New research by Finn Partners has revealed that employees pose a high level cyber risk to their organisation as nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. Dean Ferrando, Systems Engineer Manager at Tripwire: “Many businesses still remain unprepared for a cyber attack because it’s difficult to prepare for something you don’t understand, can’t visualize, or haven’t experienced. The dynamic nature of cyber attacks often makes it hard to pinpoint a root cause, and so executives with a desire to prepare are faced with choices, rather than clear actions…
ISBuzz Team
It has been reported that a MongoDB database was exposed online that contained health care information for 2 million patients in Mexico. This data included information such as the person’s full name, gender, date of birth, insurance information, disability status, and home address. IT security experts commented below. David Johansson, Principal Consultant at Synopsys: “This is not the first time something like this happens, and unfortunately it won’t be the last time either. A very similar incident affected Mexican voter records a few years ago, where data about 93.4 million voters were exposed from a misconfigured MongoDB server. The reason this happens is often because someone installs a…
United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle has stated that they saw what appeared to be BGP hijacks that targeted the DNS servers for U.S. payment processors Datawire, Vantiv, or Mercury Payment Systems. According to Oracle, the first attack started on July 6th 2018 with a short duration attack that attempted to reroute the following network prefixes, or blocks…
Following the news that the world’s largest chip manufacturer- The Taiwan Semiconductor Manufacturing Company (TSMC)- was forced to shut down production at the weekend, IT security experts commented below. Ross Rustici, Senior Director for Intelligence at Cybereason: “Supply chain intrusions and attacks have been a preferred method of espionage and sabotage since the start of complex manufacturing processes. The most recent headlines about Taiwan Semiconductor is only the latest in a long line of troubling reports from the global supply chain. Fundamentally, security is only as strong as its weakest link and the more dispersed the supply chain, the more…
Almost two-thirds will retract or review use of data following the Facebook/Cambridge Analytica data scandal The UK consumer response to the General Data Protection Regulation (GDPR) is shifting. SAS research, GDPR: The right to remain private, reveals that more people are activating their new personal data rights, and faster, than expected. At the same time, the Facebook/Cambridge Analytica data scandal has made the majority of consumers either activate their rights, or at least reassess the information they share and how organisations use it. In 2017, SAS surveyed UK consumers for their views on the regulation, revealing that 42 per cent planned to…
In light of the news that The Department of Energy is planning a test of the real-world consequences associated with successful cyberattacks against core country services, please find below comment from David Emm, Principal Security Researcher at Kaspersky Lab. David Emm, Principal Security Researcher at Kaspersky Lab: “Critical national infrastructure is increasingly embracing digital transformation, introducing Industrial IoT (IIOT), ubiquitous wireless networks and connected devices to enhance productivity and operational efficiency. However, with this innovation comes a number of cybersecurity challenges that need to be understood and addressed. There is a lack of understanding about the level of cyber-risk associated with growing…
TCM Bank has revealed that a website misconfiguration exposed critical information of thousands of people who applied for credit cards between early March and mid-July of this year. TCM helps more than 750 small and community U.S. banks issue credit cards to their account holders, is blaming the breach on a third party that manages their website. IT security experts commented below. Matan Or-El, CEO & Co-founder at Panorays: “When partnering with third parties, organizations cannot relieve themselves from the responsibility of security. In the eyes of the affected consumer- they provided the data to the organization and they hold…
In response to the news that over 200,000 MikroTik routers have been hit by a Coinhive cryptojacking campaign, an expert with Corero Network Security offers thoughts. Sean Newman, Director Product Management at Corero Network Security: “The recent infection of over 200,000 MikroTik routers is another prime example of how easy life can be for bad actors to be successful with their nefarious activities. And, in this case, we’re not talking about cheap IoT devices with vulnerabilities which are never addressed by the vendor. This is another example of an exploit leveraging a vulnerability that was rapidly fixed, in a new software…
Frost & Sullivan and CA Technologies launched the first Global State of Digital Trust Survey and Index. The Index, informed by the responses consumers, business leaders and cybersecurity professionals, has found that UK consumers have low trust in the way that businesses handle their data. The UK scored 56 out of 100, markedly lower than the 61 Index global average score. Mayur Upadhyaya, Managing Director, EMEA at Janrain: “The research shows the growing trend between trust and customer loyalty. Their findings show that 86% of consumers that prefer security over convenience, which represents a real shift in the digital experience which has been so focused on reducing consumer…
Following the news that a hacking group based in Pakistan is attempting to carry out targeted malware attacks against nation states and individual citizens, IT security experts commented below. Rob Shapland, Principal Cyber Security Consultant at Falanx Group: Why are government targets being duped by such unsophisticated methods? “The Gorgon group are running two types of campaign from the same infrastructure – highly targeted spear phishing attacks against government targets, and general spam emails aiming to install malware. The spear phishing attacks are more sophisticated and use a convincing lure that even trained individuals may fall for, especially as the attacks are using a…