If someone asked you how many technologies comprise your cyber security portfolio, would you be able to answer correctly? Many IT and security professionals cannot, and this is dangerous for a variety of reasons. For starters, knowing your assets should be an important part of your overall security posture. But then there’s the issue of technology sprawl. Malware evolves daily, and too many companies think throwing money at the problem is a failsafe way to mitigate risk. They’ll buy a new service or product to combat the latest threat, deploy it and then forget all about it. Given this all-too-common…
ISBuzz Team
Following the hacking of the Italian Democratic Party of Firenza, Laurence Pitt, Director of Security Strategy at Juniper Networks commented below. Laurence Pitt, Director of Security Strategy at Juniper Networks: “On the night of Sunday 4th February 2018, the hacker group AnonPlus took responsibility for breaking into servers owned by the Democratic Party of Firenza in Italy. The result of this breach appears to have been the online publication of a list containing names, addresses, telephone numbers and other personally identifiable information related to 2,653 party members. The data is not new, it is dated from 2015, but for anyone who has not…
Any website that is not protected by encryption by July of this year will be categorized by Google as insecure. The new policy starting with version 68 of Chrome will force websites to move to HTTPS – encryption technology or be tagged as an unsecured website. Alex Calic, Chief Strategy & Revenue Officer commented below. Alex Calic, Chief Strategy & Revenue Officer: “Previous moves by Google and White House directives already introduced encryption as a basic tenet of a security-first mindset, with a majority of legitimate and/or premium websites already adopting it. However, it’s important to remember that HTTPS encryption is…
Almost 50% of internet users are falsifying the data that companies ask them to hand over when signing up for services online, according to new research by security company RSA. Digital advertising and marketing contribute to a global industry worth hundreds of billions of pounds, but the data which underpins that industry may not be very reliable. Lee Munson, Security Researcher at Comparitech.com commented below. Lee Munson, Security Researcher at Comparitech.com: “Working in the information security training and awareness industry, I am especially glad to see that around half of all consumers are becoming savvy about the personal data they disclose…
News broke yesterday that industrial control systems and SCADA servers have become a target for unauthorized cryptocurrency mining attack for the first time. Security firm Radiflow, discovered that cryptocurrency mining malware was found in the network of a water utility provider in Europe. IT security experts commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Cryptojacking attacks’ goal isn’t to steal data or take control of the infrastructure, but to consume compute cycles of the target systems. The direct consequence is system performance degradation, which can be difficult to discern if the operator is not monitoring the affected network. The attack could be the result of an…
Industry leaders love to talk to other industry leaders when it comes to the General Data Protection Regulation (GDPR), but they should talk to their local authority instead. How many times have I heard this catastrophic scenario that predicts the end for tape (again)? It’s Monday, and your manager asks you to delete someone’s personal data from your backup copies because the data protection officer received an email asking the company to follow the “right to be forgotten.” So, you grab a coffee and start figuring out where to find the data—but how can you delete a single file in…
Global newswire service Business Wire suffered for nearly a week from a cyberattack designed to disable it. The company said it has been experiencing a “directed and persistent” denial of service attack since Jan. 31, though customer information has not been compromised. IT security experts commented below. Stephanie Weagle, Vice President at Corero: “Cyber attackers can quickly and easily launch a DDoS attack to interrupt service availability to any online property. In the media and communications industry, attacks against these sites can be used to silence or shut down an unfavourable individual or news story. While the motivations behind the sustained attack against BusinessWire news service remain unknown, the…
It has recently been reported that a top secret Apple code for the iPhone’s operating system was posted on Github. The code, “iBoot”, could potentially allow hackers to find security holes in the smartphone, enabling them to analyse Apple’s code, replicating and manipulating it for malicious purpose. Rusty Carter, VP of Product at Arxan Technologies commented below. Rusty Carter, VP of Product at Arxan Technologies: “Apple iOS is widely viewed as the most trusted mobile operating system out there. But the leak of this source code is proof that no environment or OS is infallible, and application protection from within the application…
A DoS flaw found in open source CMS WordPress is so simple anyone could use it. Ilia Kolochenko, CEO at web security company High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “Compared to many other WordPress vulnerabilities that allow attackers to take full control of the vulnerable website and even of the web server, this flaw is of a minor importance. I don’t think professional cybercriminals will leverage it in their hacking campaigns in the near future. Exploitation for “fun” is, however, foreseeable but won’t have major consequences compared to other incidents.”
Following the news that Swisscom has admitted that 800,000 customer records were breached last year (including names, address, telephone numbers and dates of birth) IT security experts commented below. Swisscom described the information as ‘non-sensitive’ even though the information could be used to start a phishing attack against someone or combined with other data to commit fraud. Lisa Baergen, Director at NuData Security: “Although Swisscom reports that no credit card or payment information was exposed, having your name, address, and date of birth stolen can still cause problems. Cyber criminals use this information to create a complete profile of customers. Add a little…
