A fifth of businesses have no incident plan when it comes to cyber breaches, according to new research. In a survey of 1,000 business owners by cyber security specialist Nexor, 20% said they did not have an incident plan in place should there be a breach, while 17% plan to put one in place in 2022. An incident response plan is a documented, written plan with distinct phases that help IT professionals and staff recognise and deal with a cybersecurity incident like a data breach or cyber attack. These documents need regular updating paired with consistent training to ensure companies…
ISBuzz Team
A senior Volkswagen employee was dismissed weeks after raising the alarm about alleged cyber security vulnerabilities at the carmakers’ payments arm, which is soon to be majority-owned by JPMorgan. The manager alerted bosses in September 2021 to concerns that VW’s system in the region was “open to fraud” following an attempted cyber attack, and maintained that $2.6m sitting in the company’s accounts could be stolen, according to documents seen by the Financial Times. The staff member, who also told superiors that VW could face regulatory action if the vulnerabilities were not addressed, was then fired in October. VW said the…
Amazon’s smart voice assistant, Alexa, went down for two hours today, but the service is now recovering with many speakers back to fully operational. According to Down detector, Amazon, Alexa and Amazon Web Services started to see a spike in issues from around 2am ET / 7am GMT on January 21, 2022. The service went down in the UK, but also across Europe, with our colleagues in Italy and Germany confirming Alexa issues on the continent. Alexa is an artificial intelligence-based Voice Assistant developed by Amazon. This is one of many intelligent personal assistants in the market which can help with…
SafeBreach Researchers used Google’s own VirusTotal to find and retrieve more than 1,000,000 credentials, exfiltrated by different types of malware and unencrypted cryptocurrency wallets. VirusTotal is a free service offered by Google that checks suspicious files using dozens of antivirus engines. With just a single VirusTotal license, researchers gained access to the suspicious files and were able to use Google’s own tools to search for files containing the stolen credentials. Excerpts: (Google VirusTotal) … provides extensive search capabilities for a licensed user, allowing them to query the VirusTotal dataset by a combination of dozens of queries: filetype, filename, submitted date and…
The UK Government has today announced some new measures to boost British businesses’ cyber security after recent high profile attacks. More firms providing essential digital services should follow strict cyber security duties with large fines for non-complianceOther legislative proposals include improved incident reporting and driving up standards in the cyber security profession New laws are needed to drive up security standards in outsourced IT services used by almost all UK businesses, the government says. Other proposals being published today include making improvements in the way organisations report cyber security incidents and reforming legislation so that it is more flexible and can react…
The International Committee of the Red Cross (ICRC) has been the victim of a cyber-attack in which hackers managed to access the data of more than 515,000 extremely vulnerable people. Below is the statement by ICRC in relation to this attack: “The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.” The body, which has its headquarters in Geneva, had no immediate indication as to who might have carried out the attack. It said…
Have you scanned a QR code in the past week, no matter it’s in restaurants for menus or shops for contact tracing? Since the start of the pandemic, we’re seeing an uptick in adoption, but they all come with risks. What’s more, QR codes are more favourable for hackers as they’re less likely to be picked up by security software and easier to reach victims.
As we all are familiar by now, the Apache Log4j vulnerability shook the industry last December, and had create much chaos, which we are still witnessing today. Tim Mackey, Principal Security Strategist with Synopsys Cybersecurity Research Centre answers some tough questions on the aftermath of Log4j and its repercussions: Are we seeing the end of the era of open source?Should there be a commercial replacement to protect companies from security implications after Log4j?What kind of governance should be put in place, if any, to help identify and mitigate vulnerabilities sooner rather than later?Should better incentives be introduced to encourage the…
The World Economic Forum releasing today its first Global Cybersecurity Outlook report. Raghu summarises the specifics from the report, as well as highlighting the disappointing presentation in the report of cyber risks as technology risks and not enterprise risks that directly impact the business.
It has been reported that the root cause of the ongoing systems outage that is blighting thousands of contractors working for umbrella company Parasol is linked to “malicious activity” on its network, the company has confirmed. The outage is now entering its second week, with the company confirming in a statement on its website that its systems continue to experience “significant issues”, which, in turn, are delaying its ability to pay its contractors. The incident is also known to have affected two other firms, SJD Accountancy and Nixon Williams, which are part of the same group as Parasol and specialise…