Gwent Police is being investigated after failing to inform hundreds of people that hackers may have accessed their confidential reports to the force. Sky News has learned that up to 450 people who filed reports through an online tool over a two-year period could have been put at risk by hackers due to security flaws. Although the tool was decommissioned after an internal security review discovered that confidential information was being exposed, the force did not inform the individuals who were affected. Gwent Police’s failure to report the potential breach stands in stark contrast to a breach at Uber, where the company is accused…
ISBuzz Team
The Path to Compliance Through Data Governance On May 25, 2018, the General Data Protection Regulation (GDPR) will come into effect in the European Union. Chances are you’ve already seen quite a bit of buzz surrounding GDPR and for good reason – it represents a significant change in how data will be handled around the world. But if you’re still getting up to speed, or you are one of the 50% of affected organisations worldwide who will be unprepared one year from now, most of the provisions and stipulations boil down to one simple thing: data governance. And by putting solid data governance practices in…
Elon Musk told visitors to South by Southwest on Sunday that AI “scares the hell” out of him, while the Chinese cryptocurrency exchange Binance is now offering $250K to anyone exposing the responsible parties for an attempted hack of the exchange last week. Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: Binance: “The recent attack seems to have been quite well planned, organized and executed, and experienced professionals are most probably behind it. Even if Binance offers ten times more bounty, they are unlikely to get what they want. Professional Black Hats have ample skills and sufficient knowledge to cover their…
It has been found that many organisations are not doing all they can to protect data privacy with there being a lack of transparency in how businesses store personal data, according to PwC’s 2018 Global State of Information Security Survey (GSISS). It was found only 51% of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. When it comes to third parties who handle personal data of customers and employees, less than half (46%) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46%)…
McAfee today launches its quarterly McAfee Labs Threats Report revealing the latest trends in cyber threat growth. Since last quarter, the amount of new cyber threats found every second has doubled, with McAfee Labs detecting 478 new cyber threats every minute or 8 every second. The report takes a detailed look at the latest tactics employed by criminal groups, reporting a clear diversifying of strategy with a move from traditional money makers such as ransomware, to the practice of hijacking Bitcoin and Monero wallets. Alongside this, the report reveals the extent to which the healthcare sector is under attack. McAfee Labs found a 211% surge in disclosed security incidents against…
News broke this morning that a cyber-espionage group, historically believed to be operating in the interests of the Chinese government is believed to have hacked a UK government contractor from where security researchers found evidence that attackers stole information related to UK government departments and military technology. Attackers used never-before-seen tools, old malware, but also employed legitimate apps found on the compromised systems in an attempt to remain undetected for as long as possible. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “Espionage by foreign governments should not come as a shock to anyone, these days.…
Report Finds Nearly Three Out of Four Organizations Would Fail an Access Controls Audit, Putting Privileged Credentials at High Risk Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today released the results from its 2018 Global State of PAM Risk and Compliance report, which highlights where many organizations are failing to fully put security controls in place to protect their most critical information assets. The groundbreaking global study, which surveyed more than 500 organizations worldwide, reveals major risk and compliance gaps in how organizations manage and secure their privileged accounts and access to sensitive…
News broke yesterday that a mitigation mechanism is available for all victims who are under a DDoS attack carried out via Memcached servers. This mitigation technique relies on the attacked victim sending a “flush_all” command back to the attacking servers. The measure was proposed last week by Dormando, one of the Memcached server developers. Johnathan Azaria, Security Research Specialist at Imperva Incapsula: “While this technique might be a suitable solution in a simplified environment, we would advise to keep the following in mind: 1) The Memcached servers used for the attacks are a victim as well. Sending a shutdown command or constantly flushing a server…
GitLab released the results of its second annual developer survey, revealing that implementing DevOps is the highest priority for software professionals in 2018. Survey results reveal developers now understand the need and importance of DevOps as a critical piece to the software development lifecycle, although it is still in the early stages of adoption. Meera Subbarao, Senior Principal Consultant at Synopsys’ Software Integrity Group commented below. Meera Subbarao, Senior Principal Consultant at Synopsys’ Software Integrity Group: “Organisations are pushing new software and updating existing software almost daily, and in some cases several times in a day. DevOps integrates development, security and operations activities to improve…
There has been a recent discovery in the German federal government hack that occurred last week. It has been discovered that the compromise involved e-Learning software suite ILIAS which was connected to the network. Craig Young, computer security researcher at Tripwire commented below. Craig Young, Computer Security Researcher at Tripwire: “Secure networks are only as secure as their weakest link. In the case of Germany’s classified IVBB network, it appears that this weakest link may have been a university e-learning system which was inexplicably connected to it. A message posted to the administrator’s mailing list of a German based open source e-learning suite, confirms that an installation…
