Freshmenu, a cloud kitchen platform is garnering criticism for not informing customers of a breach two years ago that exposed personal information of 110,000 users. It is incidents like these that are propelling countries to institute strict data protection laws. Niles Rowland, Director of Product Development at The Media Trust: “Few companies will escape the growing number of consumer data privacy laws sweeping across geographies. In India, the government is considering a bill that requires companies to, among others, appoint a data privacy officer, have annual third-party audits of data collection processes, and notify regulators and individuals of a breach.…
ISBuzz Team
In response to news that during today’s State of the Union address to the European Parliament, Jean-Claude Juncker, the European Commission’s president, has said Google, Facebook and Twitter must remove extremist content within an hour or face hefty fines, Jake Moore, Security Specialist at ESET commented below. Jake Moore, Security Specialist at ESET: “The proposal to remove any content from social media will cause a huge headache even for the large internet companies. Fundamentally, the likes of Google, Twitter and Facebook will simply have to employ more staff to deal with the vast amount of requests even more quickly to abide…
Experts say current security measures not enough to protect data in lost or stolen laptops Consultants from cyber security provider F-Secure have discovered a weakness in modern computers that attackers can use to steal encryption keys and other sensitive information. The discovery has compelled the researchers to warn PC vendors and users that current security measures aren’t enough to protect data in lost or stolen laptops. Attackers need physical access to the computer before they can exploit the weakness. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes. “Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer. And when you have a security issue found in devices from major PC vendors,…
Ethereum Classic and ZCash have been added to deVere Crypto, one of the world’s leading cryptocurrency exchanges, due to strong client demand. Users of the trailblazing crypto app, launched by deVere Group earlier this year, can now also buy, sell, store, and exchange Ethereum Classic (ETC) and ZCash (ZEC), alongside Bitcoin (BTC), Ethereum (ETH) Litecoin (LTC), Ripple (XRP), Dash (DASH), Monero (XMR) and Bitcoin Cash (BCH). Of the latest additions to deVere Crypto, Nigel Green, founder and CEO of deVere Group, comments: “Whilst it remains the dominant digital currency, with currently about 58 per cent of the total market capitalisation, there…
Npower is urgently investigating how the personal details of around 5,000 of its customers were shared via letters sent out in the post and web security company High-Tech Bridge’s CEO Ilia Kolochenko commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “If the overall scope of the incident is limited to 5,000 customers and does not disclose anything but individual confusion of names and addresses, the incident can be classified as minor. Moreover, it is unlikely caused by hacking activities but rather an internal human mistake. In many organisations it is economically impractical to mitigate all possible human errors, and a similar incident…
Malware Analysis: VirusTotal: One of the most famous Multi-Antivirus scanning Website, VirusTotal aggregates many antivirus products and online scan engines to check for viruses that the user’s own antivirus may have missed, or to verify against any false positives. Files up to 256 MB can be uploaded to the website or sent via email.Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal’s own capability. Joe Sandbox: Joe Sandbox Complete executes files and URLs fully automated in a controlled environment and…
Tesla Model S key fob system is vulnerable to spoofing attacks, Craig Smith, Rapid7’s research director of transportation security, commented below on this report. According to reports, researchers identified a flaw which would allow attackers to steal a Tesla simply by walking past the owner and cloning his/her key. The malicious actor would have to first identify the car’s radio ID, then relay that broadcast to a victim’s key fob and listen for the response, typically from within three feet of it. If they can carry out that back-and-forth twice, the attacker can work back to the secret key powering the fob’s responses,…
Tripwire’s Vulnerability and Exposure Research Team (VERT) have uncovered and investigated many of the vulnerabilities found within the Microsoft September 2018 Security Updates. Tripwire identified three vulnerabilities as critical with exploitation more likely. One of these is the vulnerability CVE-2018-8440, which takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. Tyler Reguly, Manager of Software Development at Tripwire: In-The-Wild & Disclosed CVEs CVE-2018-8440 This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was…
WatchGuard’s Q2 2018 Internet Security Report uncovers heightened use of credential-focused attacks and continued prevalence of malicious Office documents New research from the WatchGuard Threat Lab shows the emergence of the Mimikatz credential-stealing malware as a top threat and the growing popularity of brute force login attacks against web applications. The research also reveals that 50 percent of government and military employee LinkedIn passwords, largely from the US, were weak enough to be cracked in less than two days, underscoring the reality that passwords alone can’t offer sufficient protection and the need for multi-factor authentication (MFA) solutions. WatchGuard’s Internet Security Report for Q2 2018 explores the latest security threats affecting small to midsize businesses (SMBs) and…
The data management firm, Veeam, left a 200GB database defenceless and open to public query. 445 million customer records were stored in this database, including first and last name, email address, country of residence, IP addresses and more. Veeam counts about 307,000 customers. Among them are Norwegian Cruise Line, Gatwick Airport, Scania, healthcare and educational institutions (several universities and school districts). IT security experts commented below. Mike Schuricht, VP Product Management at Bitglass: “Identifying specific attack vectors like misconfigured, MongoDB databases is now a simple act for nefarious individuals. Organisations need to pay more attention to data security policies and put…