Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Top Posts
Data Loss Prevention: Artificial Intelligence vs. Human Insight
Expert On How The UK Police Data Loss...
Cyber Criminals Left Stolen Phishing Credentials Exposed To...
Cyber Expert On Malware Found On Laptops Provided...
OpenText Research Offers A Snapshot Of UK Attitudes...
How Much Are You Worth On The Dark...
Experts Reaction On World Economic Forum 2021 Report...
Major Security Flaws Found In Signal And other...
Comment On IoT Risks Of Peloton Bike
Top‌ ‌3‌ ‌Priorities‌ ‌For‌ ‌CISOs’‌ ‌2021‌ ‌Security‌ ‌Programs
Information Security Buzz

Connecting Security Experts

  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Expert(s): November 30, 2020
Casey Ellis
CTO and Founderfeature_status*/ ?>
Bugcrowd

Comments Dotted : 19
December 18, 2020

Cyber Security Predictions 2021: Experts’ Responses

Governments around the world will continue to adopt vulnerability disclosure as a default.
Governments are collectively realizing the scale and distributed nature of the threats they face in the cyber domain, as well as the league of good-faith hackers available to help them balance forces. When you're faced with an army of adversaries, an army of allies makes a lot of sense. Judging by the language used in the policies released in 2020, governments around the world (including the UK) are also leaning in to the benefit of transparency inherent to a well-run VDP to create confidence.....Read More
Governments are collectively realizing the scale and distributed nature of the threats they face in the cyber domain, as well as the league of good-faith hackers available to help them balance forces. When you're faced with an army of adversaries, an army of allies makes a lot of sense. Judging by the language used in the policies released in 2020, governments around the world (including the UK) are also leaning in to the benefit of transparency inherent to a well-run VDP to create confidence in their constituents (neighborhood watch for the internet). The added confidence, ease of explanation, and the fact that security research and incidental discovery of security issues happen whether there is an invitation or not is making this an increasingly easy decision for governments to make.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Governments around the world will continue to adopt vulnerability disclosure as a default...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cyber-security-predictions-2021-experts-responses

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Governments around the world will continue to adopt vulnerability disclosure as a default...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cyber-security-predictions-2021-experts-responses

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
December 15, 2020

U.S. Government Victimized By Russian Cyberattacks – Expert Commentary

The Solarwinds incident also highlights the complexity of supply chains and the "no look" dependency on upstream security programs.
Well funded, talented, motivated nation-states exist as a crowd of potential adversaries with diverse skill sets, a variety of motivations and goals, and incentive to get results. The "Mossad/Not-Mossad" threat model introduced by James Mickens suggests that while a sufficiently motivated and resourced adversary will ultimately always achieve their goals, an army of allies stands ready to help raise the bar, increase the cost of an attack, and route the adversary into places where they can be.....Read More
Well funded, talented, motivated nation-states exist as a crowd of potential adversaries with diverse skill sets, a variety of motivations and goals, and incentive to get results. The "Mossad/Not-Mossad" threat model introduced by James Mickens suggests that while a sufficiently motivated and resourced adversary will ultimately always achieve their goals, an army of allies stands ready to help raise the bar, increase the cost of an attack, and route the adversary into places where they can be more easily detected. The Solarwinds incident also highlights the complexity of supply chains and the "no look" dependency on upstream security programs to maintain the integrity of the supplied software, as well as the systems and environments of all users of that software. What happened with Solarwinds could, and has, happened with open source software, and well as with other providers - The use of M.E.Doc in the NotPetya attacks in the Ukraine is a recent example, as was the 2011 attacks on the RSA SecureID authentication software. In this case, the breach of SolarWinds Orion’s code poses a major threat to the Federal Civilian Executive Branch agencies that were using its software, as well as the 425 Fortune companies in their client list, and many, many other organizations worldwide. The potential upside of this breach, as noted by Dmitry Alperovich, is that the incredible scope of its impact creates a dilemma for attacks when it comes to choosing what to exploit. This will shift the burden to incident response and threat hunting teams over the coming weeks to establish if the incident affects them, and if so, was the access provided by the breach used by APT29. Vulnerabilities exist in every platform and every company, and the number of exploitable and their potential impact compounds as developers innovate at unprecedented rates, in part due to the new demands of remote work and widespread access triggered by the COVID-19 pandemic. While there are still many questions remaining about this breach, government agencies must acknowledge the scale and distributed nature of the threats they face in the cyber domain, and realize that they need to accept the assistance of that army of allies who are offering to help defend against the legion of adversaries. Governments and private organizations around the globe have recognized the threats they face and are leaning into the benefit of well-run Vulnerability Disclosure Programs (VDPs) to roll out the red carpet to the digital locksmiths of the Internet, who work to counter and outsmart the adversary and - more importantly - to help create confidence in their constituents’ security ecosystem. The kind of security research and discovery of security issues that could frustrate the efforts of nation-states is happening whether there is an invitation or not, and the truth of this is making the implementation of a VDP an increasingly easy decision to make.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The Solarwinds incident also highlights the complexity of supply chains and the \"no look\" dependency on upstream security programs...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/u-s-government-victimized-by-russian-cyberattacks-expert-commentary

