Expert(s):
CEO and Cofounderfeature_status*/ ?>
Edgescan

Comments Dotted : 18
February 17, 2021

Cybersecurity Expert Commentary: Hacker Claims To Have Stolen Files Belonging To Law Firm Jones Day
Attackers will always go for the weakest link and it's quite easy to identify where that is by examining corporate financial return.

In recent years legal and accountancy firms have been increasingly targeted as a pivot point to access data for larger organisations that are clients of these firms. This is because it is understood that associated legal and accountancy firms may not have the level of rigour in terms of cybersecurity that their clients may have implemented. Unfortunately, these firms may hold or be custodians to very sensitive data, but not have the controls to protect it. You can outsource the service, but you

.....Read More

In recent years legal and accountancy firms have been increasingly targeted as a pivot point to access data for larger organisations that are clients of these firms. This is because it is understood that associated legal and accountancy firms may not have the level of rigour in terms of cybersecurity that their clients may have implemented. Unfortunately, these firms may hold or be custodians to very sensitive data, but not have the controls to protect it. You can outsource the service, but you can’t outsource the risk.

Attackers will always go for the weakest link and it's quite easy to identify where that is by examining corporate financial return or corporate announcement documents.

  Read Less
February 02, 2021

UK Research And Innovation Suffers Ransomware Attack
Only by seeing where security weaknesses are can a security team fix them before they can be exploited.

The majority of ransomware attacks happen because of a combination of two factors: an unpatched, known vulnerability and an element of social engineering that enables attackers to execute a payload on an internal network.

 

The first factor is preventable with a strong patch management strategy and by improving visibility through regular vulnerability scans. Only by seeing where security weaknesses are can a security team fix them before they can be exploited. The second factor is much

.....Read More

The majority of ransomware attacks happen because of a combination of two factors: an unpatched, known vulnerability and an element of social engineering that enables attackers to execute a payload on an internal network.

 

The first factor is preventable with a strong patch management strategy and by improving visibility through regular vulnerability scans. Only by seeing where security weaknesses are can a security team fix them before they can be exploited. The second factor is much trickier: socially engineered phishing emails and other techniques that target employees are often so sophisticated that even trained professionals could make the mistake of clicking on a malicious link or opening an infected attachment. Organisations' best bet to reduce this risk remains security awareness courses, which should happen regularly and should be designed to prepare users for the real thing.

 

Ransomware gangs have also upgraded their modus operandi and have taken the habit of not only encrypting people's data (kidnapping of data via encryption) but also stealing such data, which is certainly more worrisome.

  Read Less
January 28, 2021

VIP Games Data Breach Exposes Millions Of Users’ Data
Unsecured servers are not uncommon and this comes down to a lack of visibility and asset monitoring.

Unsecured servers are not uncommon and this comes down to a lack of visibility and asset monitoring. One foundation of security is visibility, so it is essential to know what your estate looks like and what needs to be secured. With the cloud deployment model, systems can be spun-up and deployed in minutes, but they can also be easily forgotten about, leaving an organisation open to exposure. Organisations should implement continuous asset profiling & alerting, which is in real-time and

.....Read More

Unsecured servers are not uncommon and this comes down to a lack of visibility and asset monitoring. One foundation of security is visibility, so it is essential to know what your estate looks like and what needs to be secured. With the cloud deployment model, systems can be spun-up and deployed in minutes, but they can also be easily forgotten about, leaving an organisation open to exposure. Organisations should implement continuous asset profiling & alerting, which is in real-time and non-stop, in order to detect rogue deployments and keep track of their assets.

 

Luckily for VIP Games, the passwords were encrypted according to best practice. Bcrypt (with multiple rounds) is generally a good solution and would be pretty difficult to crack. However, from a GDPR standpoint, they may not be as lucky. If the data exposed contains Personal Identifiable Information (PII), such as emails or social profiles, these could be used for phishing attacks, ransomware, malware, and possibly blackmail depending on what is exposed.

  Read Less
January 19, 2021

Multiple Backdoors And Vulnerabilities Discovered In FiberHome Routers
The root cause appears to be nearly the same, default credentials on an unspecified port.

This is just another example of extremely poor IoT security, similar to how some of the Android BusyBox deployments got hacked in 2016, which later led to a rapid increase in the scale and bandwidth utilised during DDoS attacks.


Previously, this was referred to as a misconfigured admin panel, while now it’s described as a backdoor. The root cause appears to be nearly the same, default credentials on an unspecified port. Should these devices have this capability, who has access, and why do

.....Read More

This is just another example of extremely poor IoT security, similar to how some of the Android BusyBox deployments got hacked in 2016, which later led to a rapid increase in the scale and bandwidth utilised during DDoS attacks.


Previously, this was referred to as a misconfigured admin panel, while now it’s described as a backdoor. The root cause appears to be nearly the same, default credentials on an unspecified port. Should these devices have this capability, who has access, and why do they require access, are questions that need to be asked. This is especially important with the increase in remote working, as organisations may provide a secure laptop for remote work, but a poorly secured router would undermine such controls.


I would be concerned that these implementations would breach some of the laws that have recently been suggested in some jurisdictions, notably the UK’s recent laws which directly target poor implementations of devices such as the below example, with Digital Minister Matt Warman stating “It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.” It should be mandated by legislation, or the provision of a quality “Kitemark”, to signify that a device has satisfied the minimum security requirements in order to be rolled out for IoT.

  Read Less
January 15, 2021

Ring Is Testing End-To-End Encrypted Videos For Their Smart Doorbells
End-to-end encryption should be standard, not something people have to opt in to, in my opinion.

