Facebook’s efforts to purge fake accounts is a significant step toward preventing the spread of fraudulent products and messages and data scandals. The internet today enables anyone to spread any content–fraudulent or otherwise–to exploit data gathered from unknowing consumers. Big platform providers are favorite communication channels because they offer quick, easy access…
According to the recent report from the cybersecurity authorities of the “Five Eyes”, the availability of hacking tools and techniques are not limited to dark web criminals or nation-state hackers. Christian Elisan, Lead Analyst at Flashpoint, provides his insights below on how organisations can defend against these tools and attacks. Christian Elisan, Lead Analyst at Flashpoint: “Aside from the recommendations mentioned by NCSC (National Cyber Security Centre), organisations can take a step further by studying and familiarising themselves with the freely available tools used in the attacks. See how the tools behave in a target system and what changes, if any, are done…
TechCrunch reported that FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, exposed millions of user records because it left several of its servers without a password. Pravin Kothari, CEO at CipherCloud: “The FitMetrix potential exposure of 113.5 million records seems likely to be another unfortunate example of a cyber breach caused by misconfiguration and administrative error. If the data was encrypted end-to-end, at the cloud “edge,” then access to the exposed but encrypted data would have been stopped. Perhaps the more interesting issue is whether or not the exposed FitMetrix databases included data from European citizens,…