Expert(s):
Chief Data Scientistfeature_status*/ ?>
Rapid7

Comments Dotted : 4
May 07, 2020

Fresenius Hit By Ransomware – Expert Insight
Organisations should apply the same logic they would to any incoming request for link clicking, document downloading, or charitable giving.
With Covid-19 pressing down upon us, we are again reminded of how critically important it is to secure our devices and networks so we can avoid impacting our currently over-strained hospital care environments further. These types of ransomware campaigns prey upon the fear, generosity and curiosity of the chosen victims to gain access to something of value, be it banking credentials or your device or laptop to launch further campaigns or to gain access to your network. Organisations should.....Read More
With Covid-19 pressing down upon us, we are again reminded of how critically important it is to secure our devices and networks so we can avoid impacting our currently over-strained hospital care environments further. These types of ransomware campaigns prey upon the fear, generosity and curiosity of the chosen victims to gain access to something of value, be it banking credentials or your device or laptop to launch further campaigns or to gain access to your network. Organisations should apply the same logic they would to any incoming request for link clicking, document downloading, or charitable giving. Do not trust at all initially, consider deleting outright, and use every means as your disposal to validate the legitimacy of any mail. Do not accept any pandemic-related communication at face value until you perform this validation. IT and security teams should reach out to their trusted information-sharing communities to gain access to trusted lists of malicious pandemic-related domains and ensure the defence technologies are configured to use them. To help resolve these issues, healthcare organisations should look to mitigate risk via network. To accomplish this, hospitals and medical care environments should consider segmenting their network into three general categories: medical business operations networks (run the hospital network), medical care network (general medical care appliances), life-critical care (ICU, appliances used to sustain life or administer drugs). By following these network segmentation principles, the risk to patients’ health and safety would be greatly reduced allowing more time for properly validate, update and patch devices.  Read Less
April 01, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach
Current disruptions in traditional work patterns also increase the likelihood of more frequent and clever attacks occurring every day.
If there is an insight to be gleaned from the recent, second breach at Marriott International that is to remain vigilant for new attacks even if you've just experienced one. Successful phishing campaigns can happen to anyone and any organisation, and the use of stolen, legitimate credentials is still one of the most popular attack vectors for our adversaries. Current disruptions in traditional work patterns also increase the likelihood of more frequent and clever attacks occurring every day......Read More
If there is an insight to be gleaned from the recent, second breach at Marriott International that is to remain vigilant for new attacks even if you've just experienced one. Successful phishing campaigns can happen to anyone and any organisation, and the use of stolen, legitimate credentials is still one of the most popular attack vectors for our adversaries. Current disruptions in traditional work patterns also increase the likelihood of more frequent and clever attacks occurring every day. Even though your staff may be more dispersed than usual, this is no time to hold back on regular awareness training. It is also paramount that you continue to watch for anomalous behaviour of systems and accounts to reduce the time attackers have to accomplish their goals if they do manage to breach your defences.  Read Less
February 03, 2020

Social Captain Instagram Account Exposed And Experts Reactions
Social Captain should have worked with Instagram to have whatever functionality they needed baked into the API-proper vs.
Individuals should think twice before letting a third-party site, service, or application use actual credentials for things like Twitter, Instagram, Facebook (et al) since such a requirement inherently means those credentials will be stored in a way to be reused (i.e. the passwords will not be hashed). Furthermore, the OAuth standards were developed to enable support for third-party workflows without the need to give unrestricted access via the use of user-credentials. If a site's API does not.....Read More
Individuals should think twice before letting a third-party site, service, or application use actual credentials for things like Twitter, Instagram, Facebook (et al) since such a requirement inherently means those credentials will be stored in a way to be reused (i.e. the passwords will not be hashed). Furthermore, the OAuth standards were developed to enable support for third-party workflows without the need to give unrestricted access via the use of user-credentials. If a site's API does not provide sufficient functionality these third-party services should work with the primary application — i.e. Social Captain should have worked with Instagram to have whatever functionality they needed baked into the API-proper vs. bypass these safety measures by requiring user-credentials. Hopefully this will be a learning opportunity for other third-party services who still rely on user-credentials for access and instrumentation to services like Twitter, Instagram, or Facebook.  Read Less
January 31, 2020

Experts On Data Breach At Indian Airline SpiceJet Affects 1.2 Million Passengers
Social Captain should have worked with Instagram to have whatever functionality they needed baked into the API-proper vs.
Individuals should think twice before letting a third-party site, service, or application use actual credentials for things like Twitter, Instagram, Facebook (et al) since such a requirement inherently means those credentials will be stored in a way to be reused (i.e. the passwords will not be hashed). Furthermore, the OAuth standards were developed to enable support for third-party workflows without the need to give unrestricted access via the use of user-credentials. If a site's API does not.....Read More
Individuals should think twice before letting a third-party site, service, or application use actual credentials for things like Twitter, Instagram, Facebook (et al) since such a requirement inherently means those credentials will be stored in a way to be reused (i.e. the passwords will not be hashed). Furthermore, the OAuth standards were developed to enable support for third-party workflows without the need to give unrestricted access via the use of user-credentials. If a site's API does not provide sufficient functionality these third-party services should work with the primary application — i.e. Social Captain should have worked with Instagram to have whatever functionality they needed baked into the API-proper vs. bypass these safety measures by requiring user-credentials. Hopefully this will be a learning opportunity for other third-party services who still rely on user-credentials for access and instrumentation to services like Twitter, Instagram, or Facebook.  Read Less