Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Top Posts
Data Loss Prevention: Artificial Intelligence vs. Human Insight
Expert On How The UK Police Data Loss...
Cyber Criminals Left Stolen Phishing Credentials Exposed To...
Cyber Expert On Malware Found On Laptops Provided...
OpenText Research Offers A Snapshot Of UK Attitudes...
How Much Are You Worth On The Dark...
Experts Reaction On World Economic Forum 2021 Report...
Major Security Flaws Found In Signal And other...
Comment On IoT Risks Of Peloton Bike
Top‌ ‌3‌ ‌Priorities‌ ‌For‌ ‌CISOs’‌ ‌2021‌ ‌Security‌ ‌Programs
Information Security Buzz

Connecting Security Experts

  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Expert(s): November 30, 2020
Mike Bittner
Associate Director of Digital Security and Operationsfeature_status*/ ?>
The Media Trust

Comments Dotted : 17
March 20, 2020

Security Expert On Medical Mask Ads Still Showing Up

What started as a few dozen scam campaigns quickly multiplied to hundreds within days.
It’s difficult to police digital advertising, when billions of ads are served every minute to individuals accessing content from around the world via different devices and behavioral profiles. The challenge is defining what is a scam or bad ad, and then using defined characteristics to identify and terminate violations from the digital ecosystem. What started as a few dozen scam campaigns quickly multiplied to hundreds within days. To avoid being accused of profiting off the misfortune of.....Read More
It’s difficult to police digital advertising, when billions of ads are served every minute to individuals accessing content from around the world via different devices and behavioral profiles. The challenge is defining what is a scam or bad ad, and then using defined characteristics to identify and terminate violations from the digital ecosystem. What started as a few dozen scam campaigns quickly multiplied to hundreds within days. To avoid being accused of profiting off the misfortune of others, websites and their digital partners should closely analyze their content and ad tags with an eye to removing illegitimate promotions from their digital environment.  Read Less
Like(1)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"What started as a few dozen scam campaigns quickly multiplied to hundreds within days...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-on-medical-mask-ads-still-showing-up

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"What started as a few dozen scam campaigns quickly multiplied to hundreds within days...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-on-medical-mask-ads-still-showing-up

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
March 12, 2020

On Adware – The Mobile Plague

As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad.
Ads provide a very important function in the digital economy: they enable access to a free service. While most people approach this adware as a user annoyance with little actual harm to the user this usually isn't the case. The issue lies in what additional code ads bring to the device, most of which is unknown to the app creator or advertiser. As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad. It's these surreptitious actions that lead to.....Read More
Ads provide a very important function in the digital economy: they enable access to a free service. While most people approach this adware as a user annoyance with little actual harm to the user this usually isn't the case. The issue lies in what additional code ads bring to the device, most of which is unknown to the app creator or advertiser. As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad. It's these surreptitious actions that lead to unauthorized data collection, zombie device creation, browser or device exploitations, malicious downloads, and more. App creators and stores need to thoroughly analyze executing code from the user experience to identify these activities to not only accurately populate privacy policies and consent management platforms but also ensure compliance with data protection regulations. Taking responsibility for knowing what vendors are brought to the user experience will mitigate most annoying, malicious and regulatory violation problems.  Read Less
Like(0)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/on-adware-the-mobile-plague

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/on-adware-the-mobile-plague

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 28, 2020

Response Comment: Google Docs Down

In the post-CCPA/GDPR world, tech companies are paying greater attention to the risks that software poses to users.
In the post-CCPA/GDPR world, tech companies are paying greater attention to the risks that software poses to users. Much of the risks stem from having no control over what impact code will have on the security and privacy of user personal data. Until tech companies know who's running what code in the various components that make up extensions and other forms of software, the risk of fraud and theft will remain high, as will the risk of running afoul of these new privacy laws.
Like(0)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"In the post-CCPA/GDPR world, tech companies are paying greater attention to the risks that software poses to users...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/response-comment-google-docs-down

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"In the post-CCPA/GDPR world, tech companies are paying greater attention to the risks that software poses to users...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/response-comment-google-docs-down

