A report by Kaspersky Lab has found that the rise of IoT within industrial organisations is putting the likes of power plants, manufacturers and water treatment centres at risk of suffering a cyber attack. Almost two thirds (65 per cent) of companies believe that ICS security risks are more likely with IoT. The report also states that they are investing in security for their IT networks, but are ‘leaving the doors to their operational technology wide open’. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “IoT is built around convenience, to be able to quickly implement…
ISBuzz Team
For years, cybersecurity was considered a “check-the-box” discussion during the merger and acquisition (M&A) process. It was almost always examined to ensure there weren’t any glaring issues or major red flags—but due to limited time resources, or the ability to parse out qualitative responses during M&A from real performance, there wasn’t a great deal of importance placed on it. Very few transactions would be prevented due to cyber security practices today, however each M&A does require a financial business case created regardless. This may be as simple as assessing integration costs. You are probably aware of the security breach at luxury…
The BBC reported earlier this afternoon that Google has confirmed that private emails sent and received by Gmail users can sometimes be read by third-party app developers. People who have connected third-party apps to their accounts may have unwittingly given external developers permission to read their messages. Evgeny Chereshnev, CEO and Founder at Biolink.Tech: “When a user connects through third party email applications, the application has access to all content because, technically, your connection to the email application is via the mail server where all emails are stored. So, it’s true that all third-party email applications have access to your Gmail accounts, if you…
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend. The Trezor team says “signs point toward DNS poisoning or BGP hijacking” as the means attackers hijacked legitimate traffic meant for the official wallet.trezor.io domain but redirected these users to a malicious server hosting a fake website. An investigation is still underway to determine the exact cause. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “This is a classic phishing attack, targeting the incredibly lucrative cryptocurrency market. Because of the inherent characteristics…
The NHS has revealed a coding error affecting 150,000 patients, sharing information they had chosen to keep private. Are your GDPR alarm bells ringing? CAST is a pioneer in Software Intelligence and a Euronext listed company. It has previously educated businesses on the importance of software architecture scans. Like MRIs, these show the internal workings of a company’s software and highlight potential future problems. The company raised the concern that visibility of software health and vulnerabilities should be available at board-level. Raising awareness around this issue regarding the TSB IT meltdown, the London Stock Exchange outage, previous NHS and airline glitches. CAST believes this is the symptom…
It has been reported that a computer virus has spread among tens of thousands of Fortnite players, as hackers seek to take advantage of the vast numbers playing the popular video game. Security researchers at game-streaming platform Rainway uncovered the issue, which originates from a YouTube video claiming to offer free units V-Bucks – a virtual in-game currency. Ross Rustici, Senior Director, Intelligence Services at Cybereason commented below. Ross Rustici, Senior Director, Intelligence Services at Cybereason: “The monetization of Fortnite by hackers is surprising only in how ineffective it has been thus far. The most recent example netted only .062% of…
A recent report from Appthority demonstrates that information belonging to millions of users has been leaked via apps with misconfigured Firebase databases. Firebase is one of the more popular mobile/web development platforms, powering app features like messaging, notifications, and authentication. Winston Bond, Technical Director EMEA at Arxan has provided comment around this new data exposure. Winston Bond, Technical Director EMEA at Arxan: “According to a new report by Appthority, information belonging to millions of users has been leaked via apps with misconfigured Firebase databases. Leaks like this confirm what we have been saying for a long time. Companies underestimate the threat vectors created by…
Four in 10 UK CEOs believe becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’ for their organisation, according to a survey of CEOs from some of Britain’s biggest businesses. KPMG surveyed 150 UK leaders and a further 1,150 CEOs from across the world about their future investment plans and the challenges and opportunities facing their companies. With reports of cyber-attacks and breaches almost daily, 39 percent of UK CEOs surveyed believe they will be targeted by a cyber attack. Though disheartening, this view was quite optimistic in comparison to their global counterparts, where…
In a document delivered to Congress, Facebook has admitted sharing users’s data with 61 hardware and software makers as well as sharing it with app developers. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “This admission comes at an interesting time–just days after California passed the Consumer Privacy Act. This law will come into effect in 2020 and holds companies accountable for any failure to protect consumer data. And while it doesn’t go as far as the EU’s General Data Protection Regulation, it is the country’s most stringent law and will likely…
The Diameter protocol used with today’s 4G (LTE) telephony and data transfer standard is vulnerable to the same types of security flaws as the older SS7 standard used with 3G, 2G, and earlier according to researchers at Positive Technologies and the European Union Agency For Network and Information Security. Sean Newman, Director of Product Management at Corero Network Security commented below. Sean Newman, Director of Product Management at Corero Network Security: “As society continues to leverage mobile data capabilities more and more heavily, from individual users performing more tasks directly on their smartphones, to IoT devices which use it when…