The BBC reported The University of Greenwich has been fined £120,000 ($160,000) by the Information Commissioner. The fine was for a security breach in which the personal data of 19,500 students was placed online. The data included names, addresses, dates of birth, phone numbers, signatures and – in some cases – physical and mental health problems. IT security experts commented below. Mayur Upadhyaya, Managing Director, Europe at Janrain: “One of the challenges that institutions such as Greenwich University face will be the historic build up of Shadow IT (systems and solutions built and used without central approval) over the last 20 years. In the run up to GDPR, systems…
ISBuzz Team
Today Cisco warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber-attack on Ukraine. Cisco’s Talos cyber intelligence unit is saying that the Russian government is behind a campaign, dubbed VPNFilter, where the hacking software shares code with malware used in previous cyber-attacks that the U.S. government has attributed to Moscow. IT security experts commented below. Edgard Capdevielle, President and CEO at Nozomi Networks: “This VPNFilter malware demonstrates that the industrial control industry is susceptible to cyber-attacks through an array of methods,…
Jeff Hudson, CEO at cybersecurity solution provider Venafi, commented below on reports that FBI overstated the number of encrypted devices. According to the Washington Post, the FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000. Jeff Hudson, CEO at Venafi: “In light of the FBI’s ongoing demands for government-mandated encryption backdoors this data really clarifies the scope of the problem. The reality is that governments…
Earlier today, Cisco Talos identified an advanced state-sponsored network of at least 500,000 infected home office/small office routers and storage devices preparing for a destructive global attack. According to reports, this is one of the largest networks of coordinated infected devices ever seen, it shares commonalities with attacks that the US Government has attributed to Russian entities and the Ukraine is one of the most heavily infected countries. Natan Bandler, CEO and Co-founder at Cy-oT commented below. Natan Bandler, CEO and Co-founder at Cy-oT: “You cannot be 100% certain that you are patched and secure all the time, and it definitely can’t happen when you’re talking…
We are now less than 48 hours away from the Europe’s General Data Protection Regulation (GDPR) becoming enforceable on 25 May. And unless you’ve been living under a rock for the last two years, you don’t need me to tell you that this new regulation promises to put power back into the hands of consumers, giving them more control over how their data is used. Yet with so little time left to become GDPR compliant, what are some of the final checks an organisation may want to consider? Here are some of the most prominent ones that I’ve been discussing with customers…
News broke earlier today that a malicious PHP script found on over 5,000 compromised websites has been fingered as the source of a large-scale spam campaign that has been silently redirecting users to web pages hosting diet and intelligence boosting pills. The purpose of this script is to keep hacked sites under the control of a group of cyber-criminals, and manage dynamic redirections to various spam campaigns. IT security experts commented below. Sean Newman, Director at Corero Network Security: “Recent reports of the highly prevalent “Brain Food” botnet highlight just how frighteningly easy it still is for cyber criminals to hack…
In response to the news that Facebook is asking Brits to submit their naked pictures in a bid to stop revenge porn, Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “I see the need to protect people from “revenge porn” but my worry about sending all your nude pictures to Facebook, or indeed any authority, is that it could be abused by spammers or attackers. While the likelihood of Facebook being compromised is slim, what if the user was tricked into sending them to a third party? This could open them up to further abuse, and…
In response to the news that a recent study has revealed that more than 84% of the shopping apps have three or more high-level security vulnerabilities, security experts at ESET and Comparitech commented below. Lukas Stefanko, Malware Researcher at ESET: “I am not surprised by these figures, these are frequent security issues developers don’t think about when creating their apps. Developers will often pay most attention to app functionality and user-experience – so shopping only takes a couple of taps – however in that process security also needs to be considered. If this doesn’t start changing attackers will always have…
Google’s announcement that it will be removing its ‘green padlock’ for HTTPS websites as of September, and will flag any non-HTTPS sites as insecure in Chrome from October. Google is hoping this will make secure websites are secured as standard. Craig Stewart, Vice-President EMEA at Venafi commented below. Craig Stewart, Vice-President EMEA at Venafi: “As consumers, we have been trained to look for the green padlock to make sure the site we are putting our details into is secure and can be trusted, so the fact these are now being removed might create some confusion and concern – but people shouldn’t worry, it’s…
Attackers can obtain unauthorized access to financial applications at 58 percent of banks Positive Technologies today released a new report, Bank Attacks 2018, detailing that banks have built up formidable barriers to prevent external attacks, yet fall short in defending against internal attackers. Whether by puncturing the perimeter with social engineering, vulnerabilities in web applications, or the help of insiders, as soon as attackers access the internal network, they find friendly terrain that is secured no better than companies in other industries. With access to the internal network of client banks, Positive Technologies testers succeeded in obtaining access to financial applications…
