In response to SEC-Consult research that the FREDI baby monitor from China-based Shenzhen Gwelltimes Technology Co., Ltd. (with a rich set of cloud services controlled by an app, and offered by Amazon as shown in the image below) was reported by a South Carolina mother to have been used in eavesdropping, Corero Network Security commented below. Sean Newman, Director Product Management at Corero Network Security: “After lessons learned from the Mirai IoT DDoS botnet, over 20 months ago, you might have thought that more IoT device manufacturers would have started to make improvements to the security of their devices by now. However,…
ISBuzz Team
Ethical hacking firm, Pen Test Partners, published a blog earlier this week detailing how simple it is to hack container ships to access the serial ports and networks. The blog discusses three different ways to intercept and modify serial data on ship networks – the serial data that controls steering, engine control and much more. Adam Brown, Manager of Security Solutions at Synopsys: “Ships, just like cars, medical devices and business systems, all run on software; and the software producers make common mistakes. Those mistakes can, and do lead to critical security and safety failings. Some industries are more aware of this than others,…
News broke earlier today that Ciaran Martin from the National Cyber Security Centre warned the threat of cyberattacks on Britain’s critical national security infrastructure from hostile states like Russia and North Korea has soared over the last two years. Edgard Capdevielle, CEO at Nozomi Networks: “The NSCS warning of the rise in the number of cyberattacks to the nation’s critical infrastructure is another reminder of the dangers of those threats, which puts both IT and OT networks at risk. “Earlier this year, Nozomi researchers embarked on a project to create a security testing tool, using OSS, capable of automatically finding vulnerabilities…
Research has found that more than half of UK’s large businesses have suffered a cybersecurity attack in the past 12 months. Based on a poll of 500 UK C-level executives, the report also revealed that 53 per cent do not have a formalised protocol for cyber-attacks in place. Dr Anton Grashion, Managing Director, Security Practice at Cylance commented below. Dr Anton Grashion, Managing Director, Security Practice at Cylance: “Especially in our current compliance and privacy environment, not having a protocol for cyber attacks seems strange – maybe there is a protocol for a breach but not for an attack. Maybe the inaction is in the face…
In response to news that the US Federal Trade Commission (FTC) is pressing for IoT device security (link to FTC public notice), including the ability to enforce Internet safety and consumer security standards, and has opened public comments on the proposed mandate, an expert with Corero Network Security commented below. Andrew Lloyd, President at Corero Network Security: “The suggestion that the Consumer Product Safety Commission (CPSC) simply requires manufacturers to disclose the cyber-safety of their products and then let the consumer decide is not going to solve the problem. “There are very few examples where the consumer has opted to pay more for…
In today’s fast paced, digital age, companies are under increasing pressure to deliver when it comes to customer service. McKinsey recently predicted that 75 per cent of online customers expect help within 5 minutes, regardless of the nature of the issue or the time of day. Thankfully, technology is advancing so that some companies are not only matching customer expectations, but exceeding them, and setting the benchmark for others. One area that can have a huge impact on customer experience is in support. Employing remote support tools help companies rapidly reducing the time it takes to solve a problem and…
In response to news that the fast-casual restaurant chain PDQ disclosed a yearlong data breach in which hackers likely “gained entry through an outside technology vendor’s remote connection tool” and compromised customer payment card data, experts with NuData Security and OneSpan offer perspective. Robert Capps, Vice President of Development at NuData Security: “PDQ has been impacted from a vulnerability in one of their third-party providers’ system, proving once more that cybersecurity doesn’t depend on one company only but on the full chain of companies involved in providing a service. “Bad actors constantly look for this weak link to steal data that it’s later…
Ticketmaster suffered a security breach believe to affect up to 40,000 UK customers. In tweet, firm confirmed that third-party customer support product Inbenta Technologies caused the hack and all affected customers have been contacted. IT security experts commented below. Pravin Kothari, CEO at CipherCloud: “Fool me once, shame on you. Fool me twice, shame on me. Ticketmaster’s website security was compromised by a malware laden chatbot which they had installed on quite a few of the Ticketmaster websites worldwide. This is deja vu all over again as only a few months ago malware laden chatbots brought breaches to Sears, Delta Airlines and Best Buy. Lesson…
ISACA and SecurityScorecard announce a joint research paper, “Continuous Assurance Using Data Threat Modeling,” to provide enterprises guidance in adopting an attacker’s point of view to help account for data. With a step-by-step guide to apply application threat modeling principles to data, enterprises can now establish a baseline for monitoring ongoing data risk over time. Enterprises are challenged to move the process of accounting for data in a structured, systematic way higher on the list of priorities. One option to accomplish this challenge is by applying application threat modeling principles to data (data threat modeling). Application threat modeling provides value by allowing…
The latest local government data breach has occurred in Midland, Texas where hackers leveraged a vulnerability in Superion’s Click2Gov function in the payment server used to make online payments for utilities. Other cities might be affected as well including Beaumont, California, Oceanside California and Goodyear, Arizona. Ryan Wilk, VP of Customer Success: “Hackers will leverage any vulnerability in a system to get at data. Black-hat hackers have been increasing their attacks on local governments recently with the City of Atlanta being one of the latest victims. For Atlanta, the cost to repair the network has run into the millions. In…