Greig Schofield, Technical Manager at Netmetix, explores how Wi-Fi could expose your business – and your employees – to ‘Man in the Middle’ cybercrime. Imagine you’d spent a fortune making your home physically secure, only to discover you’d been quietly robbed by thieves who never set foot on your property. You thought you’d built a fortress, but didn’t notice the gap in the fence that left you wide open to intruders. It’s every homeowner’s worst nightmare. But it’s also a real-world metaphor for many UK businesses who, despite being increasingly vulnerable, have left the door to cybercrime unwittingly ajar.…
ISBuzz Team
UK businesses rank hackers outside of top five cyber threats to the organisation – 59% of UK businesses see email phishing as one of the biggest threats to their organisation – Ex-employees retaining access to business networks still a cause for concern for 28% of UK organisations – Almost one in three UK firms (30%) thought failure to follow data protection policies was a major threat. Research from information security company, Clearswift, has shown that links within emails are perceived as posing the biggest cyber threat to UK businesses, with 59% of business decision makers highlighting this as a chief…
In response to the news that millions of National Lottery players have been urged to change their passwords following what parent company Camelot describes as “suspicious activity” involving lottery accounts, Travis Smith, Principle Security Researcher at Tripwire commented below. Travis Smith, Principle Security Researcher at Tripwire: “Password re-use can be a crippling mistake. It’s less risky for attackers to use authentic credentials than to leverage exploits, as security tools are more likely to detect an active exploit. Since the same log-in credentials are commonly re-used across different websites, stolen credentials from one breach can lead to several other breaches (known…
In response to recent reports that a WalMart partner has exposed the personal data of 1.3 Mil US and Canadian shoppers, NuData Security commented below. Ryan Wilk, VP of Customer Success at NuData Security: “Many leading retailers are invoking exemplary security standards with technology and procedures but, unfortunately, fraudsters continuously take advantage of weak spots. To protect customers who have had their information leaked, companies transacting online can implement multi-layered security solutions that don’t rely on static data such as credit card numbers, passwords or security questions. Not-so-new technologies such as passive biometrics are able to do exactly this: they evaluate…
Research from McAfee reveals what Britons don’t want anyone to know what they say behind closed doors, highlighting the importance of protecting data – verbal or otherwise 32% of Brits admit that gossiping is the one thing they wouldn’t want anyone to overhear, including their digital assistant Two-fifths (40%) of people in the UK have considered their new digital assistants could be listening to them 46% of Brits admit to being embarrassed if their friends or family knew what questions they asked their digital assistants 23% of people have heard their neighbours doing something they probably wouldn’t want them to…
Renting a DDoS attack on the Dark Web is going for $10/h, $200/day, or for $500-$1,2000 for week-long attacks according to Armor. Andrew Lloyd, President at Corero Network Security commented below. Andrew Lloyd, President at Corero Network Security: “This data is order of magnitude consistent with what we’ve seen before. The data confirms that for as little as $100, you can acquire a DDoS attack sufficient to wreak havoc upon the victim. Corero’s primary research reveals that enterprises estimate the cost to the victim of a successful DDoS attack at $50,000; this figure includes the direct cost to recover from…
It has been reported that US travel agent Orbitz may have been hacked, potentially exposing the personal information of people that made purchases between Jan. 1, 2016 and Dec. 22, 2017. The company said Tuesday about 880,000 payment cards were impacted. Orbitz said data that was likely exposed includes name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender. The company said evidence suggests an attacker may have accessed information stored on this consumer and business partner platform between Oct. 1, 2017 and Dec. 22, 2017. IT security experts commented below. Mark James, Security Specialist…
A new wave of record-breaking distributed denial-of-service (DDoS) attacks have struck enterprises, changing the DDoS threat landscape yet again. Last month, researchers discovered that attackers are abusing a previously obscure method that delivers attacks over 50,000 times their original size, the biggest amplification method ever used. The vector is memcached, a web-based database caching system that speeds up networks and websites by caching the most frequently retrieved data and keeping it in memory rather than getting it from the hard disk. This type of attack struck software platform GitHub and numerous other websites and services, launching DDoS attacks on a scale…
Following the news that Wigan Council has experienced more than 80 data breaches in the past two years, Raj Samani, Chief Scientist and Fellow at McAfee commented below. Raj Samani, Chief Scientist and Fellow at McAfee: “This is yet another example of the agility of cyber-criminal gangs giving them an advantage over public organisations. Despite Wigan Council working to investigate the cause of each breach and provide remedial action, it still has not been able to reduce the amount of data breaches. For organisations to combat cyber criminals successfully, it is vital that we prioritise threat intelligence sharing in the immediate aftermath…
In response to reports that the U.S. blames Russia for cyber attacks on energy grid , Nick Bilogorskiy, a Cybersecurity Expert at Juniper Networks commented below on attack attribution, potential impacts of such attacks, and considerations for a “Digital Geneva Convention.” Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks: Considering a Digital Geneva Convention: “I think the world needs a set of rules similar to the Geneva Convention to establish the standards of law for humanitarian treatment in cyberwar. It needs to define the protections of non-combatants in and around the cyber-war zone. Certain technologies or attack scenarios should be restricted, for example DDOS-ing life-support systems. Another example…
