Expert(s):
Chief Information Security Officer & Vice Presidentfeature_status*/ ?>
LogRhythm Labs

Comments Dotted : 18
May 22, 2020

Home Chef Data Breach: Experts Commentary
It is evident that Home Chef lacked stringent security strategies.
Home Chef is one of the key players in the multi-billion-dollar meal kit delivery industry and is owned by one of the biggest supermarket retailers, Kroger. A company of this size must take responsibility for ensuring that sufficient security measures are in place to protect customer data and rapidly respond to cyberthreats. This is especially true now, as demand for deliver services continues to grow amid the coronavirus crisis. All companies in this sector must not falsely assume that there.....Read More
Home Chef is one of the key players in the multi-billion-dollar meal kit delivery industry and is owned by one of the biggest supermarket retailers, Kroger. A company of this size must take responsibility for ensuring that sufficient security measures are in place to protect customer data and rapidly respond to cyberthreats. This is especially true now, as demand for deliver services continues to grow amid the coronavirus crisis. All companies in this sector must not falsely assume that there are immune to attack just because they have become an essential service to help people during a challenging time. Hackers exploit any organisation that has access to vast amounts of valuable information – no matter the industry. Unfortunately, Home Chef’s reported data breach has compromised the account credentials, as well as other personal and financial data, of 8 million users records. There are still many unknowns around how the hackers gained access to the database, and at the end of the day, it is Home Chef’s duty to disclose the details of the breach, ensuring that the specific attack vector has been remediated and that controls have been put in place to prevent and respond moving forward. It is evident that Home Chef lacked stringent security strategies. Passwords were only protected by weak encryption, which hackers can easily decrypt using software. For some users, passwords are their only line of defence on the web and, unfortunately, the majority of users do not practice strong password hygiene. Bad actors will eagerly leverage this valuable information for several attack strategies, from brute force logins to spear phishing. In a recent Google survey, 52% of respondents reported reusing the same password across multiple accounts. When massive breaches like this occur, it puts millions of vulnerable consumers at risk. As such, companies must make it a priority to stay vigilant and protect their data assets. Advanced monitoring and detection controls are key in avoiding and staying ahead of critical breaches like this one  Read Less
May 11, 2020

Over 3.6M Users Impacted In Dating App Breach – Expert Commentary
When a breach of this scale occurs, it reminds us of the necessity for businesses to have a strong security posture.
Dating apps require users to disclose, detailed and often sensitive, personal information, a relative gold mine for various types of attacks and threat actors. In the case of MobiFriends, mobile numbers, dates of birth, gender, usernames, passwords, user interests and their activity for over 3.6 million users were breached and posted on the dark web. This information could be used in delivering more targeted attacks against individual users but the breach also disclosed the corporate email.....Read More
Dating apps require users to disclose, detailed and often sensitive, personal information, a relative gold mine for various types of attacks and threat actors. In the case of MobiFriends, mobile numbers, dates of birth, gender, usernames, passwords, user interests and their activity for over 3.6 million users were breached and posted on the dark web. This information could be used in delivering more targeted attacks against individual users but the breach also disclosed the corporate email addresses of the users, attributing them to many, well-known, F1000 companies. What is more concerning is the potential for sensitive information, specifically around the behaviors and activities of the users, that could be leveraged to extort individuals who may not want that information exposed. Although the initial breach vector has yet to be disclosed, it was likely a weakness in app infrastructure and/or source code. It is quite telling that the app is available in Google Play but not the App Store as Apple conducts an in depth security review of apps before being allowed on the platform. Regardless of the cause, it is crucial for companies to have full visibility into their technology infrastructure and source code so they can rapidly detect security threats and find exposed vulnerabilities before attackers do. When a breach of this scale occurs, it reminds us of the necessity for businesses to have a strong security posture.  Read Less
May 06, 2020