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 24, 2020

Comments On Thousands Of WordPress Sites Hacked To Fuel Scam Campaign

While this arrangement may have worked in the past, the passage of the CCPA has shaken up the industry.
Campaigns that redirect users of legitimate sites to scam sites underscore the problems with relying on digital third-parties. While digital third-parties provide much needed support to websites that must meet the growing demands of website users, they also expose site owners and users to security and privacy risks. The code they run on today's websites lie outside the website owners' perimeter. As a result, owners don't know who's running what code on their sites, and what impact this might.....Read More
Campaigns that redirect users of legitimate sites to scam sites underscore the problems with relying on digital third-parties. While digital third-parties provide much needed support to websites that must meet the growing demands of website users, they also expose site owners and users to security and privacy risks. The code they run on today's websites lie outside the website owners' perimeter. As a result, owners don't know who's running what code on their sites, and what impact this might have on users. Meanwhile, bad actors are capitalizing on this growing reliance on digital third parties, who all too often bring their software to market without much thought given to security and privacy. While this arrangement may have worked in the past, the passage of the CCPA has shaken up the industry with stiff penalties and private right of action in case of a breach. The upshot, companies can no longer take privacy and security lightly.  Read Less
Like(0)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"While this arrangement may have worked in the past, the passage of the CCPA has shaken up the industry...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comments-on-thousands-of-wordpress-sites-hacked-to-fuel-scam-campaign

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"While this arrangement may have worked in the past, the passage of the CCPA has shaken up the industry...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comments-on-thousands-of-wordpress-sites-hacked-to-fuel-scam-campaign

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 22, 2020

Comments On The Hanna Anderson Magecart Attack

By doing so, they will address not only security risk, but also quality and performance risks.
We need to call these attacks what they are: digital supply chain attacks. Some attacks use the same or similar code as Magecart, but a far greater number use a wide array of advanced techniques to redirect online shoppers and readers. Until companies take the insecurity of their digital supply chains seriously and monitor the code that runs on their sites, these attacks will continue. There's no other way to prevent these attacks than to allow only trusted digital vendors to run code on your .....Read More
We need to call these attacks what they are: digital supply chain attacks. Some attacks use the same or similar code as Magecart, but a far greater number use a wide array of advanced techniques to redirect online shoppers and readers. Until companies take the insecurity of their digital supply chains seriously and monitor the code that runs on their sites, these attacks will continue. There's no other way to prevent these attacks than to allow only trusted digital vendors to run code on your site, as well as closely watch and regulate all the code that these vendors and their own digital third parties run to make sure they all follow your policies. By doing so, they will address not only security risk, but also quality and performance risks that can degrade their site’s user experience.  Read Less
Like(0)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"By doing so, they will address not only security risk, but also quality and performance risks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comments-on-the-hanna-anderson-magecart-attack

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"By doing so, they will address not only security risk, but also quality and performance risks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comments-on-the-hanna-anderson-magecart-attack

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 07, 2020

The Media Trust Comments On HappyHotel Search Engine Breach

Users will want to keep their data private and protect information on their activities from public exposure.
An aggregator like HappyHotel is not your average hotel booking site--it's neither for family vacations or for business trips. Users will want to keep their data private and protect information on their activities from public exposure. Apart from exploiting data for identity theft or various other forms of fraud, bad actors can extort money from users and cause irreparable damage to their private and public lives. Site owners that facilitate sensitive activities that users wouldn't want made.....Read More
An aggregator like HappyHotel is not your average hotel booking site--it's neither for family vacations or for business trips. Users will want to keep their data private and protect information on their activities from public exposure. Apart from exploiting data for identity theft or various other forms of fraud, bad actors can extort money from users and cause irreparable damage to their private and public lives. Site owners that facilitate sensitive activities that users wouldn't want made public should exercise extra security precautions to prevent breaches. Their sites, not to mention the digital third parties that support it, are likely in the crosshairs of bad actors who want to score and profit from extra-sensitive information.  Read Less
Like(3)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Users will want to keep their data private and protect information on their activities from public exposure. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/the-media-trust-comments-on-happyhotel-search-engine-breach

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Users will want to keep their data private and protect information on their activities from public exposure. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/the-media-trust-comments-on-happyhotel-search-engine-breach

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
December 20, 2019

Expert Insight: Magecart Attack On Macy’s Was Customized

Bad actors know they can count on many site operators to leave open the same entry points.
While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code. Bad actors know they can count on many site operators to leave open the same entry points either through bad configuration, poor security measures, or both. Until businesses take .....Read More
While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code. Bad actors know they can count on many site operators to leave open the same entry points either through bad configuration, poor security measures, or both. Until businesses take third-party code risks more seriously and continually monitor third-party code to keep out unauthorized activities, these attacks will continue simply because their success is almost guaranteed.  Read Less
Like(4)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Bad actors know they can count on many site operators to leave open the same entry points...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-magecart-attack-on-macys-was-customized

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Bad actors know they can count on many site operators to leave open the same entry points...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-magecart-attack-on-macys-was-customized

