Following recent news that Facebook and Google are facing GDPR lawsuits, Brian Vecci, Technical Evangelist at Varonis commented below. Brian Vecci, Technical Evangelist at Varonis: “It’s not surprising that the big tech companies are the first to face problems now that the GDPR is in effect. They have the most data about the most people and their business depends on exploiting it—they were always going to get hit first and potentially hardest. What’s interesting is that they’re already being accused of ignoring the new regulation, when it seems clear to everyone paying attention that while they certainly might not be…
ISBuzz Team
Sarka Pekarova, Cybersecurity Consultant at SureCloud looks at how social engineering can help improve data security Organizations worldwide invest billions of dollars in cybersecurity technology each year. The latest estimations by Gartner predict that $93 billion will be spent on solutions in 2018, and for good reason. Those looking to protect sensitive data and prevent costly downtime need technology. According to estimates by Accenture, cybercrime cost US businesses an average of $11.7M in 2017, when organizations suffered an average of 130 successful data breaches per company; 27% more than the previous year. Cybersecurity software is an essential weapon in the ongoing…
It has been reported that 84% of Android shopping apps have high-level vulnerabilities. The security assessment was carried out across 50 mobile shopping apps and revealed over 270 vulnerabilities. IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “Mobile apps remain a booming area as people continue to use their mobile devices for all manner of activities in both their personal and corporate lives. However, in the rush to be first to the market, many companies overlook security considerations beyond what is needed to get an app into the official store, leaving it exposed to be taken advantage of. Both…
Avast Threat Labs has analysed mobile adware which is pre-installed on thousands of new Android phones around the world The Avast Threat Labs have found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE, Archos, and myPhone. The majority of these devices are not certified by Google. The adware goes by the name “Cosiloon” and creates an overlay to display an ad over a webpage within the user’s browser. Thousands of users are affected, and in the past month alone, the Avast Threat Labs has seen the latest version of the adware on…
Like any good Information Security professional, I enjoy scaring the daylights out of my friends and family about protecting their sensitive data. It’s kind of a hobby. The sheer panic I can incite with a “You know what a hacker would do with that information? That’s right – ruin your life.” is exhilarating to experience. Today, though, I’ve had more opportunities in a single day to torture educate my friends and family on sensitive data protection. And all because Prince Harry intends to marry an American divorceé and actress named Meghan Markle. Everyone, it seems, has Royal Wedding fever. They’re sharing their…
News broke this week that the TeenSafe app allowing parents access to their children’s web browser history, text messages (including deleted SMS and iMessages and messages on WhatsApp and Kik), and more was compromised. Although around 10,200 accounts from the past three months were compromised, the data did not include photos, messages, or location data. However, the TeenSafe app does require two-factor authentication to be switched off for the app to work, so anyone with just a password can easily gain access to compromised accounts. IT security experts commented below. Katie Carty Tierney, Sr. Director, Sales Engineering at WhiteHat Security: “Data security is the…
Cyber criminals are changing their usual distributed denial-of-service attacks and are now trying to overwhelm application processes instead according to Cloudflare which has seen a spike in attacks aimed at high level server resources. Sean Newman, Director of Product Management at Corero Network Security commented below. Sean Newman, Director of Product Management at Corero Network Security: “Reports of increasing application layer DoS attacks are only to be expected, as attackers continue looking for alternate vectors to meet their objectives. And, a perception that volumetric DDoS attacks are on the decline, is understandable, especially if that is your only lens on…
Congress last night passed anti-fraud measures in the Economic Growth, Regulatory Relief and Consumer Protection Act to help prevent synthetic identity fraud, in which criminals create and use made-up identities composed in part from credit-inactive Social Security numbers to secure loans. Section 215 of the calls on the Social Security Administration to provide banks with an electronic system to check the name and date of birth linked to a given Social Security number, with results typically available in 24 hours. The current system for checking SSNs takes several days to process and requires the consumer’s hand-written signature. The Act also provides regulatory…
With GDPR finally coming into play this Friday, Veritas has revealed research which highlights two in five UK consumers are already planning to take advantage of their data protection rights, and 79% don’t believe that organisations will be able to find and/or delete all of the personal data that is held on them. Tamzin Evershed, Senior Director and Global Privacy Lead at Veritas commented below. Tamzin Evershed, Senior Director and Global Privacy Lead at Veritas: “With the deadline for GDPR compliance finally here, businesses must be able to demonstrate that they are managing and protecting personal data in a compliant way and be…
While ransomware continues to be a threat, it has evolved from its simple beginnings – from encrypting most files on a single system and asking for a relatively small payout in a cryptocurrency, to more sophisticated methodologies like affecting data exfiltration, attacking databases, spreading laterally among different systems, and credential grinding. More recently, ransomware appears to have taken a slight backseat to crypto jacking (i.e. using a host’s target computer to mine cryptocurrency without their explicit permission) as it’s seen as offering a better payout proposition. Nevertheless, ransomware has not completely disappeared, and I expect that weak implementations of IoT (Internet…