Experts Commentary On GoDaddy Informs Customers Of Data Breach From October
Strong SSH key management is critical in protecting internet accessible SSH.
It is astonishing that GoDaddy was unable to detect unauthorized access to SSH account credentials for about eight months. With this particular incident, there are further unknowns such as whether sensitive files were exfiltrated from the accounts, and exactly how many accounts from GoDaddy’s hosting environment were compromised. The GoDaddy data breach showcases how so many large enterprises still lack a comprehensive approach to detecting and combating threats. It is easy to assume that.....Read More
It is astonishing that GoDaddy was unable to detect unauthorized access to SSH account credentials for about eight months. With this particular incident, there are further unknowns such as whether sensitive files were exfiltrated from the accounts, and exactly how many accounts from GoDaddy’s hosting environment were compromised. The GoDaddy data breach showcases how so many large enterprises still lack a comprehensive approach to detecting and combating threats. It is easy to assume that GoDaddy, as the world’s largest domain registrar, would have proper security in place to prevent, detect, and respond to these types of threats. GoDaddy should have had stricter SSH security measures in place rather than just a simple username and password. Strong SSH key management is critical in protecting internet accessible SSH. In this case, fundamental controls for properly securing and managing SSH should have been implemented. It is important to ensure that SSH keys are associated with an individual user and are continuously rotated. Additionally, the principle of least privilege should be utilized for the account authorized to SSH and an organization should conduct thorough auditing and monitoring of all privileged sessions and key usage. If such controls were implemented, then the likelihood that GoDaddy would have suffered a breach, leveraging stolen or acquired username and passwords, would have been minimal. Of course, no incident is 100% preventable, yet, this particular breach reflects how GoDaddy overlooked simple security controls and left low hanging fruit for the attacker to exploit.  Read Less
April 30, 2020

Expert Reaction On Chegg Confirms Third Hack In 3 Years
Organizations must take a proactive approach to protecting data.
Far too often the disclosure of a significant breach is in the news. Unfortunately, Chegg has made headlines again for a data breach. Organizations must take a proactive approach to protecting data. This should include mapping organizational capabilities and security controls to measure their preparedness to detect, prevent and respond to threats. This incident is similar to Chegg’s previous incidents as an unauthorized party was able to gain access to sensitive information. This time.....Read More
Far too often the disclosure of a significant breach is in the news. Unfortunately, Chegg has made headlines again for a data breach. Organizations must take a proactive approach to protecting data. This should include mapping organizational capabilities and security controls to measure their preparedness to detect, prevent and respond to threats. This incident is similar to Chegg’s previous incidents as an unauthorized party was able to gain access to sensitive information. This time around hackers stole employee records including Social Security numbers, which can be detrimental to the victims as it can never be changed and may lead to further fraud. Companies must make cybersecurity a priority and have the proper policies in place to identify and fill security gaps. As witnessed last year, organizations are beginning to see massive GDPR non-compliance fines. As CCPA and other privacy mandates continue to go into effect, organizations must have full visibility of their IT assets and network so they can detect potential threats and monitor suspicious activity, protecting data from the next big breach.  Read Less
April 20, 2020

Clearview AI Leaves Internal Data Exposed Including 70,000 Videos Of Residential Building – Expert Insight
This unfortunate instance is another case of bad IT practice with lax security controls without monitoring and alerting.
Clearview AI’s cloud data buckets were left vulnerable, and unfortunately, these oversights caused their facial recognition apps and private data to be left open on the internet for anyone to access. Additionally, thousands of videos from a residential building were left open on the server, a violation of privacy and potential danger to those on camera. For companies like Clearview AI, that store and manage facial recognition software and data, it is crucial to implement necessary.....Read More
Clearview AI’s cloud data buckets were left vulnerable, and unfortunately, these oversights caused their facial recognition apps and private data to be left open on the internet for anyone to access. Additionally, thousands of videos from a residential building were left open on the server, a violation of privacy and potential danger to those on camera. For companies like Clearview AI, that store and manage facial recognition software and data, it is crucial to implement necessary authentication and authorisation, security monitoring, detection, intelligence and response capabilities. Real-time monitoring and clear visibility are essential to mitigating threats like this one and could have easily prevented this security lapse. This unfortunate instance is another case of bad IT practice with lax security controls without monitoring and alerting. Furthermore, the lack of two factor authentication, allowed anyone the ability to register and gain access to the database, circumventing password protection altogether. Overall, the protections Clearview had in place does not match the critical data they are responsible for protecting.  Read Less
April 08, 2020