End-to-end encryption should be standard, not something people have to opt in to, in my opinion. Consumers who purchase IoT devices such as Ring may not be savvy enough to consider the implications of no end-to-end encryption. Vendors should provide strong security controls when it comes to the protection of consumers privacy, and these should be enabled by default. Not enabling end-to-end encryption in relation to physical security devices such as Ring may lead to unauthorised monitoring of

.....Read More

End-to-end encryption should be standard, not something people have to opt in to, in my opinion. Consumers who purchase IoT devices such as Ring may not be savvy enough to consider the implications of no end-to-end encryption. Vendors should provide strong security controls when it comes to the protection of consumers privacy, and these should be enabled by default. Not enabling end-to-end encryption in relation to physical security devices such as Ring may lead to unauthorised monitoring of consumers’ home and turn into a physical security risk.

  Read Less
June 22, 2020

Experts Reaction On Australia Targeted By ‘Sophisticated’ Cyber Attack – By ‘State-based’ Actor
Nation state actors will hunt for anything which will give them a foothold across the full stack of a network.
Nation state attacks are not uncommon and occur on a continuous basis so it’s interesting that this was highlighted by the Australian government. There is a general belief that government networks and systems, of which there are thousands, with network the scale of a huge enterprise, are underfunded and less secure than private corporation systems. Nation state actors will hunt for anything which will give them a foothold across the full stack of a network. The challenge for governments .....Read More
Nation state attacks are not uncommon and occur on a continuous basis so it’s interesting that this was highlighted by the Australian government. There is a general belief that government networks and systems, of which there are thousands, with network the scale of a huge enterprise, are underfunded and less secure than private corporation systems. Nation state actors will hunt for anything which will give them a foothold across the full stack of a network. The challenge for governments is trying to stay on top of the constant flow of new vulnerabilities that are discovered on a daily basis. When securing systems at such a large scale, continuous visibility is of paramount importance in order to detect and mitigate weakness in a timely manner. Continuous testing and vulnerability detection is also key. The days of annual, once-off pentesting just don’t scale to defend against industrial level hacking by nation states or large cybercrime groups.  Read Less
May 19, 2020

Industry Experts On Verizon DBiR 2020
Contributing to the Verizon DBiR helps us as an industry move the dial in a positive direction.
Contributing to the Verizon DBiR helps us as an industry move the dial in a positive direction. We can't improve what we can't see. The idea of "the great and good" in the industry contributing together provides a realistic snapshot of what matters In cybersecurity today. I'm very proud of and grateful to the folks in VDBiR for all their hard work.
May 14, 2020

Experts Reaction On DHS CISA and FBI share list of top 10 most exploited vulnerabilities
It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues.
The DHS report appears to align what we are seeing in the wild, detailed in the Edgescan Vulnerability stats report. CVEs are an attack vector which should be mitigated with good patching and/or maintenance procedures. It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues. Web application vulnerabilities should also be mentioned, as they open organisations up to code injection attacks and client-side browser attack......Read More
The DHS report appears to align what we are seeing in the wild, detailed in the Edgescan Vulnerability stats report. CVEs are an attack vector which should be mitigated with good patching and/or maintenance procedures. It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues. Web application vulnerabilities should also be mentioned, as they open organisations up to code injection attacks and client-side browser attack. Ultimately, attackers don’t care where the vulnerability is, which is why a full-stack vulnerability management approach is advised in such a fast-changing threat landscape.  Read Less
February 11, 2020

Dell SupportAssist Bug Exposes Business, Home PCs To Attacks
Obviously patching of systems on a continuous basis is also key to any robust cyber security posture.
Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software. SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions of PCs globally. In a corporate environment, I'd suggest removing SupportAssist from all machines. .....Read More
Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software. SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions of PCs globally. In a corporate environment, I'd suggest removing SupportAssist from all machines. It does not provide much value to corporate users. The idea of having agents enabled on a computer, running with administration access which can send data outside the corporate network, is a risk that should be removed. Obviously patching of systems on a continuous basis is also key to any robust cyber security posture. If you have never used SupportAssist, I would advise users to remove it. The same rule stands for any software on your computer. With more "moving parts" there are, the more complex it become to secure the attack surface and the larger becomes the risk.  Read Less
January 23, 2020

Jeff Bezos’ Phone Hacked By Saudi Crown Prince – Expert Comments
oram Golandsky is the VP of technologies and Infosec at the NSO group.
NSO develop spyware and malicious payloads for sale to the highest bidder. They sell to many nation states which have questionable human rights records and oppressive regimes. They are known for their Pegasus spyware, designed to deliver remote surveillance via infection of personal devices. Such software is used by nation states to undermine and monitor activists, journalists, free speech advocates and corporate espionage. The Israeli department of defence licensed the sale of Pegasus to.....Read More
NSO develop spyware and malicious payloads for sale to the highest bidder. They sell to many nation states which have questionable human rights records and oppressive regimes. They are known for their Pegasus spyware, designed to deliver remote surveillance via infection of personal devices. Such software is used by nation states to undermine and monitor activists, journalists, free speech advocates and corporate espionage. The Israeli department of defence licensed the sale of Pegasus to nation state but not private entities. Yoram Golandsky is the VP of technologies and Infosec at the NSO group, and spoke at OWASP AppSec Tel Aviv 2019, despite many objections. NSO are considered unethical by many in the cyber security community, given that they develop offensive technology which undermines many organisations’ cyber defences.  Read Less