Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Top Posts
Data Loss Prevention: Artificial Intelligence vs. Human Insight
Expert On How The UK Police Data Loss...
Cyber Criminals Left Stolen Phishing Credentials Exposed To...
Cyber Expert On Malware Found On Laptops Provided...
OpenText Research Offers A Snapshot Of UK Attitudes...
How Much Are You Worth On The Dark...
Experts Reaction On World Economic Forum 2021 Report...
Major Security Flaws Found In Signal And other...
Comment On IoT Risks Of Peloton Bike
Top‌ ‌3‌ ‌Priorities‌ ‌For‌ ‌CISOs’‌ ‌2021‌ ‌Security‌ ‌Programs
Information Security Buzz

Connecting Security Experts

  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Expert(s): November 30, 2020
Tim Erlin
VP of Product Management and Strategy feature_status*/ ?>
Tripwire

Comments Dotted : 33
December 04, 2020

Brazilian Aerospace And Defence Group Embraer’s Systems Affected By Cyberattack

It’s important to keep in mind that other types of attacks are still out there, if not as readily recognizable.
Every organization should be prepared to respond to ransomware, including the potential operational disruptions that come with that response. While we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat. Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits, and misconfigurations. Identifying and addressing the weak points.....Read More
Every organization should be prepared to respond to ransomware, including the potential operational disruptions that come with that response. While we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat. Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits, and misconfigurations. Identifying and addressing the weak points in your security posture can help prevent ransomware, as well as other attacks, from being successful. We see an imbalance of headlines for ransomware attacks because they are the easiest to identify. Ransomware simply can’t be successful in getting the ransom paid without announcing itself. It’s important to keep in mind that other types of attacks are still out there, if not as readily recognizable.  Read Less
Like(2)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It’s important to keep in mind that other types of attacks are still out there, if not as readily recognizable...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/brazilian-aerospace-and-defence-group-embraers-systems-affected-by-cyberattack

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It’s important to keep in mind that other types of attacks are still out there, if not as readily recognizable...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/brazilian-aerospace-and-defence-group-embraers-systems-affected-by-cyberattack

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
September 26, 2020

Security Experts On Instagram bug lets hackers ‘snoop on you through your phone’ by sending a single image file

The more these apps are integrated into business and daily life, the more critical they become.
We might think of social media apps as frivolous, but the more these apps are integrated into business and daily life, the more critical they become. Social media, including Instagram, are conduits for news and information. They’re also conduits to personal information stored on mobile devices. Targeted takeover of high profile accounts is one possibility, but in this age of disinformation campaigns, there’s clear value in taking over the average consumer’s account for the purposes of.....Read More
We might think of social media apps as frivolous, but the more these apps are integrated into business and daily life, the more critical they become. Social media, including Instagram, are conduits for news and information. They’re also conduits to personal information stored on mobile devices. Targeted takeover of high profile accounts is one possibility, but in this age of disinformation campaigns, there’s clear value in taking over the average consumer’s account for the purposes of spreading propaganda.  Read Less
Like(0)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The more these apps are integrated into business and daily life, the more critical they become...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-experts-on-instagram-bug-lets-hackers-snoop-on-you-through-your-phone-by-sending-a-single-image-file

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The more these apps are integrated into business and daily life, the more critical they become...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-experts-on-instagram-bug-lets-hackers-snoop-on-you-through-your-phone-by-sending-a-single-image-file

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
September 18, 2020

Expert Reacted On Patient Dies After Hackers Attack Hospital In Germany

Delays in treatment, regardless of the cause, can be life-threatening.
When cyberattacks impact critical systems, there can be real-world consequences. We’re not used to thinking of cyberattacks in terms of life and death, but that was the case here. Delays in treatment, regardless of the cause, can be life-threatening. Ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the.....Read More
When cyberattacks impact critical systems, there can be real-world consequences. We’re not used to thinking of cyberattacks in terms of life and death, but that was the case here. Delays in treatment, regardless of the cause, can be life-threatening. Ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place. And the best way to prevent ransomware infections is to address the infection vectors by patching vulnerabilities, ensuring systems are configured securely, and preventing phishing.  Read Less
Like(0)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Delays in treatment, regardless of the cause, can be life-threatening...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-reacted-on-patient-dies-after-hackers-attack-hospital-in-germany

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Delays in treatment, regardless of the cause, can be life-threatening...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-reacted-on-patient-dies-after-hackers-attack-hospital-in-germany

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
September 16, 2020

Expert On News That Welsh Coronavirus Patient Details Leaked Online

Breach response, especially for public entities, has to include appropriate transparency and analysis.
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very.....Read More
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very effective.  Read Less
Like(0)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Breach response, especially for public entities, has to include appropriate transparency and analysis...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-on-news-that-welsh-coronavirus-patient-details-leaked-online

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Breach response, especially for public entities, has to include appropriate transparency and analysis...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-on-news-that-welsh-coronavirus-patient-details-leaked-online

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
May 19, 2020

Industry Experts On Verizon DBiR 2020

The industry analysis provided by the DBIR is invaluable.
We often think of ransomware as a breach, but the DBIR categorizes most ransomware activity as an incident because while you may have lost access to the data, the attacker hasn’t actually stolen it. While that may give you some comfort, it doesn’t mean that a ransomware incident is materially less impactful to the security folks who have to deal with it. The fact that “misconfiguration” is in the top five action varieties for breaches is an important acknowledgment that not all.....Read More
We often think of ransomware as a breach, but the DBIR categorizes most ransomware activity as an incident because while you may have lost access to the data, the attacker hasn’t actually stolen it. While that may give you some comfort, it doesn’t mean that a ransomware incident is materially less impactful to the security folks who have to deal with it. The fact that “misconfiguration” is in the top five action varieties for breaches is an important acknowledgment that not all incidents are the result of an exploited vulnerability. Misconfigurations actually lead to more breaches than exploited systems, but organizations often don’t put the same effort into assessing them as they do scanning for vulnerabilities. At a high level, the key things for every organisation to worry about are brute force and stolen credentials, and web applications. It’s tempting to downplay vulnerability management based on this data, but the details show that, by and large, the organizations that are doing it reasonably well are safer, and the organizations that aren’t are very, very vulnerable. One key lesson, though, is that an organization can do both. The old adage “you can’t protect what you don’t know about” is true for vulnerability management. Asset management is a prerequisite for vulnerability management. If you want to protect yourself from the most common breaches, protect your web servers, your workstations and your mail infrastructure. Cloud assets are still a minority of targets, at 24% compared to on-premise’s 70%. Why change tactics if they’re working? The cloud has a learning curve for criminals as well as enterprises. One important lesson to take from the DBIR is that a compromise is often made up of multiple attacks, and so, as a defender, you have multiple opportunities to stop the attacker. The concept of ‘defense in depth’ is applicable here. The data provided about how the multiple steps in a compromise occur is vital. Malware is rarely the first step, and so if you catch malware in your environment, you have to look for what came before that. Hacking is much harder to deal with because it plays a role in the beginning, middle and end stages of a breach. The industry analysis provided by the DBIR is invaluable. Being able to see which assets, actions, and patterns are most relevant for your industry allows you to take much more decisive action as a defender. For example, Manufacturing should be more concerned about crimeware, introduced through malware and social engineering, than any other industry. If you’re in healthcare, errors figure much more prominently in your threat model than other industries. The inclusion of the CIS controls, after a hiatus, is a good addition for defenders. CIS is well-respected in the industry, and the controls provide enough information to be actionable but avoid being overwhelming at the same time.  Read Less
Like(3)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The industry analysis provided by the DBIR is invaluable...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/industry-experts-on-verizon-dbir-2020

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The industry analysis provided by the DBIR is invaluable...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/industry-experts-on-verizon-dbir-2020

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
May 13, 2020

Hacked Law Firm Informs Celeb Clients Including Lady Gaga And Madonna Of Data Breach – Experts Insight

Ransomware makes headlines, in part, because it’s always detected.
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place. Ransomware makes headlines, in part, because it’s always detected......Read More
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place. Ransomware makes headlines, in part, because it’s always detected. It has to be, in order to get the ransom paid. Keep in mind that if self-announcing ransomware can get in, so can much more stealthy attackers.  Read Less
Like(4)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Ransomware makes headlines, in part, because it’s always detected...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hacked-law-firm-informs-celeb-clients-including-lady-gaga-and-madonna-of-data-breach-experts-insight

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Ransomware makes headlines, in part, because it’s always detected...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hacked-law-firm-informs-celeb-clients-including-lady-gaga-and-madonna-of-data-breach-experts-insight

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
May 08, 2020

Cybersecurity Must Not Be Forgotten With State-sponsored Attacks Rising Amid COVID-19 Pandemic, Experts Warn

It’s vitally important that these organizations have a good handle on their vulnerabilities.
Pandemic or not, cyberattacks continue. It’s vitally important that these organizations have a good handle on their vulnerabilities. It may not be possible to fix every single vulnerability, but you have to know you have them before you can effectively prioritize remediation activities. Nation-state attacks can be harder to understand because the motivation isn’t always financial in nature.
Like(13)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It’s vitally important that these organizations have a good handle on their vulnerabilities...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-must-not-be-forgotten-with-state-sponsored-attacks-rising-amid-covid-19-pandemic-experts-warn

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It’s vitally important that these organizations have a good handle on their vulnerabilities...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-must-not-be-forgotten-with-state-sponsored-attacks-rising-amid-covid-19-pandemic-experts-warn

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
April 22, 2020

Expert Insight On News: SBA Website Leaks Personal Data Of 8,000 Small-Business Loan Applicants

It’s difficult for an affected party to really understand what the impact will be.
Initial disclosures of these kinds of breaches are often filled with qualifiers like “may” and “might have included.” It’s difficult for an affected party to really understand what the impact will be. Government developed and deployed systems are subject to the same risks, and perhaps more, than commercial enterprises. While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens. There is likely plenty of blame to go around.....Read More
Initial disclosures of these kinds of breaches are often filled with qualifiers like “may” and “might have included.” It’s difficult for an affected party to really understand what the impact will be. Government developed and deployed systems are subject to the same risks, and perhaps more, than commercial enterprises. While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens. There is likely plenty of blame to go around for an incident like this, but the focus should be on how trust can be restored and affected victims can be protected.  Read Less
Like(2)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It’s difficult for an affected party to really understand what the impact will be. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-news-sba-website-leaks-personal-data-of-8000-small-business-loan-applicants

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It’s difficult for an affected party to really understand what the impact will be. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-news-sba-website-leaks-personal-data-of-8000-small-business-loan-applicants

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
April 16, 2020

TikTok Flaw Allows Threat Actors To Plant Forged Videos In User Feeds

This type of attack represents a different kind of privilege escalation.
This type of attack represents a different kind of privilege escalation. Masquerading as an authoritative identity in order to feed false information into someone’s feed could be used for all kinds of malicious intents. We often ask that users be diligent about evaluating the sources of information they receive from social media, but diligence isn’t helpful when an attacker can simply impersonate an authoritative source.
Like(1)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This type of attack represents a different kind of privilege escalation...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/tiktok-flaw-allows-threat-actors-to-plant-forged-videos-in-user-feeds

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This type of attack represents a different kind of privilege escalation...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/tiktok-flaw-allows-threat-actors-to-plant-forged-videos-in-user-feeds

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
April 02, 2020

‘Secure’ Backup Company Leaks 135 Million Records Online After Misconfiguration – Experts Insight

A misconfiguration can be like doing the attacker’s work for them.
A misconfiguration can be like doing the attacker’s work for them. No one has to break in, if the front door is left open. Organizations are often very aware of security vulnerabilities, but continuously scanning for misconfigurations is just as important. Environments change, and change can result in data being mistakenly exposed. If you’re scanning for vulnerabilities, but not addressing the changes in your environment, you’re only doing half the job.
Like(5)  (0)

Linkedin Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A misconfiguration can be like doing the attacker’s work for them...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/secure-backup-company-leaks-135-million-records-online-after-misconfiguration-experts-insight

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tim Erlin, VP of Product Management and Strategy , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A misconfiguration can be like doing the attacker’s work for them...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/secure-backup-company-leaks-135-million-records-online-after-misconfiguration-experts-insight

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Matias Madou, Co-founder and CTO, Secure Code Warrior

"It’s imperative that all developers are trained in how to code securely from the outset. "

Expert On How The UK Police Data Loss Could Have Been Easily Prevented

Stephen Kapp, CTO and Founder, Cortex Insight

"Pixlr should look to improve its internal processes by holding user information. "

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

George Glass, Head of Threat Intelligence, Redscan

"Gamarue is able to spread across a user’s local network and is also capable of installing additional strains of malware. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Jake Moore, Cybersecurity Specialist, ESET

"Gamarue.1 is an old virus from quite a few years ago. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Niamh Muldoon, Senior Director of Trust and Security EMEA, OneLogin

"New and young students using online learning for the first time are most vulnerable. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"All computers, no matter the make, model, or operating system should run some type of antivirus or anti-malware protection. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"Department of Education should be putting security parameters. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Sam Curry, Chief Security Officer, Cybereason

"The National Cyber Security Centre offer free advice on secure home working. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Brian Higgins, Security Specialist, Comparitech.com

"The potential for malicious software to be used against recipients is not limited to the children. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Chloé Messdaghi, VP of Strategy, Point3 Security

"The attack approach was also clever. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Saryu Nayyar, CEO, Gurucul

"Organizations still need to maintain strong perimeter and interior defenses. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Oliver Cronk, Chief IT Architect, EMEA, Tanium

"This story is part of a wider challenge facing schools at the moment. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Andy Teichholz, Senior Industry Strategist, Compliance and Legal, OpenText

"In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Lou Blatt, Senior Vice President and CMO, OpenText

"Digital is now central to almost every business interaction – generating more data for companies to manage and secure. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Greg Bell, CEO, Corelight

"This type of network infiltration is often difficult to identify. "

A Chinese Hacking Group Is Stealing Airline Passenger Details

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel