Expert(s):
Director of Software Engineeringfeature_status*/ ?>
Synopsys

Comments Dotted : 3
January 27, 2021

Expert Commentary: Phishing Attack Impersonates UK NHS To Obtain Sensitive Consumer Data
Covid-related vaccine scams have been making the rounds in countries around the globe.

Covid-related vaccine scams have been making the rounds in countries around the globe. And I suspect there will be more to come in the near future. When rolling out new initiatives where there is the potential for misinformation or confusion to spread, bad actors will certainly take advantage. Be vigilant. Do your own research about what the vaccine involves, legitimate sources to get the vaccine, what the process is, etc. That’s specifically why the abundance of crowdsourced informational

.....Read More

Covid-related vaccine scams have been making the rounds in countries around the globe. And I suspect there will be more to come in the near future. When rolling out new initiatives where there is the potential for misinformation or confusion to spread, bad actors will certainly take advantage. Be vigilant. Do your own research about what the vaccine involves, legitimate sources to get the vaccine, what the process is, etc. That’s specifically why the abundance of crowdsourced informational sites exist – we have found most of the official sites to be lacking in usability or clarity. But if something feels off, it probably is.

  Read Less
July 16, 2020

Experts Insight On Major US Twitter Accounts Hacked in Bitcoin Scam
We haven't seen data on this, and won't until a post-mortem is released by Twitter, but it's a possibility.
Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application. Indeed, some of the accounts (Tyler Winklevoss, for example) have confirmed they were using multi-factor authentication and got hacked anyway. If the hackers do have access to the backend.....Read More
Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application. Indeed, some of the accounts (Tyler Winklevoss, for example) have confirmed they were using multi-factor authentication and got hacked anyway. If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction, albeit a very profitable one. We haven't seen data on this, and won't until a post-mortem is released by Twitter, but it's a possibility.  Read Less
June 04, 2020

Experts On San Francisco Retirement Program Suffers Data Breach
The breach itself is also interesting from a technical perspective.
A breach like this is interesting, both because it leads to almost guaranteed identity theft (if the information actually was accessed and downloaded), since it’s a treasure trove of financial information, identifying information, and security questions. Security questions, in particular, typically uses information that people *feel* is non-public, even if it usually is; wife’s name, where you met, etc., are often accessible with a quick social media search. But for an attacker to have.....Read More
A breach like this is interesting, both because it leads to almost guaranteed identity theft (if the information actually was accessed and downloaded), since it’s a treasure trove of financial information, identifying information, and security questions. Security questions, in particular, typically uses information that people *feel* is non-public, even if it usually is; wife’s name, where you met, etc., are often accessible with a quick social media search. But for an attacker to have those at their fingertips, along with all of the other information, is incredibly dangerous from an identity theft perspective. Additionally, because beneficiary information was accessed, it is also likely to lead to targeted spear phishing attacks, where an attacker spoofs an email as if it were coming from one of those beneficiaries. The retired employees of San Francisco need to be extremely careful and verify, personally, through existing contact info they already had, that their beneficiaries actually sent an email, should the retirees receive one. The breach itself is also interesting from a technical perspective, as this was a bit of careless planning; one of the main considerations when building a testing or stage environment is to ensure it does not have access to any production systems or data. We do this because it prevents exactly this sort of breach. Staging and test environments, almost by definition, are much more prone to bugs and vulnerabilities than a production environment. In testing is where those issues are found, and where they are fixed, before it gets pushed out to something the world can see. Those testing environments *should* be separated from the production environments, and ideally inaccessible outside the corporate network, but it’s also important to ensure that a test environment uses mock data rather than production data. There are generators for most frameworks that will produce fake (or “mock”) data in order to fill up your database with real-looking information that is actually just computer-generated, and those are important to use; this breach is a perfect lesson as to why.  Read Less