Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Top Posts
Data Loss Prevention: Artificial Intelligence vs. Human Insight
Expert On How The UK Police Data Loss...
Cyber Criminals Left Stolen Phishing Credentials Exposed To...
Cyber Expert On Malware Found On Laptops Provided...
OpenText Research Offers A Snapshot Of UK Attitudes...
How Much Are You Worth On The Dark...
Experts Reaction On World Economic Forum 2021 Report...
Major Security Flaws Found In Signal And other...
Comment On IoT Risks Of Peloton Bike
Top‌ ‌3‌ ‌Priorities‌ ‌For‌ ‌CISOs’‌ ‌2021‌ ‌Security‌ ‌Programs
Information Security Buzz

Connecting Security Experts

  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Expert(s): November 30, 2020
Peter Draper
Technical Director, EMEAfeature_status*/ ?>
Gurucul

Comments Dotted : 15
March 06, 2020

Experts Insight On News: Virgin Media Data Breach Affects 900,000 People

Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.
This data breach is wholly down to human error which is one of the biggest threats facing organisations today. The incorrectly configured data is an example of a sole employee not following the correct procedures and exposed hundreds of thousands of personal details of customers. The risk associated with incorrectly configured databases have been highlighted many times. The content of the database appears to have a wealth of information which bad actors could use for fraud and identity theft. .....Read More
This data breach is wholly down to human error which is one of the biggest threats facing organisations today. The incorrectly configured data is an example of a sole employee not following the correct procedures and exposed hundreds of thousands of personal details of customers. The risk associated with incorrectly configured databases have been highlighted many times. The content of the database appears to have a wealth of information which bad actors could use for fraud and identity theft. The situation of today’s digital world is that an increasing volume of personally identifying information is being harvested whenever we interact with organisations online. If this data isn’t strongly secured, and it often isn’t, this information can easily end up on the dark web. Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-news-virgin-media-data-breach-affects-900000-people

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-news-virgin-media-data-breach-affects-900000-people

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 21, 2020

Personal Details Of 10.6M MGM Hotel Guests Posted On A Hacking Forum – Cybersecurity Experts React

There is much “talk” about Zero Trust strategy.
Unfortunately, users’ data being exposed and made available to a wide range of bad actors is so commonplace in today’s connected world. Organisations who hold any personal data of their customers must really improve their protection of such data. There are technologies available today which can be used in a multifaceted security strategy. There is much “talk” about Zero Trust strategy. Organisations need to be taking action to move towards this as a priority. Security Analytics and.....Read More
Unfortunately, users’ data being exposed and made available to a wide range of bad actors is so commonplace in today’s connected world. Organisations who hold any personal data of their customers must really improve their protection of such data. There are technologies available today which can be used in a multifaceted security strategy. There is much “talk” about Zero Trust strategy. Organisations need to be taking action to move towards this as a priority. Security Analytics and Automation will provide the right foundations for delivering on Zero Trust and provide better security for their customers’ data as well as the organisations critical data and Intellectual Property.”  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There is much “talk” about Zero Trust strategy. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/personal-details-of-10-6m-mgm-hotel-guests-posted-on-a-hacking-forum-cybersecurity-experts-react

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There is much “talk” about Zero Trust strategy. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/personal-details-of-10-6m-mgm-hotel-guests-posted-on-a-hacking-forum-cybersecurity-experts-react

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 07, 2020

Philips Smart Lights Vulnerability Allows Hopping To Devices On The Network – Experts Advise

The device can be used as part of a wider net of IoT.
This is one of the major issues with so called “smart devices”. The controls in place on the quality of development and security testing on these products has a long way to go. There are two main issues here. 1) The device can be used to snoop on other devices in the network or to install additional software on those devices 2) The device can be used as part of a wider net of IoT (smart) devices for other nefarious purposes (Such as DDoS attacks). If users are going to install smart .....Read More
This is one of the major issues with so called “smart devices”. The controls in place on the quality of development and security testing on these products has a long way to go. There are two main issues here. 1) The device can be used to snoop on other devices in the network or to install additional software on those devices 2) The device can be used as part of a wider net of IoT (smart) devices for other nefarious purposes (Such as DDoS attacks). If users are going to install smart devices on their home networks I would highly recommend enabling guest Wifi access (if their router supports it) and only connect your smart devices to the guest network. That way your personal devices will have some protection by keeping that level of separation. This does not stop the devices being infected and used for other purposes.  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The device can be used as part of a wider net of IoT...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/philips-smart-lights-vulnerability-allows-hopping-to-devices-on-the-network-experts-advise

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The device can be used as part of a wider net of IoT...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/philips-smart-lights-vulnerability-allows-hopping-to-devices-on-the-network-experts-advise

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 07, 2020

The device can be used as part of a wider net of IoT (smart) devices.
This is one of the major issues with so called “smart devices”. The controls in place on the quality of development and security testing on these products has a long way to go. There are two main issues here. 1) The device can be used to snoop on other devices in the network or to install additional software on those devices 2) The device can be used as part of a wider net of IoT (smart) devices for other nefarious purposes (Such as DDoS attacks). If users are going to install smart .....Read More
This is one of the major issues with so called “smart devices”. The controls in place on the quality of development and security testing on these products has a long way to go. There are two main issues here. 1) The device can be used to snoop on other devices in the network or to install additional software on those devices 2) The device can be used as part of a wider net of IoT (smart) devices for other nefarious purposes (Such as DDoS attacks). If users are going to install smart devices on their home networks I would highly recommend enabling guest Wifi access (if their router supports it) and only connect your smart devices to the guest network. That way your personal devices will have some protection by keeping that level of separation. This does not stop the devices being infected and used for other purposes.  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The device can be used as part of a wider net of IoT (smart) devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The device can be used as part of a wider net of IoT (smart) devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 06, 2020

What Expert Says On 500,000+ Bitbucket Hosts Have Been Infected With Malware

The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals.
This breach is another example of how in today’s digital world an increasing volume of personally identifying information is being harvested whenever we interact with organisations online. If this data isn’t strongly secured, and it often isn’t, the information can easily end up in the hands of cyber criminals or on the dark web. The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals to launch phishing attacks or other.....Read More
This breach is another example of how in today’s digital world an increasing volume of personally identifying information is being harvested whenever we interact with organisations online. If this data isn’t strongly secured, and it often isn’t, the information can easily end up in the hands of cyber criminals or on the dark web. The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals to launch phishing attacks or other sophisticated social engineering exploits that can lead to fraud and identity theft.  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
" The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-500000-bitbucket-hosts-have-been-infected-with-malware

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
" The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-500000-bitbucket-hosts-have-been-infected-with-malware

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 31, 2020

Experts On Data Breach At Indian Airline SpiceJet Affects 1.2 Million Passengers

In addition, it would be interesting to know if SpiceJet were even aware of the access attempts.
This is another example of lack of basic security controls. Anything that contains customer data should not be "protected" (or not as the case may be) behind a simple, easily guessable password. This does not follow the Spicejet Spokespersons response stating "we [Spicejet] undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level. Some possible measures would be complex, frequently changed password (minimum) .....Read More
This is another example of lack of basic security controls. Anything that contains customer data should not be "protected" (or not as the case may be) behind a simple, easily guessable password. This does not follow the Spicejet Spokespersons response stating "we [Spicejet] undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level. Some possible measures would be complex, frequently changed password (minimum) or better still MFA for access to this customer data. In addition, it would be interesting to know if SpiceJet were even aware of the access attempts. If not then modern security analytics solutions are available to provide the visibility required to identify and mitigate these threats quickly.  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"In addition, it would be interesting to know if SpiceJet were even aware of the access attempts. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-data-breach-at-indian-airline-spicejet-affects-1-2-million-passengers

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"In addition, it would be interesting to know if SpiceJet were even aware of the access attempts. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-data-breach-at-indian-airline-spicejet-affects-1-2-million-passengers

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 31, 2020

Comment: Wordpress Plugin Bug Exposes 200K+ Sites

This CSRF "flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site.
A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.he vulnerability tracked as CVE-2020-8417 and rated as high severity was patched with the release of version 2.14.0 on January .....Read More
A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.he vulnerability tracked as CVE-2020-8417 and rated as high severity was patched with the release of version 2.14.0 on January 25, two days after it was discovered and reported to the plugin's developer by Wordfence's Threat Intelligence team. This CSRF "flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site," allowing potential attackers to remotely execute arbitrary code on websites running vulnerable Code Snippets installation. These malicious requests could be used by the attackers to inject malicious code to be executed on the site thus making it possible to create a new administrative account on the site, exfiltrate sensitive information, infect site users, and much more. The full story can be found here: https://www.bleepingcomputer.com/news/security/200k-wordpress-sites-exposed-to-takeover-attacks-by-plugin-bug/  Read Less
Like(0)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This CSRF \"flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-wordpress-plugin-bug-exposes-200k-sites

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This CSRF \"flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-wordpress-plugin-bug-exposes-200k-sites

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 28, 2020

Experts On Gedia Automotive Group Hit By Massive Cyber Attack That Shuts Down IT Operations

Utilise good endpoint protection
Companies can protect themselves better following some basic, standard tactics 1) Ensure good and regular backups are available to be able to recover quickly. 2) Utilise good endpoint protection 3) User awareness of phishing attacks and how to identify them 4) Ensure as much visibility of their infrastructure and users behaviour as possible to allow issues to be identified.
Like(2)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Utilise good endpoint protection..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-gedia-automotive-group-hit-by-massive-cyber-attack-that-shuts-down-it-operations

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Utilise good endpoint protection..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-gedia-automotive-group-hit-by-massive-cyber-attack-that-shuts-down-it-operations

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 23, 2020

Experts On UPS Reveals Phishing Attack Might Have Exposed Customer Information

Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections.
Here we have another example of the most common issue facing companies today - phishing attacks that allow bad actors to breach corporate systems. It is clear that phishing is never going to be eradicated so companies need to do all they can to protect against it. The challenge is there are many ways that bad actors breach systems using phishing. Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. In addition, companies.....Read More
Here we have another example of the most common issue facing companies today - phishing attacks that allow bad actors to breach corporate systems. It is clear that phishing is never going to be eradicated so companies need to do all they can to protect against it. The challenge is there are many ways that bad actors breach systems using phishing. Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. In addition, companies should ensure they have full visibility of users accounts, entitlements and behaviour with the ability to spot anomalous and risk behaviour quickly and remediate.  Read Less
Like(1)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-ups-reveals-phishing-attack-might-have-exposed-customer-information

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-ups-reveals-phishing-attack-might-have-exposed-customer-information

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 19, 2019

Experts Comments On Macy’s Customer Payment Info Stolen In Magecart Breach

Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks.
Mergecart attacks in action again. A number of organisations have been compromised in this way, including the 2019 British Airways breach. Managing and controlling what can and cannot be run on your website is critical in ensuring the security of your customers' data. Likewise having the capability to monitor behaviour and traffic to and from your estate is becoming a must. Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks.
Like(28)  (0)

Linkedin Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Peter Draper, Technical Director, EMEA, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Matias Madou, Co-founder and CTO, Secure Code Warrior

"It’s imperative that all developers are trained in how to code securely from the outset. "

Expert On How The UK Police Data Loss Could Have Been Easily Prevented

Stephen Kapp, CTO and Founder, Cortex Insight

"Pixlr should look to improve its internal processes by holding user information. "

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

George Glass, Head of Threat Intelligence, Redscan

"Gamarue is able to spread across a user’s local network and is also capable of installing additional strains of malware. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Jake Moore, Cybersecurity Specialist, ESET

"Gamarue.1 is an old virus from quite a few years ago. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Niamh Muldoon, Senior Director of Trust and Security EMEA, OneLogin

"New and young students using online learning for the first time are most vulnerable. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"All computers, no matter the make, model, or operating system should run some type of antivirus or anti-malware protection. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"Department of Education should be putting security parameters. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Sam Curry, Chief Security Officer, Cybereason

"The National Cyber Security Centre offer free advice on secure home working. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Brian Higgins, Security Specialist, Comparitech.com

"The potential for malicious software to be used against recipients is not limited to the children. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Chloé Messdaghi, VP of Strategy, Point3 Security

"The attack approach was also clever. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Saryu Nayyar, CEO, Gurucul

"Organizations still need to maintain strong perimeter and interior defenses. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Oliver Cronk, Chief IT Architect, EMEA, Tanium

"This story is part of a wider challenge facing schools at the moment. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Andy Teichholz, Senior Industry Strategist, Compliance and Legal, OpenText

"In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Lou Blatt, Senior Vice President and CMO, OpenText

"Digital is now central to almost every business interaction – generating more data for companies to manage and secure. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Greg Bell, CEO, Corelight

"This type of network infiltration is often difficult to identify. "

A Chinese Hacking Group Is Stealing Airline Passenger Details

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel