HealthEquity, a custodian of more than 3.4 million health savings accounts, has had a data breach after one employee’s email account was accessed by an unauthorized person. HealthEquity also handles flexible spending accounts, 401(k) accounts and health reimbursement arrangements, providing a range of services for about 40,000 companies. Comments this morning from cybersecurity experts at Bomgar and Panorays. Sam Elliott, Director of Security Product Management at Bomgar: “Attacks like phishing and social engineering are among the most common used against businesses. The use of faked user credentials is a tried and true method. Often, attacks like these target privileged users with access to…
ISBuzz Team
70% of Consumers will choose Passwordless multi-factor authentication logins over traditional usernames and passwords if given the chance according to a new behavioral study out by research firm – Blink and Trusona, an identity authentication company. Robert Capps, VP and Authentication Strategist at NuData Security: “This report shows that consumers are ready to move beyond passwords and usernames to more secure authentication methodologies. Using a multi-layered authentication framework that combines behavioral analytics with biometrics allows companies to verify users accurately without adding unnecessary friction and detect any unauthorized activity before it enters the environment. Multi-layered solutions that include these technologies…
Speaking with the BBC Today programme, and reported by the Daily Telegraph, General Sir Christopher Deverell has warned that the UK’s traffic control systems are under threat from cyber attack, with road systems one of several potential points that could be targeted by countries including Russia. IT security experts commented below. Andrea Carcano, Chief Product Officer at Nozomi Networks: “General Sir Christopher Deverell’s observation voices concerns that the security community has raised for a number of years now. The every day reality is that the UK’s infrastructure, and those in every developed country around the world, is being continually poked and…
The New York Cybersecurity regulation – 23 NYCRR 500 – requires financial institutions to minimize their cyber security risk by formulating a full security risk assessment and plan. Matan Or-El, CEO at Panorays commented below. Matan Or-El, CEO at Panorays: “GDPR mandates that the suppliers of a company must be GDPR-ready in order for the company to be GDPR-ready. Contrary to GDPR, the NY DFS provision in regards to third parties, requires that organizations need to evaluate the risk posed to them by the third parties. However, it does not go that far by requiring the third parties to be…
Please see below commentary in response to this month’s Patch Tuesday from Chris Goettl, Director of Product Management, Security at Ivanti. Advice from Chris relates to June’s Flash update, Microsoft OS and IE updates, and news on Meltdown and Spectre mitigation. Chris Goettl, Director of Product Management, Security at Ivanti: Most of the excitement may already have passed with Adobe’s Flash Player release on June 7th. The discovery of a Zero Day vulnerability (CVE-2018-5002) being exploited in the wild resulted in a Flash Player update (APSB18-19) which included the fix for the exploited vulnerability and three others. Microsoft has released 12 updates…
A new malware named BabaYaga discovered by Wordfense* infects Wordpress websites and generates spam links. When the pages are clicked and the user buys a product, the malware creator receives a commission. Furthermore, this malware deletes competing malware to ensure that it stays functional. Alex Calic, Strategic Technology Partnerships Officer at The Media Trust commented below. Alex Calic, Strategic Technology Partnerships Officer at The Media Trust: “This malware is unique in the comprehensiveness of features that ensure effective and persistent infection. These features are typically used one at a time–rarely have we seen them combined together. While this malware might…
Netflix service was interrupted last night by a major outage that took down the service for about an hour. Netflix said it was able to fix the problem, but would not elaborate as to the cause of it. Sean Newman, Director of Product Management at Corero Network Security commented below. Sean Newman, Director of Product Management at Corero Network Security: “You only have to see online the consternation by consumers that this interruption created to understand the reliance on such services. This customer reaction reinforces how important it is for any business offering services online to ensure the highest levels…
Google has removed the option of installing Chrome extensions from remote sites so users will only be able to get the extensions from the official Chrome Web Store. Google has removed this option in the wake of a wave of malicious Chrome extensions on third party sites. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “Google is sending a strong signal to developers and consumers that it takes very seriously and is responding to the growing sophistication of cybercriminals on the one hand and rising consumer demand for greater transparency around the…
News broke this morning that electronics retailer Dixons have suffered a data breach which has affected the customer cards of 5.9 million people, and the personal records of 1.2 million. IT security experts commented below. Lee Munson, Security Researcher at Comparitech.com: “The breach at Dixons Carphone highlights, yet again, how common attempts at exfiltrating personal data and payment card information have become. What is worrying here is the delay between the breach occurring last year and the disclosure today. Whether or not that was down to the company not being aware until now is unclear. Thankfully, under GDPR, non-disclosure for business reasons is no longer possible as the ICO…
Dozens of servers containing Weight Watchers data were left exposed, because the company didn’t use password protect software used for managing its application containers. Numerous activity logs, passwords and private encryption keys were left exposed – you can read more about it here. Broderick Perelli-Harris, senior director, professional services at Venafi commented below as part of our expert comments series. Broderick Perelli-Harris, Senior Director, Professional Services at Venafi: “Weight Watchers may be the latest high-profile firm to expose sensitive data, but it follows a familiar pattern; a cloud service was left unprotected, and data including customer passwords and private encryption keys was left out in…
