Cybersecurity has dynamically evolved into a complex, ongoing threat for any company if they value their business. Cybersecurity should take center stage as a strategic issue for companies, employees and customers. Additionally, no one company or person is immune to the latest threats online. Those who sit on the board themselves are high value targets for phishing emails and ransomware along with the rest of employees. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “The board room must not only support a sustained employee training program, they must also sponsor a strategic transition in the way…
ISBuzz Team
New research has been released by Semafone revealing the dire state of contact centre security. The survey found that 72% of agents who collected payment data or other PII over the phone still require customers to read their information aloud – exposing sensitive data to the agent and call recordings. Tom Harwood, Co-Founder and Chief Product Officer at Aeriandi commented below. Tom Harwood, Co-Founder and Chief Product Officer at Aeriandi: “Typically, contact centres use dual tone, multi frequency (DTMF) technology to enable callers to make secure payments over the phone. Our experience shows that between one and five per cent of people…
Luke Potter, head of cybersecurity at SureCloud, examines the KRACK vulnerability and provides steps for guarding against it This week, several vulnerabilities in the WPA and WPA2 protocols that would enable an attacker to decrypt wireless network packets, and even inject into the network traffic on the wireless network directly, were publically disclosed. This would mean that in some cases, an attacker could potentially intercept and manipulate requests to sensitive websites with an aim to capture the credentials. The ultimate impact of this vulnerability being successfully exploited would allow an attacker the ability to decrypt WPA/WPA2 wireless traffic. This would…
Mozilla is considering distrusting the Dutch government’s Certificate Authority due to concerns over the country’s new security laws which grants security services broad powers it intercept and read encrypted messages. And with the UK government continue to push for restrictions on encryption, the battle between Mozilla and the Dutch government could be a prelude to a similar fight here. Kevin Bocek, Chief Cyber-Security Strategist at Encryption Experts Venafi commented below. Kevin Bocek, Chief Cyber-Security Strategist at Venafi: “In a huge twist of irony the Dutch government is joining the march to turn back privacy and join China and Russia in destroying the power…
Enterprises embracing hybrid cloud, but need better visibility and security management processes to accelerate cloud application deployment, and prevent cyberattacks and compliance violations Most enterprises face major challenges when managing security across their hybrid enterprise networks both during and after cloud migrations, according to the new ‘Hybrid Cloud Environments: The State of Security’ survey from AlgoSec, the security policy management vendor. The international survey of 450 senior security and network professionals reveals the insecurities around enterprises’ hybrid cloud strategies. While nearly a third (32%) plan to increase their public cloud usage in the next 12 to 18 months, the majority harbor significant concerns about…
A USB memory stick containing highly sensitive Heathrow security data, including details of the Queen’s route to the airport and her security measures, was found lying in the street over the weekend. IT security experts commented below. Geoff Webb, Vice President, Product Marketing and Solutions Strategy at Micro Focus: “It’s definitely not the first time that a lost USB stick has turned up with sensitive information on it. The fact that it was unencrypted is obviously the concern – many organisations have clear policies in place to ensure that information is encrypted wherever it is stored, including on removable media. More broadly, the ability to…
News broke yesterday morning that an unknown hacker hijacked Coinhive’s DNS server and replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker’s own wallet. Helming, Director of Product Management at DomainTools commented below. Helming, Director of Product Management at DomainTools: “This incident illustrates perfectly how DNS credentials are, in many cases, the keys to the kingdom. Whoever owns DNS (legitimately or maliciously) owns the domain and its contents. It also underscores the dangers inherent in both data breaches, and poor password practices. Coinhive have suggested this incident was likely as a result of the Cloudfare data breach in 2014, and…
After a serious IT security incident is discovered, the priority is to shut it down and recover quickly in a cost-effective manner. However, management will want to find the root of the problem so that they have a place to point the finger, but this is often easier said than done. Security incidents require a time and labor-intensive investigation to uncover cybercrime techniques and sift through massive amounts of data. Incidents that involve a privileged account prove to be even more challenging as authorized insiders or external hackers who have hijacked credentials can modify or delete logs to cover their…
Security experts have found that Dark web vendors are now selling remote access to corporate computers for as little as $3 (£2.28). Dark web marketplaces have begun increasingly selling credentials to hacked Remote Desktop Protocol (RDP) servers, which allow hackers to spy on and steal data from companies without using malware. Tyler Reguly, Manager of Security Research and Development at Tripwire commented below. Tyler Reguly, Manager of Security Research and Development at Tripwire: “There is a reason that PCI ASVs are required to include a special note upon discovery of remote access software when performing quarterly scans for customers, this level of access can often give…
Twitter has announced that it will make the identity of any ad purchaser, the ad itself and those targeted by the ad available for anyone to review. This news comes in the wake of possible Federal legislation that would force tech companies like Twitter to disclose political ads. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “Twitter’s announcement to label political ads and create a transparency center is a step in the right direction. The political ad situation all boils down to knowing your customer, a simple task that quickly turns complex when dealing…
