It has been reported that the UK government has launched a voluntary Code of Practice to help secure internet-connected IoT devices. Gavin Millard, VP of Threat Intelligence “Virtually all consumers are so used to buying a device, ripping the wrapping off and not giving a moment’s thought to the cyber security implications of their new shiny toy. We can’t expect everyone to be an expert though, so a “secure by default” approach should be encouraged. Having to define a password in the start-up wizard and auto-updating of the software when bugs are found are two simple steps that could drastically reduce the cyber…
ISBuzz Team
Following the news around the Department of Health and Social Care (DHSC) estimating that the WannaCry ransomware attack cost the NHS £92m in disruption to services and IT upgrades, Matt Lock, Director of Sales Engineers at Varonis offers the following comments. Matt Lock, Director of Sales Engineers at Varonis: “When ransomware hits an organization, much is discussed about the cost in terms of rebuilding infrastructure, restoring digital records and getting systems back online. In the case of the NHS, we may never truly know or be able to quantify the ultimate cost of the WannaCry attack because human lives may have been affected…
An email phishing attack struck Iceland sending out malicious emails to thousands of individuals, in an attempt to fool them into installing a new threat that mixes code from different sources. Local police have described the cyber-attack as the countries largest to ever hit the country. Javvad Malik, Security Advocate at AlienVault: “While the code may mix together different sources, the tactic is not new. ‘Scareware’ has been used for many years to fool users into handing over personal information or money. The scale of the attack highlights why it’s important that security awareness is extended beyond the workplace to the whole population that…
Data Privacy Advocates have testified on Capital Hill that they would like data privacy laws that would form the foundation that states could build their data privacy laws upon, while tech giants would like to see a federal data privacy law limiting states’ rights. Chris Olson, CEO at The Media Trust: “Consumers want their privacy and are demanding the passage of laws to protect it. Whether federal law lays out a ceiling or a floor for state privacy laws, data will be regulated no matter what. Businesses that want to build strong relationships with customers should take a proactive approach to…
Experts commented this morning on Mozilla’s decision to delay distrusting Symantec certs in Firefox. The rationale being that “well over 1% of the top 1-million websites are still using a Symantec certificate that will be distrusted.” Mark Miller, Director of Enterprise Security Support at Venafi: “Distrusting the lion’s share of the certificates on the internet can be painful. And it’s especially painful for organizations that don’t have an automated way to replace their certificates. In fact, many organizations don’t even have a complete inventory of their machine identities. However, by delaying our distrust deadlines we’re leaving the window open for more…
Earlier this week, Bloomberg reported that a major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company. Chris Day, Chief Cybersecurity Officer at Cyxtera: “Recent news about the potential discovery of a hardware implant involving Super Micro Computer and a major U.S. telecommunications company has raised a lot of security questions about supply chains and downstream risks. The supply chain is always at risk but in this case, vulnerabilities within…
US Government Accountability Office (GAO) published a report finding critical vulnerabilities in the US military security systems. The report found that a “red teamer” was able to crack into the US Department of Defense system and reboot it, cause popups to appear and – perhaps more dangerously – find serious security holes in the nine weapons systems programs it tested. Sherban Naum, SVP, Corporate Strategy and Technology at Bromium: “The US government has a massive budget for defense spending, yet that isn’t reflected in security provisions implementing trust decisions in real time, a must for weapons systems, communications infrastructure and related supply…
Payments organisations and banks held their first-ever joint cyber-security war game in a bid to test their systems amid rising IT security threats. Mastercard, WorldPay and American Express (Amex) were among the payment processors that took part in the exercise, held at IBM’s test centre in Cambridge, Massachusetts. James Hadley, CEO and founder at Immersive Labs: “Sharing information is vital to ensure industries develop stronger, more robust risk and cyber security strategies. The world of cyber can take a lead from the aviation industry, where each incident is investigated and the information discovered is shared throughout the industry in an open manner in a drive…
Facebook Inc’s WhatsApp messenger service said on Wednesday it has fixed the latest bug on its platform that allowed hackers to take over users’ applications when they answered an incoming video call. The announcement follows reports from technology websites ZDnet and The Register that the vulnerability, which affected WhatsApp applications on Apple and Android smartphones, was discovered in late August and was fixed by Facebook in early October. Paul Bischoff, Privacy Aadvocate at Comparitech: “I’m sceptical of the claim that this attack could allow a hacker to remotely take over the victim’s device and access their conversations. The proof of concept describes a…
We now know that Google knowingly avoided disclosing its own data breach. At the same time it announces the decision to “fully remove trust in Symantec’s old infrastructure and all of the certificates it has issued” when it releases Chrome 70 later this month. Bill Holtz is CEO of Comodo CA, web security provider and the world’s largest commercial Certificate Authority commented below. Bill Holtz, CEO at Comodo CA: “Google’s tagline, ‘people should assume that the web is inherently safe,’ fosters confidence in many people but scepticism in many others. The web may be inherently safe based on large numbers, but try telling that to the…