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The Solarwinds incident also highlights the complexity of supply chains and the \"no look\" dependency on upstream security programs...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/u-s-government-victimized-by-russian-cyberattacks-expert-commentary

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
September 23, 2020

Expert Commentary: New House Approved Legislation Risks Prosecuting Ethical Security Researchers

As cybersecurity leaders, we have an obligation to support the ethical hacker community as they defend the safety of the Internet.
By enacting The Defending the Integrity of Voting Systems Act, the U.S. government might seek to deter adversaries from meddling with the voting process, but instead the biggest impact they will have is chilling and potentially criminalizing the actions of good-faith hackers conducting security research to help secure the election process. If security researchers are legally unable to discover vulnerabilities in voting systems, then malicious hackers - who are ignoring these laws to being with.....Read More
By enacting The Defending the Integrity of Voting Systems Act, the U.S. government might seek to deter adversaries from meddling with the voting process, but instead the biggest impact they will have is chilling and potentially criminalizing the actions of good-faith hackers conducting security research to help secure the election process. If security researchers are legally unable to discover vulnerabilities in voting systems, then malicious hackers - who are ignoring these laws to being with - have an open field to exploit undiscovered vulnerabilities within voting systems. Another question that remains is whether this new bill will now make ethical security research of second hand and aftermarket voting equipment illegal by putting these machines into the protected computer class? If so, this bill will have practical impact on the ability for voting machine security research to be conducted in the first place/ As the legislation now awaits the POTUS’ signature for final approval, it would be remiss of cybersecurity industry leaders to ignore the fact that this legislation is a step in the wrong direction, as is any broadening of the scope of the CFAA. The Computer Fraud and Abuse Act (CFAA) was originally passed by Congress in response to growing threats from malicious actors, yet it serves as a barrier for the betterment of our society by barring security researchers from doing their job. Every time that it is broadened, good-faith hackers unfortunately are the ones most affected. As cybersecurity leaders, we have an obligation to support the ethical hacker community as they defend the safety of the Internet. This legislation would not only outlaw but also derail the efforts of security researchers in helping identify and resolve vulnerabilities that could potentially destroy an organization within the voting infrastructure, impacting democracy as a whole.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"As cybersecurity leaders, we have an obligation to support the ethical hacker community as they defend the safety of the Internet...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-new-house-approved-legislation-risks-prosecuting-ethical-security-researchers

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"As cybersecurity leaders, we have an obligation to support the ethical hacker community as they defend the safety of the Internet...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-new-house-approved-legislation-risks-prosecuting-ethical-security-researchers

