Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Top Posts
Debunking Three Cyber Insurance Myths For SMEs
Experts On Russia Being Held Accountable For SolarWinds
Security Expert Re: NSA Urges Organizations To Patch...
How To Protect Your Enterprise When You Can’t...
Expert Insights: Dir Nat’l Intelligence Releases Annual Threat...
Expert Advice Developers to Improve Software Security After...
Expert Reaction on Research that Coronavirus Triggering Surge...
Expert Comment On DPC Facebook Investigation
Apple Quietly Updated Some Of Its Top Hardware...
Security Researcher “Chrome 0day” Tweet – Expert Insight
Information Security Buzz
Connecting Security Experts
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Expert(s): November 30, 2020
Colin Bastable
CEO feature_status*/ ?>
Lucy Security

Comments Dotted : 36
December 14, 2020

Subway Customers Receive ‘Malware’ Emails – Expert Advice

People in the UK are going to get more than their lunchtime “sarnie”* delivered.
This is an elaborate attack. People in the UK are going to get more than their lunchtime “sarnie”* delivered. It's another reminder that security awareness training, with macro downloads and ransomware simulations, can considerably reduce the risk of social engineering attacks. To stay one step ahead, security teams should also look to war-game ransomware attacks, i.e. test what happens if an employee falls for an attack like the Subway one. By running "what-if" scenarios, where.....Read More
This is an elaborate attack. People in the UK are going to get more than their lunchtime “sarnie”* delivered. It's another reminder that security awareness training, with macro downloads and ransomware simulations, can considerably reduce the risk of social engineering attacks. To stay one step ahead, security teams should also look to war-game ransomware attacks, i.e. test what happens if an employee falls for an attack like the Subway one. By running "what-if" scenarios, where companies simulate the hundreds of tools employed by hackers, security teams can discover exactly what happens if an employee executes a malicious file, and proactively address system vulnerabilities in their network infrastructure before a real malware attack occurs." *(colloquial English for sandwich  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"People in the UK are going to get more than their lunchtime “sarnie”* delivered...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/subway-customers-receive-malware-emails-expert-advice

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"People in the UK are going to get more than their lunchtime “sarnie”* delivered...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/subway-customers-receive-malware-emails-expert-advice

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
December 03, 2020

Security Expert Re: Non-Profit Philadelphia Food Bank Loses Nearly A Million Dollars To BEC Scam

The good news is that with investment and training, employees can become your strongest defense.
Unfortunately, scammers are drawn to the money trail with no regard for ethics, so this means non-profits are also vulnerable to attack. The Philabundance attack checks all the boxes of a successful BEC scam: in-depth research to identify the target, social engineering exploits to penetrate the network, creation of a fake invoice from a known email address, and the request to wire funds to a (phony) bank account. BEC scams cleverly play on two glaring human vulnerabilities: an.....Read More
Unfortunately, scammers are drawn to the money trail with no regard for ethics, so this means non-profits are also vulnerable to attack. The Philabundance attack checks all the boxes of a successful BEC scam: in-depth research to identify the target, social engineering exploits to penetrate the network, creation of a fake invoice from a known email address, and the request to wire funds to a (phony) bank account. BEC scams cleverly play on two glaring human vulnerabilities: an employee’s susceptibility to social engineering, and their unquestioning trust in the chain of command. The best way to help prevent these types of attacks is to provide regular security training for employees, and establish specific business and financial policies for company payments. Companies that conduct ongoing and varied security training of their employees – starting at onboarding and continuing with regularly scheduled simulated phishing attacks, stand the greatest chance of keeping invaders out of their network. Interactive, relevant, and ongoing training can reduce the percentage of successful phishing attempts from 30 percent to less than 5 percent. To successfully defend against BEC scams, companies should also implement specific business and financial policies for all payments. The most effective policies limit the number of individuals authorized to make payments, call for additional authorizations above a pre-determined amount, require vendor validation, and treat any urgent requests or new payment methods as a suspect. Criminals know that employees can be the weakest link in a cyber attack. The good news is that with investment and training, employees can become your strongest defense.  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The good news is that with investment and training, employees can become your strongest defense...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-non-profit-philadelphia-food-bank-loses-nearly-a-million-dollars-to-bec-scam

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The good news is that with investment and training, employees can become your strongest defense...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-non-profit-philadelphia-food-bank-loses-nearly-a-million-dollars-to-bec-scam

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 11, 2020

Security Expert Re: Scammers Impersonate IRS, Threaten Legal Action As Tax Payment Deadline Looms