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 26, 2019

Comments On The Report: MSPs Targeted For Cyber Attacks In 2020

Nearly all websites today are hosted by cloud service providers (CSP).
Digital supply chain attacks are mounting because they give bad actors a nice return for their investment. By targeting one provider, bad actors gain access to the data of several, if not many. Nearly all websites today are hosted by cloud service providers (CSP), who are rarely held to account for any malicious attacks that break out across their platforms. And even if businesses show their CSP concrete evidence that an attack was traced to their platform, chances are small that the CSP would.....Read More
Digital supply chain attacks are mounting because they give bad actors a nice return for their investment. By targeting one provider, bad actors gain access to the data of several, if not many. Nearly all websites today are hosted by cloud service providers (CSP), who are rarely held to account for any malicious attacks that break out across their platforms. And even if businesses show their CSP concrete evidence that an attack was traced to their platform, chances are small that the CSP would help to shut down the attack.  Read Less
Like(0)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Nearly all websites today are hosted by cloud service providers (CSP)...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comments-on-the-report-msps-targeted-for-cyber-attacks-in-2020

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Nearly all websites today are hosted by cloud service providers (CSP)...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comments-on-the-report-msps-targeted-for-cyber-attacks-in-2020

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 20, 2019

Experts Comments On Macy’s Customer Payment Info Stolen In Magecart Breach

Treat everyone else as a potential threat.
The challenge with preventing cross-site scripting attacks is identifying which code should be running on a site, which ones shouldn't. Until site owners know all the domains that are called by code on their site, they won't be able to distinguish who's authorized to be there, and who isn't. If they have an inventory of allowed digital vendors, they'll be able to root out unauthorized actors like those behind barn-x.com. They need to take a left of left-of-breach approach. Only allow code from.....Read More
The challenge with preventing cross-site scripting attacks is identifying which code should be running on a site, which ones shouldn't. Until site owners know all the domains that are called by code on their site, they won't be able to distinguish who's authorized to be there, and who isn't. If they have an inventory of allowed digital vendors, they'll be able to root out unauthorized actors like those behind barn-x.com. They need to take a left of left-of-breach approach. Only allow code from digital vendors you know. Treat everyone else as a potential threat. You'll avoid making the headlines for all the wrong reasons.  Read Less
Like(0)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Treat everyone else as a potential threat...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Treat everyone else as a potential threat...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 19, 2019

Expert Insight On Fake Domains

Data encryption alone will not prevent bad actors from accessing personal information from site users.
TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers' tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will .....Read More
TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers' tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will not prevent bad actors from accessing personal information from site users. As incidents like those involving PayLeak-3PC and other payment stealing malicious code show, encryption won't prevent bad actors from hijacking the online journey. Detecting this type of code requires the right tools and expertise that conventional security methods don't offer. It also requires knowing who should be running code for what purpose on your website and who shouldn't.  Read Less
Like(8)  (0)

Linkedin Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Data encryption alone will not prevent bad actors from accessing personal information from site users. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-fake-domains

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Data encryption alone will not prevent bad actors from accessing personal information from site users. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-fake-domains

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Matias Madou, Co-founder and CTO, Secure Code Warrior

"It’s imperative that all developers are trained in how to code securely from the outset. "

Expert On How The UK Police Data Loss Could Have Been Easily Prevented

Stephen Kapp, CTO and Founder, Cortex Insight

"Pixlr should look to improve its internal processes by holding user information. "

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

George Glass, Head of Threat Intelligence, Redscan

"Gamarue is able to spread across a user’s local network and is also capable of installing additional strains of malware. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Jake Moore, Cybersecurity Specialist, ESET

"Gamarue.1 is an old virus from quite a few years ago. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Niamh Muldoon, Senior Director of Trust and Security EMEA, OneLogin

"New and young students using online learning for the first time are most vulnerable. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"All computers, no matter the make, model, or operating system should run some type of antivirus or anti-malware protection. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"Department of Education should be putting security parameters. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Sam Curry, Chief Security Officer, Cybereason

"The National Cyber Security Centre offer free advice on secure home working. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Brian Higgins, Security Specialist, Comparitech.com

"The potential for malicious software to be used against recipients is not limited to the children. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Chloé Messdaghi, VP of Strategy, Point3 Security

"The attack approach was also clever. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Saryu Nayyar, CEO, Gurucul

"Organizations still need to maintain strong perimeter and interior defenses. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Oliver Cronk, Chief IT Architect, EMEA, Tanium

"This story is part of a wider challenge facing schools at the moment. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Andy Teichholz, Senior Industry Strategist, Compliance and Legal, OpenText

"In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Lou Blatt, Senior Vice President and CMO, OpenText

"Digital is now central to almost every business interaction – generating more data for companies to manage and secure. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Greg Bell, CEO, Corelight

"This type of network infiltration is often difficult to identify. "

A Chinese Hacking Group Is Stealing Airline Passenger Details

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel