News broke this week that the PumpUp fitness app left a core backend server housed on Amazon Cloud exposed without a password, revealing user health data like weight, height, goals, etc., private messages and even credit card data in certain instances. Each time a user sent a message to another user, the app exposed user profile data — and the private contents of that message. The now secured server acts as a messaging broker, directing private messages and user requests to other app users. The protocol is transitory, so anyone can see the real-time stream of data, rather than accessing…
ISBuzz Team
Six weeks since the TSB crisis and new research from business continuity and disaster recovery provider, Databarracks,has revealed that 85 per cent of organisations say they would struggle to survive if there was a loss of mission critical IT systems for longer than a month. This data was taken as part of its Data Health Check survey, which investigates views and opinions from over 400 IT decision-makers on a range of subjects relating to IT. The findings illustrate the reliance organisations have on IT systems. Delivered effectively, technology streamlines processes, improves productivity and delivers cost savings across a business, but when systems…
It was reported yesterday that two giants of the tech world, Facebook and google, have been served with €6.7 billion in fines in just the first day of GDPR compliance; €3.9bn for Facebook and €3.7bn for Google. IT security experts commented below. Adrian Bisaz, VP EMEA at CyberProof: “GDPR is the new DDoS attack; Companies can become the target of millions of customers that want to make sure their new rights for privacy are met, and Facebook and Google as the most well-known tech giants are inevitably going to be in the crossfires when the lawsuits start rolling in, particularly in the wake of the…
More Than 100 Reported Security Weaknesses, Including Social Engineering, Safely Resolved With Help From Hackers HackerOne, the leading hacker-powered security platform, today announced the results of Hack the DTS (Defense Travel System), the fifth U.S. Department of Defense bug bounty program. During the 29 day bug bounty challenge hackers filed more than 100 security vulnerability reports and were awarded $80,000 for helping make the DTS more secure. The DTS is a key Department of Defense (DoD) enterprise system relied on by millions of employees for global operations. Registration for the program opened on April 1, 2018 and hacking concluded on…
As recent research shows, 25% of employees have lost important assets relating to their job. But is there more than just the cost of replacement? With mobile phones and memory sticks being two of the main assets lost or stolen, what are the other implications for businesses and what effect does this have on them and other employees? Costs of an employee losing or having their business laptop or mobile phone stolen would equate to the potential insurance claim excess and increased premiums, or the business itself taking the hit for replacement. Research by www.seareach.plc.uk suggests that 25% of employees have lost…
Following the recent news regarding the FBI warning people to turn their routers off and back on again to halt the spread of the VPNFilter Malware, Joseph Carson, Chief Security Scientist at Thycotic commented below. Joseph Carson, Chief Security Scientist at Thycotic: “This latest FBI warning seems to be a mad rush to get people to reboot their routers resulting from what appears to be another targeted attack on Ukraine, that has again expanded beyond their borders to the rest of the world, showing that it is difficult to minimize the spread of malicious malware. This is another example of mass surveillance from citizens…
It has been reported that NewSky Security has uncovered a security vulnerability across all routers from Singapore’s leading internet service provider, SingTel. The uncovered vulnerability could potentially give access to all devices connected to the affected routers. Natan Bandler, CEO & Co-Founder at Cy-oT commented below. Natan Bandler, CEO & Co-Founder at Cy-oT: “This is yet another example of routers being attacked and unfortunatly, this is a daily occurrence. We might not always be aware of it, but routers are being attacked all day every day. What we need to remember is that the most sensitive assets are in enterprise organizations,…
Icann, the owner of the WHOIS website, revealed today that it was denied an extension to comply to GDPR, arguing that this will hamper law enforcement, journalism and cybersecurity services worldwide, since the site is used to check the legitimacy of websites link. Please see below for expert comments in response from Andy Kays, CTO at threat detection and response specialist, Redscan, a UK-based cybersecurity services company. Andy argues that while this move will have a severe negative impact on cybersecurity firms, but also that Icann was far too slow to recognise the impact GDPR would have on its service. Andy Kays, CTO…
Initial results show that would-be attackers can access critical data in just 10 minutes NTT Security, the specialised security company and centre of excellence in security for NTT Group, is expanding its suite of phishing attack simulation services with the use of special social engineering techniques to check whether senior executives pose a security risk. The ’Management Hack’ service is specifically designed with C-level executives in mind, such as the CEO, CFO or even CIO. Cyber criminals are increasingly attracted to this level within an organisation as senior executives are more likely to have unrestricted access to highly confidential company data,…
The last five years have seen an explosion of headlines foretelling the rise of autonomous vehicle technology. Case in point: Fortune anticipates that we’ll start seeing self-driving cars on the road in a noticeable way as soon as 2020. The race for autonomous supremacy is on, and ridesharing services want to lead the pack. Lyft, for instance, has already introduced its self-driving car service in Boston, and Uber’s autonomous car fleet has already completed more than 30,000 passenger trips in their test markets. The idea of driverless ridesharing services may seem exciting from both a business and consumer perspective, but…
