In response to news of the Saks/Lord & Taylor breach, a Juniper Networks threat analysis expert says it’s likely that 6 million customer payment cards were stolen, including another 1 million in EU/Asia that were not initially reported. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks commented below. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks: “In addition to the five million US-based credit cards stolen, it seems that the perpetrators also siphoned off about one million additional credit cards from EU/Asia residents. A recent similar operation targeted national stores and stole about three million credit cards between May and December 2017. All…
ISBuzz Team
It has been discovered that Panera Bread left the information of up to 37 million customers who signed up for delivery and other services including “names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number” in plain text format accessible via its web site.IT security experts commented below. Tim Erlin, VP, Product Management and Strategy at Tripwire: “Security is often as much about response as prevention, and that includes how organizations respond to incidents and breaches. The market isn’t particularly forgiving when it comes to public incident response. Organizations that collect, store and transmit customer data…
DomainTools research reveals domain typosquatting drives members of the public to fraudulent websites DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced the worrying results of an investigation into how cybercriminals are using fraudulent domains to lure unsuspecting members of the public towards spoofs of well-known UK charities, for malicious purposes. Following on from the National Cyber Security Centre’s warning that cybersecurity poses the most serious threat to UK charities, DomainTools selected ten well-known and popular charitable organizations in the UK to analyse, and found that every charity selected was being spoofed online by cybercriminals, who often…
A new report by Recorded Future has found in the latest annual report “The Top 10 Vulnerabilities Used by Cyber-criminals”, criminal exploit kits and phishing campaigns favoured Microsoft products in 2017, with seven of the top 10 vulnerabilities exploited by phishing attacks and exploit kits utilising Microsoft products. Javvad Malik, Security Advocate at AlienVault: From OTX, we observed similar trends with Microsoft Windows and Office being the most popular to exploit. Microsoft have exceptionally mature processes to prevent exploits. However, due to their software’s ubiquity, once an exploit does slip through and is discovered, it is used heavily. The below table shows exploits…
The WSJ Pro Cyber newsletter is reporting today that the FIS Group CEO’s email account was compromised, including phishing attempts using what appeared to be a DocuSign portal. eSignLive by VASCO (NASDAQ: VDSI), a leading provider of white-labelled e-signature solutions to financial and other regulated industries, commented: “DocuSign’s business model relies on a self-serving DocuSign branding push via its notification emails, and that puts its customers and its customers’ customers at risk to malicious attacks such as the recent phishing scams. That’s why it’s important to choose a solution that enables your organization to fully white-label the signing experience so that your brand is front…
From Firewall Rules to Router Hardening: 3 Steps to Solidify SD-WAN Security Software-defined wide access networks (SD WANs) are becoming widespread, and for good reason. SD WAN products are cheaper than standard network equipment, as are the operational costs associated with adding new sites to the network. In addition, the benefits of intelligently managed traffic also increase both business operational efficiency and user experience. However, as onsite IT infrastructure becomes a thing of the past, business owners and CTOs still need to stay on top of their game when it comes to security issues. Although SD-WANs use 256-bit encryption as…
In a baffling turn of events, computers at Boeing have allegedly been infected with the WannaCry Ransomware. According to the Seattle Times, a memo was sent out by a Boeing employee that states that systems have been affected and that there were concerns the ransomware would “spread to airplane software”. Dan Matthews, Director of Engineering at Lastline commented below. Dan Matthews, Director of Engineering at Lastline: “The WannaCry core codebase has not changed, to the best of our knowledge. We continue to see outbreaks because of the built-in worm (self-propagation) behavior which the EternalBlue exploit allowed the malware creators to include. For comparison,…
Cybersecurity experts with STEALTHbits, VASCO Data Security and NuData Security commented below on the recent Dark Web Market Price Index published by VPN ratings service Top10VPN.com’s consumer site “Privacy Central.” The index puts the price of a full online identity at $1,170, while hacked Uber, Airbnb and Netflix accounts go for $10 each, and hacked Grubhub, Walmart and Costco accounts go for between $5 and $10 each. Ryan Wilk, Vice President of Customer Success at NuData Security: “Among all the personally identifiable information available on the web, the most valuable one is your complete online identity, as it includes data to access all your online accounts. It’s not surprising…
It has been reported that The State Department is proposing that all US visa applicants need to disclose their social media handles to the US government. It proposes that nearly every individual applying for a US visa be required to hand over any social media handles used on certain platforms in the past five years, as well as submit any telephone numbers and email addresses used during that same time period. Evgeny Chereshnev, CEO and Founder at Biolink.Tech commented below. Evgeny Chereshnev, CEO and Founder at Biolink.Tech: “An attempt to get access to social networks for visa purposes is insanely wrong, and is a clear…
In response to today’s Kaspersky Labs’ research summary “No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims”, a cybersecurity expert with Corero Network Security, leaders in real-time, high-performance DDoS defense solutions commented below. Andrew Lloyd, President at Corero Network Security: “Naturally, we agree with Kaspersky’s recommendation that organizations invest in DDoS protection. However, in order for someone to ascertain that their organization is an unintended victim of an attack, they would need to know who the attacker was and – more tellingly – who had paid them to execute it. Victims are often unlikely to know either identity. “Since…