Email.it Data Breach Exposes 600,000 Users – Expert Commentary
Email.it’s claim that no financial information was stored on the hacked server isn’t completely accurate.
This is an unfortunate incident all around. We have a provider of email services that not only has access to all of their customers’ personally identifiable information (PII), including usernames and passwords, but also of their emails and the content within those emails. As anybody who has been in the industry long enough knows, people still send sensitive information through email all the time — whether it’s a good practice or not. Email.it’s claim that no financial information was.....Read More
This is an unfortunate incident all around. We have a provider of email services that not only has access to all of their customers’ personally identifiable information (PII), including usernames and passwords, but also of their emails and the content within those emails. As anybody who has been in the industry long enough knows, people still send sensitive information through email all the time — whether it’s a good practice or not. Email.it’s claim that no financial information was stored on the hacked server isn’t completely accurate. It’s likely that some of their customers shared sensitive data in the body of an email or in attachments. This very well could have included financial details, like bank statements and social security numbers, or even copies of driver’s licenses, pictures of their families, or other personal documents and information that could be exploited. Therefore, the attackers gained unfettered access to this information, bypassing any security and encryption controls in use — assuming there were some. What makes this especially upsetting is the amount of time the attackers had access to this environment. They were able to gain a toehold into it and simply sit and collect data for over two years, waiting for the best and most opportune time to strike while Italy is in complete lockdown amidst a pandemic, with users heavily leveraging the company’s platform. Since becoming aware of the breach, the company was given ample time and opportunity to rectify it, such as through patching and remedying the exploited vector(s) the attackers were using. They could have rebuilt systems and infrastructure. They could have hired forensics and incident experts to identify the issues and remediate. Instead, they chose to notify authorities and then do nothing else. I think that in addition to the brand damage they’ll experience as the result of the breach, they should be worried about the negligence associated with their lack of action. In the end, this is another classic breach story where there were likely IT hygiene issues that exposed vulnerabilities the attackers could leverage, combined with a complete lack of monitoring, detection, and response capabilities that would have alerted the company early on to what was happening and giving them even more opportunity to do something about it.  Read Less
March 23, 2020

Norwegian Cruise Line Data Breach – Experts Insight
Norwegian (and others) can implement to minimize further damage and prevent this from happening in the future.
Norwegian Cruise Line experienced a credential dump, and while on the one hand, we unfortunately see credential dumps occurring on practically a weekly basis, it does also mean that we are well aware of many best practices that Norwegian (and others) can implement to minimize further damage and prevent this from happening in the future. The first step — which Norwegian has already recommended — is for all of its agents to change their portal passwords, as well as any other passwords.....Read More
Norwegian Cruise Line experienced a credential dump, and while on the one hand, we unfortunately see credential dumps occurring on practically a weekly basis, it does also mean that we are well aware of many best practices that Norwegian (and others) can implement to minimize further damage and prevent this from happening in the future. The first step — which Norwegian has already recommended — is for all of its agents to change their portal passwords, as well as any other passwords they’ve been using to access multiple applications. Right now, the biggest risk is what else the attackers are able to access with this credential dump, given that so many people still practice poor password hygiene and use the same one across multiple systems — whether they’re for business or personal use. So getting everyone to change their passwords is an easy way to prevent potential exposure of other sensitive data. I also recommend that Norwegian implements multifactor authentication on the agency portal. This would mean that in the future, even if an attacker managed to steal more passwords, they wouldn’t automatically be able to access the system. They would also need to figure out a way to sidestep the secondary authentication factor, making it much more difficult to breach the system. And since hackers like easy targets, this might be enough to discourage them from further pursuit. Lastly, Norwegian should also ensure they implement monitoring and detection controls for their portal, systems, and applications — especially those that are Internet-accessible. This will make it easier to automatically identify suspicious activity and remediate potential threats quickly.  Read Less
March 18, 2020

Experts Insight On Financial Companies Leak 425GB In Company, Client Data Through Open Database
In 2020, businesses are increasingly moving information to the cloud for cost efficiency.
This is another unfortunate instance of an AWS bucket left open without any security protocols, leaving extremely sensitive legal and financial documents unprotected online — accessible to anyone worldwide. In 2020, businesses are increasingly moving information to the cloud for cost efficiency, increased flexibility, and improved accessibility; however, it is important to understand the gravity of what it means to move this type of information to the cloud and be prepared to use everything.....Read More
This is another unfortunate instance of an AWS bucket left open without any security protocols, leaving extremely sensitive legal and financial documents unprotected online — accessible to anyone worldwide. In 2020, businesses are increasingly moving information to the cloud for cost efficiency, increased flexibility, and improved accessibility; however, it is important to understand the gravity of what it means to move this type of information to the cloud and be prepared to use everything at your disposal to protect it. AWS S3 and other similar types of buckets have become one of the most common vectors of large-scale data compromise in the past two or three years. This means that any companies using this type of technology should already be monitoring it with additional scrutiny. And in general, if you want to store extremely sensitive and confidential data in the cloud — something internet-accessible — you should plan to protect it like it’s Fort Knox. This information is powerful, valuable, and can be used to inflict a lot of personal damage. It isn’t a responsibility companies should take lightly. No matter where an organization stores their data, real-time monitoring and clear visibility are crucial for rapidly detecting and neutralizing security threats. Had Advantage Capital Funding and Argus Capital Funding leveraged authentication and access controls, security monitoring, detection, intelligence, and response capabilities, over 500,000 private documents would have been safeguarded.  Read Less
February 14, 2020

