A recent report by Adzerk revealed that more publishers are feeling under pressure to adopt a consent-management platform to be compliant with the General Data Protection Regulation. Matt O’Neill, General Manager for EMEA at The Media Trust: “GDPR has disrupted digital advertising from the perspectives of risk, laws, and technology. Not using a CMP is simply not an option. There are more than a hundred CMPs in the market plus numerous home-grown solutions like what The Guardian uses. The technologies and the processes they facilitate are all new and are layered atop an already complex, dynamic ecosystem supported by thousands of technology…
ISBuzz Team
More than 33 billion records will be stolen by cyber criminals in 2023 alone, despite data protection laws mandating strong measures to protect personal and financial data, a study has found. The figure represents an increase of 175% over the 12 billion records expected to be compromised in 2018, resulting in cumulative losses of more than 146 billion records over the next five years, according to research by Juniper Research. IT security experts commented below. Tim Helming, Director of Product Management at DomainTools: “While these scarily big numbers are nothing unusual to those familiar with cybersecurity, we should not become desensitized to them. Following…
Yesterday evening, the Associated Press revealed the results of an investigation, which shows Google services on Android devices and iPhone store location data and tracks the user, even if you’ve used a privacy setting that says it will prevent Google from doing so. IT security experts commented below. Tim Mackey, Senior Technical Eevangelist at Black Duck by Synopsys: “There is a basic saying when it comes to most technology – “Just because you can, doesn’t mean you should”. The corollary of that is “If my mother can’t figure out what it does, or how to turn it off, it’s too complicated”. It’s been widely…
Eighty-one percent believe cyber attackers will target machine communications from local polling stations to central aggregation points Venafi®, the leading provider of machine identity protection, today announced the results of a study on the security of election infrastructure. According to the study, ninety-three percent of security professionals are concerned about cyber-attacks targeting election infrastructure and data. Eighty-one percent believe cyber criminals will target election data as it is transmitted by machines, software and hardware applications, from local polling stations to central aggregation points. “Last year, attendees at DEF CON managed to find and take advantage of vulnerabilities in five different voting machine types within…
IT research analysts, technology writers and vendors regularly cite their “top issues” facing IT professionals. But what are the most prevalent issues that IT professionals themselves say keep them up at night? After all, we’re the ones on the frontlines of day-to-day IT operations. In an IT security survey that US Signal conducted earlier this year, respondents noted that one of their top three challenges was protecting against email threats. That’s not surprising given the extensive list of email-based attacks many companies (including mine) have been enduring, such as phishing, spear phishing, whaling, business email compromise (BEC), CEO-to-CFO scamming and email impersonation. But just…
This year as the world went crazy for World Cup soccer action, cybercriminals kicked up their game an extra notch to exploit fan enthusiasm through social engineering attacks for financial gain. Even as the tournament closed in mid-July, phishing attacks were still in full swing and ready to take advantage of fans until the very end. Russia alone was reported to be targeted for over 25 million cyberattacks during the duration of the cup. But, there’s lessons to be learned from this so we can be more prepared for next time in 2022. The World Cup phishing problem may seem…
BBC reported that security flaws have been found in major city infrastructure such as flood defences, radiation detection and traffic monitoring systems. A team of researchers found 17 vulnerabilities, eight of which it described as “critical”. The researchers warned of so-called “panic attacks”, where an attacker could manipulate emergency systems to create chaos in communities. Andrea Carcano, Co-founder and CPO at Nozomi Networks: “Increasingly, attackers are targeting critical infrastructure, such as transportation systems and power grids, around the world. Due to the criticality of their services and gaps in cybersecurity protection, these systems have become juicy targets for cyber criminals. “Indeed, last…
A threat actor that is relatively new to the scene relies on open-source tools for spear-phishing attacks designed to steal credentials from government and educational institutions in the Middle East. The group is being tracked as DarkHydrus by researchers at Palo Alto Networks Unit 42, who observed it using Phishery in a recent credential harvesting attack. Previous campaigns utilized Meterpreter, Cobalt Strike, Invoke-Obfuscation, Mimikatz, PowerShellEmpire, and Veil. The typical method employed is to weaponize Office documents that retrieves malicious code from a remote site when executed. Tim Helming, Director of Product Management at DomainTools: “Threat actors using open source components for phishing attacks show that available tools on the Internet…
Hackers are employing a drive-by download attack to exploit a vulnerability in Flash Player. What makes this so different is that researchers at Malwarebytes* have found that hackers are using encryption to package exploits on-the-fly. They are calling it – Hidden Bee Miner. Patrick Ciavolella, Digital Security & Operations Director at The Media Trust: “The hidden bee miner shows how bad actors have ingeniously combined a variety of techniques and infrastructure to both maximize the campaign’s spread and minimize the chance of detection. The miner spreads by compromising ad traffic and redirecting them to the exploit’s landing page. It escapes…
Recently, security researchers discovered an AWS error exposed GoDaddy business secrets. Configuration files for hostnames, operating systems, workloads, AWS regions, memory, CPU specifications, and more were exposed in the cache which described at least 24,000 systems. The leak happened to be the error of an AWS salesperson who did not follow best practices with securing this particular bucket. Rich Campagna, CMO at Bitglass commented below. Rich Campagna, CMO at Bitglass: “What’s unusual about this incident is that in addition to the usual leak of names, emails, and credit card information intellectual property was also exposed and it was at the hand of an AWS…