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
September 04, 2020

Expert Commentary: Voatz Wrongly Accuses Ethical Hacker

Congress originally passed the CFAA in response to growing threats from malicious actors.
Voatz’s corporate disclosure in the introduction of this brief is the exact reason why they should not qualify for Amicus Curiae, as it benefits them to uphold the Computer Fraud and Abuse Act (CFAA). Additionally, Voatz’s main argument to the researcher’s amicus brief fails to address the fact that the organizations that establish authorized access will not know about all possibilities for exploitation by an adversary. To elaborate, if there’s a method of exploiting the system that.....Read More
Voatz’s corporate disclosure in the introduction of this brief is the exact reason why they should not qualify for Amicus Curiae, as it benefits them to uphold the Computer Fraud and Abuse Act (CFAA). Additionally, Voatz’s main argument to the researcher’s amicus brief fails to address the fact that the organizations that establish authorized access will not know about all possibilities for exploitation by an adversary. To elaborate, if there’s a method of exploiting the system that the organization is unaware of, they cannot possibly provide legal access to test it. In this case, Voatz would be leaving their voting system vulnerable to attack. Unauthorized access is one of the main purposes of security research - by making it illegal, researchers will be unable to effectively do their jobs, the organization will not be able to close all vulnerabilities, and attackers will win. Congress originally passed the CFAA in response to growing threats from malicious actors. Unfortunately, the law is so broadly written that it criminalizes acts that otherwise violate a website’s terms of services, from lying about your name on a web form to the socially beneficial security testing that ethical security researchers undertake. The purpose of the CFAA is to outlaw malicious cyberattacks, not grant organizations the ability to halt vulnerability reporting by holding ethical researchers legally accountable for their actions. A broader interpretation of "exceeds unauthorized access" in CFAA works directly against the goals of a safer and more resilient internet. Moving forward, security researchers must also pay attention to organizations’ bug bounties to ensure they have safe harbor language.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Congress originally passed the CFAA in response to growing threats from malicious actors. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-voatz-wrongly-accuses-ethical-hacker

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Congress originally passed the CFAA in response to growing threats from malicious actors. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-voatz-wrongly-accuses-ethical-hacker

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
August 24, 2020

Expert Commentary: Uber Covers-up Ransom Payment For PII Of 57M Drivers

I highly advise other industry leaders to consider the value of the ethical security researcher community.
Today's rather escalates the ethical considerations around how Uber responded to its 2016 breach into very real legal ones. What took place in 2016 was clearly extortion, not a bug bounty payment. In a bug bounty program, the terms of engagement - including payment - are set before any sort of hacking takes place. This alignment on all sides facilitates interactions between businesses and the researcher community for safe and effective security testing, and minimizes potential for.....Read More
Today's rather escalates the ethical considerations around how Uber responded to its 2016 breach into very real legal ones. What took place in 2016 was clearly extortion, not a bug bounty payment. In a bug bounty program, the terms of engagement - including payment - are set before any sort of hacking takes place. This alignment on all sides facilitates interactions between businesses and the researcher community for safe and effective security testing, and minimizes potential for misunderstanding. In extortion, it's the other way around, and the threat of data exposure puts pressure on payment. Unfortunately, this incident has also negatively influenced the public’s perception of the hacker community, and of bug bounties in general. Historically, hackers were strictly viewed as malevolent, but the industry's understanding of ethical hackers within the industry has progressed within the last few years to include the much larger community. In fact, there’s a global community of ethical hackers who operate above board and in good faith, and are committed to helping organizations improve their security posture. Although Uber’s original issue was clearly on the side of bad faith, it has highlighted how blurry the line is between hacking that crosses legal lines into dark territory, and the kind of hacking which can be helpful. As leaders within the cybersecurity space, we have a moral obligation to support the next generation of Internet defenders as they advance the ethical hacker community forward. We must band together to fight the masses of bad actors by empowering the hackers that operate with integrity, and protecting them and their work. I highly advise other industry leaders to consider the value of the ethical security researcher community. As the Internet plays an instrumental role in both our daily work and personal lives, this community of cyber defenders around the world work to make the Internet a safer place for everyone.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"I highly advise other industry leaders to consider the value of the ethical security researcher community...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-uber-covers-up-ransom-payment-for-pii-of-57m-drivers

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"I highly advise other industry leaders to consider the value of the ethical security researcher community...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-uber-covers-up-ransom-payment-for-pii-of-57m-drivers