Multiple Experts On Puerto Rico $2.6M Phishing Scam
In addition, establishing formalized processes or systems used to manage the process of exchanging money can be helpful as well.
Unfortunately, this is one of the most common scams in the industry today. It takes advantage of unsuspecting individuals with great intentions, who are simply looking to follow through accordingly with what seems to be a legitimate request for action. To help prevent incidents like this moving forward, security awareness programs are a great help — especially programs that focus specifically on phishing awareness. Ensuring employees are comfortable with analyzing subject lines, sender.....Read More
Unfortunately, this is one of the most common scams in the industry today. It takes advantage of unsuspecting individuals with great intentions, who are simply looking to follow through accordingly with what seems to be a legitimate request for action. To help prevent incidents like this moving forward, security awareness programs are a great help — especially programs that focus specifically on phishing awareness. Ensuring employees are comfortable with analyzing subject lines, sender addresses, etc. allows them to be a more active part of the security defense. In addition, establishing formalized processes or systems used to manage the process of exchanging money can be helpful as well. These are often similar to what financial institutions do to detect and prevent fraud, with the goal to limit transactions or alert on thresholds that have been crossed. For example, if an organization uses a banking system, like those used in ACH transfers or payments, the security team can monitor these transactions to help identify potential fraud, above and beyond the protections and detections already built into that banking system.  Read Less
February 11, 2020

Experts Insight On Netanyahu’s Party Exposes Personal Data Of Over 6 Million Israelis On App
First and foremost, anyone creating these technologies should employ secure software development and application security best practices.
It is worrisome that an app developed specifically for elections did not have advanced security measures in place — especially when millions of voter records were contained within it. Unfortunately, in this Elector incident, personally identifiable information including names, addresses and phone numbers for over six million voters was left exposed. This data can now be weaponized in future attacks, and it leaves those impacted vulnerable to future fraud. On top of that, these types of.....Read More
It is worrisome that an app developed specifically for elections did not have advanced security measures in place — especially when millions of voter records were contained within it. Unfortunately, in this Elector incident, personally identifiable information including names, addresses and phone numbers for over six million voters was left exposed. This data can now be weaponized in future attacks, and it leaves those impacted vulnerable to future fraud. On top of that, these types of incidents can have real geopolitical ramifications. Exposed voter information could easily lead to fraudulent voting, allowing cyber criminals to manipulate the voting system and potentially elect individuals or pass laws that the population wasn’t going to support. And given how connected our world is — with nuanced diplomatic relations and economic unions — those fraudulently approved officials and laws could then have international ripple effects. This incident should serve as a wake-up call for other developers of election technology. Just last week, the U.S. had an issue with an app for the Iowa caucuses. While the situation in that case was less about security and more about general functionality of the app, the incident with Elector demonstrates the potential damage of hastily built election applications. And either way, these breaches and malfunctions can infringe upon the trust and confidence citizens have in their government; it could make them wonder how long these types of malfunctions and vulnerabilities have existed and if they’ve managed to compromise past elections. Cybersecurity around all elections should be a hyper-focus. Given the sensitive nature of the data needed to execute an election and the national and global impacts of the results, developers of election technology — whether it’s an app or something else — need to take the necessary precautions to protect voter data. First and foremost, anyone creating these technologies should employ secure software development and application security best practices. This will help identify and remediate any code-based vulnerabilities before the technology is made available to the public, and it will also assist with maintaining the security of the application as maintenance is performed. And then anyone collecting or storing this information should have real-time monitoring and clear visibility into their operations. This will allow them to rapidly detect and neutralize security threats.  Read Less