The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them.
To make this scam even more credible, it coincides with the IRS sending out real written demands for outstanding taxes. Tax reporting --and therefore tax payment -- season was pushed back six months, with taxes due October 15th. That sets an “impending event” in place – pay up by November 15th. The scammers know this, just as CPAs know it. The IRS is a fearsome beast to contend with, so the scammers get to leverage the trepidation that Americans feel when they receive an email that\'s .....Read More
To make this scam even more credible, it coincides with the IRS sending out real written demands for outstanding taxes. Tax reporting --and therefore tax payment -- season was pushed back six months, with taxes due October 15th. That sets an “impending event” in place – pay up by November 15th. The scammers know this, just as CPAs know it. The IRS is a fearsome beast to contend with, so the scammers get to leverage the trepidation that Americans feel when they receive an email that\'s apparently from the IRS. By combining heightened emotions with a sense of urgency, the attackers created a powerful call to action. Not to mention that since most likely, more people are going to be behind on their taxes due to the pandemic, the scammers will have an even higher hit rate. The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them. It\'s a good reminder to consumers that they should always be cautious when they receive an email asking for payment. Here are three simple questions to consider: Ask yourself --is the sender really who they claim to be? Start by checking the domain name – it’s easy to miss a one-letter mismatch between the sender’s domain and the company domain. Does the email contain suspicious content? Improper use of grammar or language, multiple spelling mistakes, or a strange layout are all red flags. Hover over any links in the email to see if the links are unusual. If so, don’t click on them! What are they asking me to do? Always be suspicious anytime an email asks you to do something unexpected, such as provide payment info or confidential log-in credentials. Take a closer look at the sender’s address or content and you’ll usually catch the attack.  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-scammers-impersonate-irs-threaten-legal-action-as-tax-payment-deadline-looms

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-scammers-impersonate-irs-threaten-legal-action-as-tax-payment-deadline-looms

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
July 16, 2020

Experts Insight On Major US Twitter Accounts Hacked in Bitcoin Scam

The wider question is: what else has been accessed? Is there more info to be released, like DMs?
It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console. Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spearphish the Admin, or perhaps that Admin opened a spoof internal Twitter email with a payload.....Read More
It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console. Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spearphish the Admin, or perhaps that Admin opened a spoof internal Twitter email with a payload designed to harvest his credentials. The targets will not garner much sympathy from the wider Twitterati, as we already see on social media. The world waits to see if The Donald’s account was hacked. The wider question is “what else has been accessed? Is there more info to be released, like DMs?” It is highly unlikely that Biden or Obama run their Twitter accounts – they have operatives to do that, so probably not much private gold to be mined at that level. Black eye for @Jack.  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The wider question is: what else has been accessed? Is there more info to be released, like DMs?..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-major-us-twitter-accounts-hacked-in-bitcoin-scam

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The wider question is: what else has been accessed? Is there more info to be released, like DMs?..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-major-us-twitter-accounts-hacked-in-bitcoin-scam

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
July 13, 2020

Cyber Experts Comment On US Secret Service Creates New Cyber Fraud Task Force

One tends to associate this type of activity with the FBI, which is, of course, part of the Dept.
This move makes sense. We do, however, have a lot of duplication of tasks among the various arms of America’s intelligence community. One tends to associate this type of activity with the FBI, which is, of course, part of the Dept. of Justice. With the US Secret Service being part of Homeland Security, perhaps this is part of a re-alignment of responsibilities.
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"One tends to associate this type of activity with the FBI, which is, of course, part of the Dept. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cyber-experts-comment-on-us-secret-service-creates-new-cyber-fraud-task-force

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"One tends to associate this type of activity with the FBI, which is, of course, part of the Dept. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cyber-experts-comment-on-us-secret-service-creates-new-cyber-fraud-task-force

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
July 07, 2020

Personal Details of 1M Dating App Customers Leaked – Security expert comments

ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up.
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and.....Read More
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and subscriber growth. Or perhaps the original architect is no longer employed. Regardless – they dropped the ball.  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/personal-details-of-1m-dating-app-customers-leaked-security-expert-comments

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/personal-details-of-1m-dating-app-customers-leaked-security-expert-comments

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
June 23, 2020

Comment: Potentially Sensitive Data From Over 200 US Police Departments Exposed Online By ‘BlueLeak’s

