Expert(s):
Principal Security Researcher feature_status*/ ?>
Kaspersky

Comments Dotted : 12
December 11, 2020

Expert Insight On QR Scanners Can Help Consumers Escape Device Intrusion
We want to encourage everyone to be cyber safe when they’re out and about this festive season.
Quick Response (QR) codes have fast become a feature in everyday life across the UK, not least as a result of track and trace system requirements in shops, restaurants, and businesses. They make information easy to access and provide quick, contactless check-in procedures, but with that simplicity comes a certain risk. One of the dangers of QR codes is that people can’t read or understand the information on the image without scanning it, which could expose their device to malicious files or.....Read More
Quick Response (QR) codes have fast become a feature in everyday life across the UK, not least as a result of track and trace system requirements in shops, restaurants, and businesses. They make information easy to access and provide quick, contactless check-in procedures, but with that simplicity comes a certain risk. One of the dangers of QR codes is that people can’t read or understand the information on the image without scanning it, which could expose their device to malicious files or materials. Criminals can place their own tainted QR codes over legitimate ones on public signage or tables in restaurants, for example, which when scanned could take users to phishing websites, illicit materials, or even redirect you to a URL with a malicious file (APK or JAR). A tainted QR code might ask a user to download a malicious app containing malware, which could then steal personal information like address and credit card details, turn on location tracking, send messages to premium numbers or even steal social media log-ins. We want to encourage everyone to be cyber safe when they’re out and about this festive season and one of the ways to do that is to use a reputable QR scanner, like the Kaspersky QR Scanner, to check a code without the potential dangers of device intrusion. If a code on a poster or in a restaurant looks tampered with, then you can always ask the establishment that you’re in to advise, but the best way to stay safe is by having appropriate security software downloaded onto your device already. Of course, we encourage everyone to be responsive to government guidelines on track and trace, but it’s also important to keep in mind procedures to keep your information and devices safe too,” says David Emm, Principal Security Researcher at Kaspersky.  Read Less
November 25, 2020

11 Smart Video Doorbells Could Let Hackers Into Your Home
It is vital that consumers be made aware of these vulnerabilities and take all necessary precautions to keep themselves and their homes safe.
The ongoing development of smart doorbells has introduced a new wave of cybersecurity risks. With research today showing flaws in the common models that people are purchasing and installing in their homes, namely around weak password policies and lack of data encryption, these seemingly harmless devices could become literal keys to peoples’ lives. If hacked, the doorbells could give criminals access to entire home networks and other smart devices, which hold huge swathes of potentially.....Read More
The ongoing development of smart doorbells has introduced a new wave of cybersecurity risks. With research today showing flaws in the common models that people are purchasing and installing in their homes, namely around weak password policies and lack of data encryption, these seemingly harmless devices could become literal keys to peoples’ lives. If hacked, the doorbells could give criminals access to entire home networks and other smart devices, which hold huge swathes of potentially sensitive information. Or more simply, the criminals could seize control and switch off the device, which could leave houses vulnerable to intruders. Pending the UK government’s proposed legislation on the security of connected devices, device manufacturers should protect their customers by adhering to the UK government’s code of practice for IoT security. As we enter the biggest buying season of the year, these smart devices will undoubtedly be a popular gift for many. It is therefore vital that consumers be made aware of these vulnerabilities and take all necessary precautions to keep themselves and their homes safe.  Read Less
September 30, 2020

Expert Comment: Palm Scanner Launched For ‘Secure Payments’
The key lies in how the data is being encrypted and stored.
The new Amazon One payment sounds very convenient: you just hold your palm above the reader and it charges your card automatically – no swiping, no PIN, nothing. But to do this, they’re taking biometric data - in this case, a palm - and storing it in the cloud correlated with payment data. Amazon says the data will be encrypted. If we want to bring on the future securely, we must ensure it’s well encrypted, because Amazon One combines identification, authentication and authorisation into .....Read More
The new Amazon One payment sounds very convenient: you just hold your palm above the reader and it charges your card automatically – no swiping, no PIN, nothing. But to do this, they’re taking biometric data - in this case, a palm - and storing it in the cloud correlated with payment data. Amazon says the data will be encrypted. If we want to bring on the future securely, we must ensure it’s well encrypted, because Amazon One combines identification, authentication and authorisation into a single point. If someone were to steal and decrypt the data from the cloud they could potentially spoof someone's identity and spend their money. The key lies in how the data is being encrypted and stored. Where identification and authentication are separate, for example where a biometric is used to identify you and a PIN is used to verify that identity, anyone stealing the biometric data wouldn't have a complete set of information or enough to steal people's money. But in the case of Amazon One, they would have everything they need. Much safer to keep the two thing separate - biometric data to identify you and something else (such as a PIN) for authentication.  Read Less
September 04, 2020

