The General Data Protection Regulation (GDPR) is finally in force, and the entire cyber security community has had to familiarise itself with new and different ways of working to ensure that organisations are fully compliant. While IT security experts must work to protect the privacy of any data held by their organisation on its European staff, clients or customers, one area in particular impacted by the legislation is the sharing of data among threat intelligence analysts. Indeed, analysts and security teams are heavily reliant on a combination of cyber threat intelligence and intelligence sharing in their efforts to stay a…
ISBuzz Team
Matt Lock, Director of Sales Engineers at Varonis: “Any popular website like Ticketmaster is good target for criminals. Consumers who purchased tickets must be careful and vigilant – the scammers will be out to further prey on those affected by the breach. It’s bad enough if your credit card information is stolen, but don’t fall for a scam in its wake. Don’t respond to or click on any text messages or emails as scammers can easily camouflage their true identities. If you get a call from a number you don’t recognize – don’t answer. Check your payment card and bank statements…
Marketing and data aggregation firm Exactis left a public server containing more than 340 million records–including phone numbers, emails and addresses, as well as 400 personal characteristics, like religion and hobbies–exposed. Setu Kulkarni, VP of Corporate Strategy at WhiteHat Security: “Interestingly, the researcher (who initially reported the vulnerability to Exactis and the FBI) got to the unprotected database by scraping digital logs after he was able to connect to the log management system (in this case, Elasticsearch). Elasticsearch, unfortunately, did not have a high level of security in place. How do digital logs create vulnerabilities, and how do companies prevent this?…
In light of the news that Motorists could ‘watch films and sleep’ behind the wheel in driverless cars by 2021, David Emm, Principal Security Researcher commented below. David Emm, Principal Security Researcher: “Technology continues to enhance our lives in so many ways, and people are quick to adopt technology where it brings tangible benefits. However, I think people are – and should – be more apprehensive when it comes to something like driverless cars, where safety is paramount. Historically, driving has always been an aspect of life where human control has always been paramount, so the idea of watching a film,…
The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments. The Minimum Cyber Security Standard announced this week presents a minimum set of measures which all government departments will need to follow, although the hope is that they will look to exceed these at all times. IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “Unfortunately, many government departments lack the funding or expertise to implement even a baseline set of security controls. With that in mind, this minimum cybersecurity standard is a positive move that will hopefully raise the bar…
Adidas have suffered a security breach that may have put some of its customers’ data at risk. The company said that an “unauthorized party” said it had gained access to customer data on Adidas’ US website. Currently, it believes only customers who shopped on and purchased items from the US version of Adidas.com may have been affected by the breach. IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “The Adidas breach highlights two unfortunate trends. Firstly, that the company was apparently made aware of the breach through an unauthorised third party which claimed to have access to its customer details.…
Exactis said to have exposed data of 340M people, more than Equifax breach. Similar to many recently-disclosed breaches, the information what left on a publicly accessible server… no need to beat that dead horse, but the 2 terabytes worth of data appears to go into excruciating detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person’s children. Below is security experts comments highlighting the importance of data protection. Anurag Kahol, CTO at Bitglass: “Consumers should…
The Wi-Fi Alliance announced a new security standard, WPA3, which will be available on both personal and business Wi-Fi networks soon. According to reports, WPA3 will protect users against hackers better than WPA2, as the new standard brings over enhanced protections against offline, password-guessing attacks. Should a hacker capture your Wi-Fi data to use it offline in an attempt to guess passwords over and over, WPA3 will render that data useless and only allow a single guess. Chris Schmidt, Senior Manager, Research at Synopsys’ Software Integrity Group commented below. Chris Schmidt, Senior Manager, Research at Synopsys: “Wi-Fi authentication has come a long way since…
Nearly $1 million was stolen from CHET — Connecticut Higher Education Trust — accounts during a security breach and 21 account holders were affected, according to the Office of the State Treasurer. Connecticut State Treasurer Denise Nappier said that TIAA-CREF Tuition Financing, Inc., the CHET Direct program manager, alerted the state Treasury about the breach and will restore the affected accounts. Nappier said unauthorized individuals gained online access to 21 CHET account holders and made 44 withdrawals, amounting to a total of $1,416,635, of that, $442,540 was recovered or stopped. Andy Norton, Director of Threat Intelligence at Lastline: “The Connecticut Higher Education Trust,…
Adware and Cryptomining are quietly plaguing enterprise networks according to the Morhisec Labs Threat Report. Chris Olson, CEO at The Media Trust: “We are witnessing an intensifying digital arms race between malicious actors and organizations, where adware and cryptojacking malware are among the former’s favorite weapons because they reach thousands, if not millions of web viewers and they can more easily elude traditional security measures. In order to survive or thrive in this digital arms race, companies need to not only continue to innovate at an ever -faster pace, but also piece together a robust digital defense program. Such a…