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
August 12, 2020

Expert Commentary: Unsecured databases exposes 3.1M+ patients’ data

Organizations across all industries can benefit from having a vulnerability disclosure program (VDP) in place.
This researcher’s discovery of Adit’s unsecured database and disclosure to the company is a textbook practice that ethical security researchers will do to help organizations proactively identify and close vulnerabilities before they can be exploited by bad actors. Unfortunately, Adit’s failure to respond to the researcher in the time allowed a bot to delete and possibly steal the critical information belonging to millions of patients that were in the database. This highlights the overall .....Read More
This researcher’s discovery of Adit’s unsecured database and disclosure to the company is a textbook practice that ethical security researchers will do to help organizations proactively identify and close vulnerabilities before they can be exploited by bad actors. Unfortunately, Adit’s failure to respond to the researcher in the time allowed a bot to delete and possibly steal the critical information belonging to millions of patients that were in the database. This highlights the overall failure of both public and private sector organizations to cooperate with ethical security researchers. Organizations across all industries can benefit from having a vulnerability disclosure program (VDP) in place. This is because humans are prone to error and, when developers feel rushed to bring a new product or innovation to market, they will make mistakes along the way. Historically, NoSQL databases like Elasticsearch and MongoDB have been subject to bulk erasure and ransoming. That being said, exposed Elasticsearch instances on the internet will be found, and organizations with VDPs in place will have a greater chance of closing these up before they can be exploited by adversaries. With a VDP, organizations will be able to be proactively alerted of vulnerabilities by ethical researchers before they can be exploited in the wild. Speed is the natural enemy of security, and the best way to remain secure and beat attackers is by thinking like one – even organizations with in-house security teams can benefit from having outside help. In this instance, having a VDP would have allowed Adit to secure their database before it could have been deleted and the data possibly stolen.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organizations across all industries can benefit from having a vulnerability disclosure program (VDP) in place. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-unsecured-databases-exposes-3-1m-patients-data

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organizations across all industries can benefit from having a vulnerability disclosure program (VDP) in place. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-unsecured-databases-exposes-3-1m-patients-data

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
July 23, 2020

Expert Commentary: Apple iOS Security Research Device Program

Speed is the natural enemy of security in software development.
The iOS Security Research Device program is a step in the right direction for Apple, as they are a high-priority target for nation-state-backed attackers. By looping in more researchers to perform a greater volume of testing, Apple should achieve better security as a result. To proactively identify and close vulnerabilities in their products before they can be exploited by bad actors, both before and after products are brought to market, organizations should take a page out of Apple’s.....Read More
The iOS Security Research Device program is a step in the right direction for Apple, as they are a high-priority target for nation-state-backed attackers. By looping in more researchers to perform a greater volume of testing, Apple should achieve better security as a result. To proactively identify and close vulnerabilities in their products before they can be exploited by bad actors, both before and after products are brought to market, organizations should take a page out of Apple’s playbook and work with outside researchers. Speed is the natural enemy of security in software development, and no organization is safe, even companies with in-house security teams. The news is dampened by their legal battle with Corellium over copyright infringement, since Corellium developed and sold software that allows researchers to hunt for potential iPhone vulnerabilities, but is ultimately a good and exciting move by Apple.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Speed is the natural enemy of security in software development...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-apple-ios-security-research-device-program

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Speed is the natural enemy of security in software development...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-apple-ios-security-research-device-program

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
July 15, 2020

Expert Insight On SAP Critical Bug Allows Unrestricted Access to ERP, CRM

The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability.
This is the second major Java-based 0-day in the wild in as many weeks targeting widely deployed, Internet-facing critical software. The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability. Even when a patch is issued, successfully ensuring every application is patched becomes a race against malicious actors that know exactly what software they should be targeting. In the case of the SAP bug, the.....Read More
This is the second major Java-based 0-day in the wild in as many weeks targeting widely deployed, Internet-facing critical software. The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability. Even when a patch is issued, successfully ensuring every application is patched becomes a race against malicious actors that know exactly what software they should be targeting. In the case of the SAP bug, the vulnerability in question would allow an unauthenticated attacker unrestricted access to SAP systems, including ERP, CRM and other programs likely to contain highly sensitive information, and enable them to have privileged access even deeper into the network and systems of the affected organization. With crowdsourced security, the global researcher community is able to mobilize within hours, drastically cutting discovery time and allowing more effective prioritization of the effort that goes into testing and deploying patches and mitigations. Speed is absolutely essential when managing risk in these situations and no other traditional security model is able to match crowdsourcing.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-sap-critical-bug-allows-unrestricted-access-to-erp-crm

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-sap-critical-bug-allows-unrestricted-access-to-erp-crm

