Expert(s):
CTO feature_status*/ ?>
Censornet

Comments Dotted : 5
March 04, 2021

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And Stronger Than Ever
“Careless clicks sink ships.”

Ransomware attacks often start with phishing emails designed to trick victims into giving up their credentials. Once ransomware like Ryuk gets inside a network, it spreads and becomes more dangerous. This is why it’s imperative to train staff how to recognise a phishing email so ransomware cannot establish a beachhead. 



The threat from phishing is only amplified during this remote working era. Home workers should be extremely careful to avoid clicking on links on their work devices, because

.....Read More

Ransomware attacks often start with phishing emails designed to trick victims into giving up their credentials. Once ransomware like Ryuk gets inside a network, it spreads and becomes more dangerous. This is why it’s imperative to train staff how to recognise a phishing email so ransomware cannot establish a beachhead. 



The threat from phishing is only amplified during this remote working era. Home workers should be extremely careful to avoid clicking on links on their work devices, because this could lead to the compromise of their employer’s systems. 

The best advice is to stay on guard and apply a healthy dose of scepticism before opening or clicking on any links, even those that appear to be from a trusted source. To paraphrase a famous World War II slogan: careless clicks sink ships. 



Employees should be extremely careful, because they don’t want to be the one who ends up allowing ransomware into the network.  

 


It’s also important for organisations and businesses to maintain a tightly integrated security system which automatically blocks threats across multiple channels.

  Read Less
January 05, 2021

Lloyds Debit Card Glitch – Expert Analyses The Latest String Of Software Glitches
Cybercriminals will continue to try and take advantage of the isolated remote worker, as the world gets used to ‘not another day at the office’.

Cybercriminals will continue to try and take advantage of the isolated remote worker, as the world gets used to ‘not another day at the office’. The attack techniques we have seen an increase over the past year - phishing, email scams, social engineering - will persevere while regular communication channels remain disrupted. Without the ability for an employee to easily double-check that an email is actually from the finance department or their boss, there is a risk they will just click the

.....Read More

Cybercriminals will continue to try and take advantage of the isolated remote worker, as the world gets used to ‘not another day at the office’. The attack techniques we have seen an increase over the past year - phishing, email scams, social engineering - will persevere while regular communication channels remain disrupted. Without the ability for an employee to easily double-check that an email is actually from the finance department or their boss, there is a risk they will just click the link or enter their details because it is the path of least resistance.

 

However, organizations will respond by strengthening their defenses. Remote Access solutions adopted in haste at the start of the pandemic will be risk assessed and improved to become Secure Remote Access solutions. Zero Trust - the idea that you should assume by default that those accessing your network cannot be trusted - has been long discussed in the security community but will now become the norm. The traditional model of ‘connect then authenticate’ will shift to ‘authenticate then connect’.

 

Context - where an employee is, what device they are using, on what day and at what time - will also play an increasingly important role in authentication alongside traditional identity checks. In fact, with the move to the cloud, a combination of identity and context will effectively become the new perimeter, as the traditional enterprise firewall becomes less and less relevant. Because of the more fluid nature of the perimeter, user and entity behaviour analytics will also increase in importance as identifying patterns outside of normal will be vital for enterprises trying to spot potentially harmful activity.

  Read Less
January 16, 2020

Thousands Of British Passports Left Exposed On Unsecured AWS Bucket
This is not the fault of Amazon, which has security measures for its AWS storage.
Another day, another unsecured AWS bucket, and the data in this one couldn't be more sensitive. The files discovered by the researchers include passports, job applications, tax documents, background checks, and scanned contracts. Essentially, every personal detail a criminal could possibly need to conduct identify theft, all left in an unsecure database online. The oldest of the UK information dates back to 2011, which is a very large window for criminals to have found this database and.....Read More
Another day, another unsecured AWS bucket, and the data in this one couldn't be more sensitive. The files discovered by the researchers include passports, job applications, tax documents, background checks, and scanned contracts. Essentially, every personal detail a criminal could possibly need to conduct identify theft, all left in an unsecure database online. The oldest of the UK information dates back to 2011, which is a very large window for criminals to have found this database and exploited it. Remember, we only hear about open databases in the news when security researchers find them - criminals don't advertise that they've come across a treasure trove of information - but you better believe that they're out there searching for them. This is not the fault of Amazon, which has security measures for its AWS storage. In fact, you have to disable the default security measures to leave a database open like this. Data leaks such as this happen because businesses do not have enough awareness or visibility of how their data is actually being stored in the cloud, and it is crucial that this changes. Unfortunately a lack of accountability makes this difficult - Amazon can't disclose whose storage this is so we don't know what organisation is responsible. However, that is no excuse for businesses to be lax on cloud security. They and their customers will pay the final cost of lost data.  Read Less
September 06, 2019

Experts Dots On Massive Database Of Facebook Users’ FB IDs And Phone Numbers Found Online – On An Unprotected Server
Using an app for 2FA, like Google authenticator, is a good idea.
This is not the first data privacy scandal that has hit Facebook - but that should not detract from the scale of this breach. With 419 million phone numbers exposed, the volume of this data leak is huge. The main data set that has been leaked contains phone numbers, and in some cases Facebook ID, user name, gender and location by country were also exposed. Although these details may not seem that sensitive on the surface, they actually provide cybercriminals with a head start for carrying out .....Read More
This is not the first data privacy scandal that has hit Facebook - but that should not detract from the scale of this breach. With 419 million phone numbers exposed, the volume of this data leak is huge. The main data set that has been leaked contains phone numbers, and in some cases Facebook ID, user name, gender and location by country were also exposed. Although these details may not seem that sensitive on the surface, they actually provide cybercriminals with a head start for carrying out fraudulent activity and identity theft. With mobile phone numbers often being used for two factor authentication, there is a risk that hackers, with a little research, could attempt SIM-swap attacks and intercept one time passcodes to break into any number of personal accounts. Using an app for 2FA, like Google authenticator, is a good idea. This data was leaked via an unsecured database server and it is unacceptable for companies to suffer data leaks in this way. Once again Facebook has let their users down.  Read Less
September 05, 2019

Teletext Holidays Data Breach Exposes 212,000 Customer Call Recordings
With the proliferation of organisations using cloud services like AWS, those responsible for locking down data need.
The news that Teletext Holidays left the recorded telephone calls of over 200,000 customers exposed online for over three years provides yet another example of the security issues that misconfiguration of the cloud can cause for businesses. To make matters even worse, some of the stored calls also had accompanying transcripts, making life even easier for criminals searching for the personal details required to carry out fraud. With the proliferation of organisations using cloud services .....Read More
The news that Teletext Holidays left the recorded telephone calls of over 200,000 customers exposed online for over three years provides yet another example of the security issues that misconfiguration of the cloud can cause for businesses. To make matters even worse, some of the stored calls also had accompanying transcripts, making life even easier for criminals searching for the personal details required to carry out fraud. With the proliferation of organisations using cloud services like AWS, those responsible for locking down data need to understand the risks, and tools available to mitigate them. The fact that this has been left exposed online for three years demonstrates the lack of visibility Truly Travel had over their cloud infrastructure, something inexcusable when there are comprehensive solutions available to monitor and control cloud use.  Read Less