

Laurence Pitt
Global Security Strategy Directorfeature_status*/ ?>
Juniper Networks
Comments Dotted :
12
September 16, 2020
Any breach in which personal data is stolen needs to be treated as highly serious and punishable.
Many people will see this as a relief that ‘only names, email addresses, and phone numbers’ were shared – their credit cards are safe and their transactions remain a secret. However, this is not the case. These pieces of PII still have value on the black market and can be used in order to gain access to other, and perhaps more sensitive, information. The combination of ‘email address and telephone number’, for example, would be a great start for anyone attempting takeover attacks on.....Read More

July 23, 2020
The money saved from people who decide not to return to the office must be invested in ensuring they are safely working from home.
The increase in mobile vulnerabilities highlights what will be an ongoing challenge to security teams. We have been successful in moving users from the office to remote working, but users at home need to be treated differently from when they are working in an office. Home IoT devices, family members using computers and even home broadband/Wi-Fi connections all are outside corporate visibility and introduce a new attack vector that needs to be managed. For many users, a simple VPN is no longer.....Read More

July 14, 2020
Laurence Pitt, Global Security Strategy Director at Juniper Networks
“While there is nothing to say that the stolen data came from a single breach, what this emphasizes is the need for people to regularly update passwords and use 2FA wherever possible. With tools like Microsoft Authenticator and 1-Password making this so easy, there’s really no excuse for old and recycled passwords today.
The unfortunate reality is that hackers will steal whatever data they can lay their hands on and sell to the highest bidder. As the end user, this means we must take.....Read More

July 01, 2020
Pre-GDPR, many of these could have remained private.
The number of breaches reported is only impressive because of growth. What’s more interesting is the type of breaches reported. Pre-GDPR, many of these could have remained private. According to this report, the top sources for a breach are hacking and scams, sending emails to the wrong people (likely CC instead of BCC), loss of unsecured devices and inadequate security on internet available data.
In three out of four key breach sources, the cause was improper security basics – lack of.....Read More

June 30, 2020
It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys.
Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the.....Read More

June 01, 2020
Security awareness is important for home workers.
This COVID-19 situation will drive changes in remote working policies not just to be better prepared for the future, but also because it’s likely that many users will find that working from home is something they want to do more regularly, once it becomes optional again. Many organizations already have flexible and detailed policies in-place, but it would still be highly recommended to dust them off and make sure everything is up to date. For those that are being challenged today, this will.....Read More

April 26, 2020
For an attacker, the theft of email addresses from WHO is valuable.
Organizations such as WHO will be targets because they are very visible to the current crisis and will be taking in large numbers of new, global contact details as they bring everyone together to work toward a solution. For an attacker, the theft of email addresses from WHO is valuable because they would expect for the list to contain up-to-date and relevant details that can be leveraged in the generation of scams and phishing campaigns. But migration of affected systems after an attack is a.....Read More

March 25, 2020
Most internet providers today provide routers that have a decent strength default security setup.
This attack highlights the need for people to make sure they change the default username/password for their home router, as a number of the affected users admitted having a weak or default combination. Most internet providers today provide routers that have a decent strength default security setup. It appears that this attack has targeted a certain brand of router that would also indicate that users have left the default admin/password combination to access the device.

December 21, 2019
The Masad Stealer attack, reported by Juniper Threat Labs in late 2019.
Any threat that costs money, and especially where it affects public money (government and healthcare) will remain newsworthy. We’ll see more attacks using common vectors, such as phishing, download via malvertisiting, etc., but also attacks that use old methods with new vectors. The Masad Stealer attack, reported by Juniper Threat Labs in late 2019, is a good example of this, where data (and money) was stolen via malware injected into a used and respected piece of software.

October 09, 2019
It should only have been possible to access this sensitive data remotely using a corporate device.
Whatever the cause of the attack, however, organizations need to be more careful of protecting data in all states – whether at rest or on the move. It should only have been possible to access this sensitive data remotely using a corporate device, and through a VPN client, to ensure that authentication and the records accessed could be logged. In addition the use of a CASB (Cloud Access Security Broker) could have ensured not only a secure connection, but also detected any anomalous data.....Read More