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
May 20, 2020

Industry Experts On Verizon DBiR 2020

Whitehat hacking can be an advantageous way to mitigate exploits and improve organizations' cyber postures.
The 2020 Verizon Data Breach Investigations Report (DBIR) is a yearly staple for the security industry, and this year's report is no exception. According to the report, 43% of breaches were attacks on web applications, more than doubling the results from last year. Organizations need to understand the importance of knowing their infrastructure because web applications provide easy entry points for cybercriminals. Web applications are what we interact with as users, but it's more than that: The.....Read More
The 2020 Verizon Data Breach Investigations Report (DBIR) is a yearly staple for the security industry, and this year's report is no exception. According to the report, 43% of breaches were attacks on web applications, more than doubling the results from last year. Organizations need to understand the importance of knowing their infrastructure because web applications provide easy entry points for cybercriminals. Web applications are what we interact with as users, but it's more than that: The technologies and infrastructure which powers the businesses we rely on are ever increasingly built on top of web technologies. With cybercriminals utilizing hacking techniques to exploit web applications, whitehat hacking can be an advantageous way to mitigate exploits and improve organizations' cyber postures. 70% of breaches involve hacking; the same philosophy can be applied to defending organizations by implementing crowdsourced security. Whitehat hackers think like our adversaries, but want to do good, helping organizations find vulnerabilities before the bad guys do. Web application vulnerabilities have always been the top submitted vulnerabilities (90%) across our programs and correspondingly account for the highest percentage of overall rewards paid.  Read Less
Like(3)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Whitehat hacking can be an advantageous way to mitigate exploits and improve organizations\' cyber postures. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/industry-experts-on-verizon-dbir-2020

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Whitehat hacking can be an advantageous way to mitigate exploits and improve organizations\' cyber postures. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/industry-experts-on-verizon-dbir-2020

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
April 01, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach

The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security.
Like the OPM, Anthem, Dulles and the 2018 Marriott breach, this breach is just another in a long string of attacks targeting US officials. Think about it, officials from the NSA, CIA, FBI, DoD stay at Marriott hotels, including possibly diplomats, business people or intelligence officials as they travel around the globe. The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security--alarm bells should be.....Read More
Like the OPM, Anthem, Dulles and the 2018 Marriott breach, this breach is just another in a long string of attacks targeting US officials. Think about it, officials from the NSA, CIA, FBI, DoD stay at Marriott hotels, including possibly diplomats, business people or intelligence officials as they travel around the globe. The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security--alarm bells should be going off. The hospitality industry continues to demonstrate a greater need for stronger security measures - especially since this is the second security incident affecting Marriott in the past two years. This attack emphasizes the need for the hospitality industry to take security seriously. Hotels collect more private personal information than most enterprise organizations (birthdays, passport numbers, email and mailing addresses, and phone numbers). Cybercriminals know what types of organizations collect troves of sensitive data, and given the amount of valuable information at hand, hospitality organizations can no longer afford to ignore their vulnerabilities.  Read Less
Like(0)  (0)

Linkedin Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/industry-leaders-and-cybersecurity-experts-insight-on-marriott-international-data-breach

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Casey Ellis, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/industry-leaders-and-cybersecurity-experts-insight-on-marriott-international-data-breach

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Matias Madou, Co-founder and CTO, Secure Code Warrior

"It’s imperative that all developers are trained in how to code securely from the outset. "

Expert On How The UK Police Data Loss Could Have Been Easily Prevented

Stephen Kapp, CTO and Founder, Cortex Insight

"Pixlr should look to improve its internal processes by holding user information. "

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

George Glass, Head of Threat Intelligence, Redscan

"Gamarue is able to spread across a user’s local network and is also capable of installing additional strains of malware. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Jake Moore, Cybersecurity Specialist, ESET

"Gamarue.1 is an old virus from quite a few years ago. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Niamh Muldoon, Senior Director of Trust and Security EMEA, OneLogin

"New and young students using online learning for the first time are most vulnerable. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"All computers, no matter the make, model, or operating system should run some type of antivirus or anti-malware protection. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"Department of Education should be putting security parameters. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Sam Curry, Chief Security Officer, Cybereason

"The National Cyber Security Centre offer free advice on secure home working. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Brian Higgins, Security Specialist, Comparitech.com

"The potential for malicious software to be used against recipients is not limited to the children. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Chloé Messdaghi, VP of Strategy, Point3 Security

"The attack approach was also clever. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Saryu Nayyar, CEO, Gurucul

"Organizations still need to maintain strong perimeter and interior defenses. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Oliver Cronk, Chief IT Architect, EMEA, Tanium

"This story is part of a wider challenge facing schools at the moment. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Andy Teichholz, Senior Industry Strategist, Compliance and Legal, OpenText

"In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Lou Blatt, Senior Vice President and CMO, OpenText

"Digital is now central to almost every business interaction – generating more data for companies to manage and secure. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Greg Bell, CEO, Corelight

"This type of network infiltration is often difficult to identify. "

A Chinese Hacking Group Is Stealing Airline Passenger Details

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel