73 percent of industrial organisations’ networks are vulnerable to hackers, testing shows New report from Positive Technologies describes attack vectors against networks at industrial organisations The industrial control systems (ICS) used to control equipment in manufacturing, energy, and other sectors are secured differently than office networks. Vulnerabilities that would have been fixed years ago on ordinary systems often remain untouched, because organisations are afraid to make any changes that might cause downtime. To compensate, these companies try to minimise the chances of exploitation of vulnerabilities; measures include placing ICS components on a separate network, isolating them,…
ISBuzz Team
In response to the news that Airbnb customers are being targeted with GDPR-related phishing scams, IT security experts at ESET and Outpost24 commented below. Martin Jartelius, CSO at Outpost24: “In modern phishing attacks, advice such as “look for fake email addresses” no longer holds true. Companies with more advanced technologies would be able to detect spoof emails accurately, otherwise there is nothing that prevents a sender from pretending to be someone else. The best way for organizations to mitigate phishing attempts is to ensure user details (such as registered emails) are not exposed publicly in the first place, and to…
Bob Rudis, Chief Data Scientist at Rapid7 commented below as part of security experts comments series on OAM flaw. Bob Rudis, Chief Data Scientist at Rapid7: “A flaw in the way Oracle Access Manager (OAM) authenticates connections was discovered by the security firm SEC Consult and patched in the most recent Oracle security patch release cycle. By crafting a series of URLs, attackers can cause OAM to believe it has received a valid authentication cookie and allow access to protected resources. A secondary feature of the OAM flaw is that this brute-force attack also enables the attacker to impersonate any application user:…
– China leading country source of attacks on manufacturing companies in UK and EMEA Manufacturing has become the most attacked industry sector in the UK, representing almost half (46 per cent) of all cyber attacks in 2017 – more than double that of attacks on manufacturing across EMEA. This is according to the 2018 Global Threat Intelligence Report (GTIR) from NTT Security, the specialised security company and centre of excellence in security for NTT Group. The majority of attacks on UK manufacturers came from China, representing 89 per cent of attacks on this sector. Technology organisations, in second place, were the target of 23 per…
Following the news that UK citizens were denied the right to vote in the recent elections due to not having correct ID to validate their identity, Jesper Frederiksen, Head of EMEA at identity access specialists, Okta mentions that the very values of democracy are being tarnished due to archaic methods of ID processes. Jesper argues that a modern identity system capitalising on biometric and mobile technologies will ensure people are entitled to services such as voting. Jesper Frederiksen, Head of EMEA at Okta: “Voting is a diplomatic right steeped in history. But it seems that archaic ID processes of identity are denying many UK citizens the…
Twitter has announced a warning to its 336 million users to change their passwords after the company discovered a bug that stored passwords in plain text in an internal system. IT security experts commented below. Jesper Frederiksen, Head of EMEA at Identity Management Specialists Okta: “With just three weeks until the GDPR deadline, organisations are still not taking data ownership seriously enough. Although Twitter should be commended for acting fast and urging its customers to change their passwords after a bug exposed them, it should have done more to protect its customer’s data before the issue arose. Every company must understand the importance for robust…
Cybercriminals are using credentials found in speciality shops on the Dark Web to access a victim’s travel and hotel rewards points according to Flashpoint. Lisa Baergen, Director of Marketing at NuData Security commented below. Lisa Baergen, Director of Marketing at NuData Security: “Many companies don’t think of their reward feature as the first place to protect from fraud, and black hat hackers count on this to steal loyalty and reward points to cash in for anything like vacations, products, and other services. A recent report from Dashlane shows that 89% of travel websites fail to protect user data by not…
Botherders are now leveraging vulnerabilities in Dasan GPON routers that was discovered earlier this week and published by an anonymous researcher on the VPNMentor blog. Attacks have been already been recorded by Netlabs. Sean Newman, Director of Product Management at Corero Network Security commented below. Sean Newman, Director of Product Management at Corero Network Security: “If the reports are verified, these Dasan GPON Routers join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks. This class of routers are typically connected directly to high-speed broadband Internet connections. Once compromised, these devices could be covertly…
Corero Network Security President Andrew Lloyd reports findings that differ from vendor statements issued this week about the impact of the take-down of Webstresser (one vendor is reported to claim that DDoS attacks fell 60 percent in one week after WebStresser was closed down). Corero findings indicate that DDoS attacks actually rose on average in the second half of April, 2018. Andrew Lloyd, President at Corero Network Security: “We’re skeptical about the Link11 conclusions (which have been reported this week). Given the volume of attacks, we seriously doubt that Webstresser.org was responsible for 60% of all the attacks in Europe. It is possible that Webstresser…
How enterprises can safeguard customers’ personal data and information stored on PCs The discovery of the Spectre and Meltdown threats came as a shock to most individuals and organisations. The underlying vulnerabilities that they exposed continue to affect PCs, smartphones, servers, network and security appliances, and some IoT devices. Anything that requires a central processing unit (CPU) to function is at risk of losing sensitive information. As CPUs are foundational to everything in IT, the programs and operating tasks of everyday devices, as well as the secrets they hold, are susceptible. Not since Y2K has a vulnerability affected so many…