The Feds have been living off their reputation and believing their own propaganda for far too long now.
At the heart of cyber-risk is convenience – making it easy to upload files and build a website has also enabled the hackers to score a spectacular win against US law enforcement. The Netsential website is barebones right now, but checking out the Wayback Machine for the Netsential website shows a consistent typo: “Netsential builds sites with as much or as customer involvement that is desired.” For me that would be a red flag – a sign that I should take a closer look at the company,.....Read More
At the heart of cyber-risk is convenience – making it easy to upload files and build a website has also enabled the hackers to score a spectacular win against US law enforcement. The Netsential website is barebones right now, but checking out the Wayback Machine for the Netsential website shows a consistent typo: “Netsential builds sites with as much or as customer involvement that is desired.” For me that would be a red flag – a sign that I should take a closer look at the company, especially since Netsential advertise the fact that the FBI and DoJ are customers. My point being that Fusion Centers were set up as a Homeland Security initiative post-9/11 in order to facilitate information sharing at all levels of law enforcement – an obvious target for China, Russia, Iran or organized crime. You would expect the FBI to have identified this potential point of entry and remedied it. The Feds have been living off their reputation and believing their own propaganda for far too long now. My heart goes out to those many people whose information is compromised.  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The Feds have been living off their reputation and believing their own propaganda for far too long now. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-potentially-sensitive-data-from-over-200-us-police-departments-exposed-online-by-blueleaks

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The Feds have been living off their reputation and believing their own propaganda for far too long now. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-potentially-sensitive-data-from-over-200-us-police-departments-exposed-online-by-blueleaks

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
June 10, 2020

Expert Insight On Dark Basin – Uncovering A Massive Hack-For-Hire Operation

The University of Toronto’s Citizen Lab’s report reads like a movie script.
The University of Toronto’s Citizen Lab’s report reads like a movie script. Half the time I’m thinking that the bad guys left so many trails that it must be an exercise in misdirection. Only State actors could pull something like this together. The quality of the phishing site landing pages is excellent, and the English grammar is very good - too good, unless you were running a very professional well-financed and targeted operation. The subdomains are also well designed, especially for.....Read More
The University of Toronto’s Citizen Lab’s report reads like a movie script. Half the time I’m thinking that the bad guys left so many trails that it must be an exercise in misdirection. Only State actors could pull something like this together. The quality of the phishing site landing pages is excellent, and the English grammar is very good - too good, unless you were running a very professional well-financed and targeted operation. The subdomains are also well designed, especially for mobile users. The URL shorteners, the 5 and a half-hour time zone difference, and the different email address which tie back to BellTroX are all very interesting.  Read Less
Like(2)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The University of Toronto’s Citizen Lab’s report reads like a movie script. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-dark-basin-uncovering-a-massive-hack-for-hire-operation

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The University of Toronto’s Citizen Lab’s report reads like a movie script. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-dark-basin-uncovering-a-massive-hack-for-hire-operation

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
June 09, 2020

Security Expert Re: Maze Ransomware Attacks ST Engineering’s U.S. Aerospace Subsidiary

Treat people as part of a holistic defense strategy.
The fact that “ a compromised Administrator account” was the entry point for the Maze ransomware breach will be lost on most people. The truth is that hackers breached VT SAA’s defenses by bypassing their Maginot Line, or, perhaps more appropriately for the shareholders of ST Aerospace - the guns were pointing the wrong way. In other words, the hackers succeeded by going around VT’s cyber defense, probably by phishing the human owner of the Admin account. The enemy is waging the war.....Read More
The fact that “ a compromised Administrator account” was the entry point for the Maze ransomware breach will be lost on most people. The truth is that hackers breached VT SAA’s defenses by bypassing their Maginot Line, or, perhaps more appropriately for the shareholders of ST Aerospace - the guns were pointing the wrong way. In other words, the hackers succeeded by going around VT’s cyber defense, probably by phishing the human owner of the Admin account. The enemy is waging the war in front of them while most security teams are fighting the last war, the one where anti-virus software, encryption, 2FA and firewalls save the day. Post attack, the focus of the story is always on encrypted data, “securing our systems”, buying more tech, retaining a well-known outside security advisory team and managing the PR. So the lesson is rarely learned: Patch People. Treat people as part of a holistic defense strategy. For a fraction of the cost of cyber defenses, CISOs can teach employees how to be part of the defense. It’s not as sexy as big-budget security tech but it can work far better.  Read Less
Like(3)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Treat people as part of a holistic defense strategy...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-maze-ransomware-attacks-st-engineerings-u-s-aerospace-subsidiary

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Treat people as part of a holistic defense strategy...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-maze-ransomware-attacks-st-engineerings-u-s-aerospace-subsidiary

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
May 29, 2020

Michigan State University hit By Ransomware Gang – Cybersecurity Experts Insight

The hackers have learned how valuable that approach can be in aid of their extortion.
More and more, we see that ransomware is not a technology issue per se. This is about human behavior. Exerting pressure, exploiting human weaknesses. Applying psychology to gain advantage. We have learned how the FBI leaked the dossier story, to create news, establish momentum and pressure Trump. The hackers have learned how valuable that approach can be in aid of their extortion. When you are in a knife fight, bring a gun! CISOs and their security teams keep turning up with penknives......Read More
More and more, we see that ransomware is not a technology issue per se. This is about human behavior. Exerting pressure, exploiting human weaknesses. Applying psychology to gain advantage. We have learned how the FBI leaked the dossier story, to create news, establish momentum and pressure Trump. The hackers have learned how valuable that approach can be in aid of their extortion. When you are in a knife fight, bring a gun! CISOs and their security teams keep turning up with penknives. Hackers are turn up with guns. Last week, we saw an attack on a law firm, in which the attackers took a page out of the media playbook, throwing Donald Trump into the mix to get maximum publicity, doubling the ransom demand and teasing out a few details. Now we see the attackers leaking and leading the news again, forcing the MSU attack onto the public forum. This increases the general fear of ransomware, at no cost to the hackers. Every university will now be checking their insurance for ransomware payments, which makes it more likely that ransoms can be paid in the future. We are not dealing with ethics here – it’s all about the money, with a side-helping of chaos. Incidentally, universities have HIPAA obligations, PCI obligations, PII obligations – so this could get messy.  Read Less
Like(0)  (0)

Linkedin Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The hackers have learned how valuable that approach can be in aid of their extortion...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/michigan-state-university-hit-by-ransomware-gang-cybersecurity-experts-insight

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Colin Bastable, CEO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The hackers have learned how valuable that approach can be in aid of their extortion...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/michigan-state-university-hit-by-ransomware-gang-cybersecurity-experts-insight

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Kevin Mandia, CEO, FireEye

"This is a positive, welcome step towards adding more friction to Russian operations. "

Experts On Russia Being Held Accountable For SolarWinds

Tony Cole, CTO , Attivo Networks

"The impact from all the actions taken by the US government? It’s undetermined at this point in time. "

Experts On Russia Being Held Accountable For SolarWinds

Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic

"The good news in the statement fact sheet is the part where the US government support a Global Cybersecurity Approach. "

Experts On Russia Being Held Accountable For SolarWinds

Jayant Shukla, CTO and co-founder, K2 Cyber Security

"Virtual patching is a feature of runtime application security solutions like RASP. "

Security Expert Re: NSA Urges Organizations To Patch Top Vulnerabilities Exploited By Russia

Saryu Nayyar, CEO, Gurucul

"The best defense is a full-stack offense which again includes cyber defenses powered by machine learning like security analytics. "

Expert Insights: Dir Nat’l Intelligence Releases Annual Threat Assessment Thursday

Garret F. Grajek, CEO, YouAttest

"My fear as an identity professional for 30 years is that more regulation will occur because of the threat. "

Expert Insights: Dir Nat’l Intelligence Releases Annual Threat Assessment Thursday

Craig Sanderson, VP of Security Products, Infoblox

"These incidents give us an opportunity to take a look at potential prevention steps. "

Expert Advice Developers to Improve Software Security After NAME:WRECK Disclosure

John Smith, Solution Architects EMEA and APAC, Veracode

"The potential impact of exploiting the NAME:WRECK vulnerabilities are substantial, but software flaws are not a new threat for businesses. "

Expert Advice Developers to Improve Software Security After NAME:WRECK Disclosure

Stephen Bradford, SVP EMEA, SailPoint

"When speed trumps security, we’re increasingly exposed to cyber fraud. "

Expert Reaction on Research that Coronavirus Triggering Surge in Cyber Fraud

Chris Strand, Chief Compliance Officer, IntSights

"The DPC was instrumental in enforcing a fine on Twitter when 32.8 million credentials ended up online last year. "

Expert Comment On DPC Facebook Investigation

Jake Moore, Cybersecurity Specialist, ESET

"Apple are likely to have suspected a threat to the hardware if this had got out, hence why it was kept under wraps. "

Apple Quietly Updated Some Of Its Top Hardware Due To Security Risks

Satnam Narang, Senior Research Engineer, Tenable

"We strongly encourage users and organizations alike to ensure they are patching their browsers like Chrome and Edge as soon as possible. "

Security Researcher “Chrome 0day” Tweet – Expert Insight

Steve Forbes, Government Cyber Security Expert, Nominet States

"It is vital that governments pay close attention to the resilience of their critical infrastructures. "

Iran Nuclear Facility Potential Cyber Attack – What Expert Says

Saryu Nayyar, CEO, Gurucul

"The good news is that it appears the only damage is financial, and likely temporary. "

Industry Leaders On Android.Joker Malware

Eddie Glenn, Senior Product Manager, Venafi

"These timestamps indicate that the code signing certificate was valid at the time it was used to sign the code. "

Expert Reaction On Pulse Secure VPN Users Can’t Login Due To Certificate Related Outage

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

ISB CONFERENCE

ISB Conference 2021

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel