
Peter Draper
Technical Director, EMEAfeature_status*/ ?>
Gurucul
Comments Dotted :
15
March 06, 2020
Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.
This data breach is wholly down to human error which is one of the biggest threats facing organisations today. The incorrectly configured data is an example of a sole employee not following the correct procedures and exposed hundreds of thousands of personal details of customers.
The risk associated with incorrectly configured databases have been highlighted many times. The content of the database appears to have a wealth of information which bad actors could use for fraud and identity theft. .....Read More

February 21, 2020
There is much “talk” about Zero Trust strategy.
Unfortunately, users’ data being exposed and made available to a wide range of bad actors is so commonplace in today’s connected world.
Organisations who hold any personal data of their customers must really improve their protection of such data.
There are technologies available today which can be used in a multifaceted security strategy. There is much “talk” about Zero Trust strategy. Organisations need to be taking action to move towards this as a priority. Security Analytics and.....Read More

February 07, 2020
The device can be used as part of a wider net of IoT.
This is one of the major issues with so called “smart devices”. The controls in place on the quality of development and security testing on these products has a long way to go.
There are two main issues here.
1) The device can be used to snoop on other devices in the network or to install additional software on those devices
2) The device can be used as part of a wider net of IoT (smart) devices for other nefarious purposes (Such as DDoS attacks).
If users are going to install smart .....Read More

February 07, 2020
The device can be used as part of a wider net of IoT (smart) devices.
This is one of the major issues with so called “smart devices”. The controls in place on the quality of development and security testing on these products has a long way to go.
There are two main issues here.
1) The device can be used to snoop on other devices in the network or to install additional software on those devices
2) The device can be used as part of a wider net of IoT (smart) devices for other nefarious purposes (Such as DDoS attacks).
If users are going to install smart .....Read More
February 06, 2020
The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals.
This breach is another example of how in today’s digital world an increasing volume of personally identifying information is being harvested whenever we interact with organisations online. If this data isn’t strongly secured, and it often isn’t, the information can easily end up in the hands of cyber criminals or on the dark web. The type of data exposed – names, dates of births, social security numbers – is a treasure trove for cyber criminals to launch phishing attacks or other.....Read More

January 31, 2020
In addition, it would be interesting to know if SpiceJet were even aware of the access attempts.
This is another example of lack of basic security controls. Anything that contains customer data should not be "protected" (or not as the case may be) behind a simple, easily guessable password. This does not follow the Spicejet Spokespersons response stating "we [Spicejet] undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level.
Some possible measures would be complex, frequently changed password (minimum) .....Read More

January 31, 2020
This CSRF "flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site.
A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.
According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.he vulnerability tracked as CVE-2020-8417 and rated as high severity was patched with the release of version 2.14.0 on January .....Read More

January 28, 2020
Utilise good endpoint protection
Companies can protect themselves better following some basic, standard tactics
1) Ensure good and regular backups are available to be able to recover quickly.
2) Utilise good endpoint protection
3) User awareness of phishing attacks and how to identify them
4) Ensure as much visibility of their infrastructure and users behaviour as possible to allow issues to be identified.

January 23, 2020
Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections.
Here we have another example of the most common issue facing companies today - phishing attacks that allow bad actors to breach corporate systems. It is clear that phishing is never going to be eradicated so companies need to do all they can to protect against it. The challenge is there are many ways that bad actors breach systems using phishing. Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. In addition, companies.....Read More

November 19, 2019
Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks.
Mergecart attacks in action again. A number of organisations have been compromised in this way, including the 2019 British Airways breach. Managing and controlling what can and cannot be run on your website is critical in ensuring the security of your customers' data. Likewise having the capability to monitor behaviour and traffic to and from your estate is becoming a must. Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks.
