It was reported that Superdrug had warned its online customers to change their passwords after criminals claimed to have obtained their personal details. The chain said the group claimed they had stolen details of 20,000 customers. IT security experts commented below. Dr Guy Bunker, SVP of Products at Clearswift: “The first thing to consider as a consequence of this breach is GDPR. Only time will tell but we may see Superdrug fined because of the hack. “The second is whether the proposed method of the attack – with the attackers finding other ways of obtaining usernames and passwords from somewhere else and then using those…
ISBuzz Team
Following the news that GDPR has put ad tech firms in jeopardy while strengthening the hand of giants such as Google and Facebook, Mayur Upadhyaya, Managing Director, EMEA at Janrain, discusses the change the regulation will have on the digital advertising industry and how firms can embrace consent to improve relationships with their audiences. Mayur Upadhyaya, Managing Director, EMEA at Janrain: “The consent supply chain is an inflection point for third party data brokers. For many that have collected data over the years, the ability to demonstrate that the data has been both collected and used appropriately has always been a challenge.…
Fast-casual restaurant chain Cheddar’s Scratch Kitchen has posted the notice that a data breach compromised approximately 567,000 payment cards between November 3, 2017 and January 2, 2018. An expert with NuData Security offers perspective. Ryan Wilk, Vice President of Delivery – Customer Success at NuData Security: “Due to the cybercriminals’ sophistication and how creatively they use the stolen data, this is not just a problem for Cheddar’s and their customers, but also for the payment card providers and any other organizations with whom the victims hold accounts. Once personal and financial information such as this is accessible to criminals, it feeds the pipeline of…
A lack of employee education, overlooking patch management and flouting security processes are leaving business vulnerable and posing a threat to network security and data protection. According to a government survey, nearly half of businesses in the UK have fallen victim to cyberattacks or security breaches in the last year[1]. Of these breaches or attacks, the most common involved fraudulent emails, attempts by scammers to impersonate the organisation online and viruses or malware. With many of these forms of attack seeming fairly rudimentary, it makes us question how many of the fundamental principles of cybersecurity businesses are ignoring. It is…
Krebs just posted that Apache has released software fixes for a newly discovered vulnerability. And hackers already have exploit blueprints online. Attackers can exploit sites running the exposed Apache Struts installation by sending the right request to the site, which will force the web server to run any command desired by the hacker–such as adding or deleting files or copying internal databases. IT security experts commented below. Jeannie Warner, Security Manager at WhiteHat Security: “Apache Struts is used by some of the world’s largest companies. The more common the vulnerability, the more it helps attackers simplify their process…and the easier it becomes for…
A massive WordPress redirect campaign has been discovered by security researchers at Sucuri* who say that cybercriminals are leveraging an old vulnerability in tagDiv themes and a new one found in the Ultimate Member plugin. Chris Olson, CEO at The Media Trust: “The redirect campaign targeting tagDiv themes and Ultimate Member plugins underscores the need for website owners using standard hosting services to perform the needed upgrades to keep their sites secure. Too often, once the site is launched, they focus only on content updates and any latency issues while forgetting about code updates on their plugins and website frameworks.…
In response to news that Iranian hackers have targeted students in order to gain access to UK university assets John Wilson, Field CTO at Agari (experts in email security) commented below. John Wilson, Field CTO at Agari: “Sanctions against Iran have made it difficult for Iranian scientists and researchers to obtain legitimate access to cutting-edge research conducted at top universities. This leaves the Iranians with just a handful of options to acquire the desired information: (1) Hack into university computers to obtain the desired papers (2) Convince a student at each university to steal the information (3) Use phishing to obtain university library credentials. Hacking…
T-Mobile has experienced another data breach, as reported by TechCrunch. Hackers stole customer stole names, billing zip codes, phone numbers, email addresses, account numbers, and account type in what the company described as an “unauthorized capture of data.” IT security experts commented below. Pravin Kothari, CEO at CipherCloud: “The new T-mobile breach is deja vu all over again. In 2015, a massive amount of T-mobile customer data was breached. Reports at that time put the number at approximately 15 million customer accounts which included data as sensitive as social security numbers. In December of 2017, an exposed vulnerability was reported…
News has broken that the Democratic National Committee thwarted an attempted hack of its massive voter database, two years after Russian operatives sent the party into disarray by breaking into its computers and facilitating the release of tens of thousands of emails online amid the presidential election. DNC security contractors notified the party Tuesday that hackers had created a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party’s voter file, a party official said. The file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s…
Recently, a new malware campaign was identified called Marap that targets the financial sector, James Hadley, CEO & founder of Immersive Labs commented below. James Hadley, CEO & Founder at Immersive Labs: “The banking sector will always be a prime target for cyber attacks. With this threat never ceasing, it’s vital for the industry to acknowledge the challenges and threats continually evolve. This presents one of the main challenges for the banking industry. How can they keep up? Or even better, get a step ahead of these evolving threats? “Increasing sophistication in security software is one part of the answer. Another is taking…