Businesses increasingly at risk from cyber attack due to home working
It is more important than ever to protect work devices that are no longer connected to a secure company network
Remote working has presented increased cybersecurity risks for businesses. With more of us working from home due to the pandemic – perhaps for the foreseeable future – it is more important than ever to protect work devices that are no longer connected to a secure company network. Research conducted by Kaspersky shows that nearly a quarter (23%) of desktops and 17% of laptops supplied by UK employers lack security software – leaving those devices potentially vulnerable to cyberthreats......Read More
Remote working has presented increased cybersecurity risks for businesses. With more of us working from home due to the pandemic – perhaps for the foreseeable future – it is more important than ever to protect work devices that are no longer connected to a secure company network. Research conducted by Kaspersky shows that nearly a quarter (23%) of desktops and 17% of laptops supplied by UK employers lack security software – leaving those devices potentially vulnerable to cyberthreats. It’s important that all businesses pre-install staff computers and devices with security software to ensure they are protected at all times, to minimise the risk of attack. Staff should also know how to install or check the status of antivirus software while working on personal, or company devices from home, to secure corporate information and networks.  Read Less
April 30, 2020

Security Implications Of Covid-19 Contact-tracing Mobile Apps – Experts Commentary
Privacy concerns are critical to an app’s success and in this instance, the data should be handled in a balanced way.
New forms of technology, such as the NHS contact tracking app, are currently being implemented in order to help manage the country’s response to the pandemic and to help save lives. With the prospect of the government using the app to collect sensitive health data about the population on a mass scale, it’s of vital importance that this information is managed correctly, and is properly secured and encrypted to keep it safe. A key concern regarding the NHS contact tracking app is that the.....Read More
New forms of technology, such as the NHS contact tracking app, are currently being implemented in order to help manage the country’s response to the pandemic and to help save lives. With the prospect of the government using the app to collect sensitive health data about the population on a mass scale, it’s of vital importance that this information is managed correctly, and is properly secured and encrypted to keep it safe. A key concern regarding the NHS contact tracking app is that the government has chosen not to follow the decentralised model that looks set to be adopted in many countries; and instead opt for a centralised approach that includes real-time location tracking. However, it’s important that a significant portion of the population installs and uses the app as concerns about privacy might put people off. Privacy concerns are critical to an app’s success and in this instance, the data should be handled in a balanced way that manages both the safety and privacy concerns of citizens.  Read Less
February 24, 2020

Expert Analsysis Of US Defense Agency Says Personal Data ‘Compromised’ In 2019 Data Breach
A third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment.
The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent.....Read More
The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent cyber-attacks, which includes taking steps such as educating employees about risks, using password managers, installing security software, and regularly updating systems. This can put businesses on the path to fully protecting themselves against cyber-threats.  Read Less
February 03, 2020

Social Captain Instagram Account Exposed And Experts Reactions
The fact Social Captain – or indeed any online service – stores login credentials in plain text is of great concern.
While it’s understandable that people might want to boost their Instagram following, this shouldn’t be at the expense of their online security. The fact Social Captain – or indeed any online service – stores login credentials in plain text is of great concern. In this particular case it’s even scarier to think that someone else could view these credentials without even having to log in to the Social Captain site. Anyone who has signed up to Social Captain should change their.....Read More
While it’s understandable that people might want to boost their Instagram following, this shouldn’t be at the expense of their online security. The fact Social Captain – or indeed any online service – stores login credentials in plain text is of great concern. In this particular case it’s even scarier to think that someone else could view these credentials without even having to log in to the Social Captain site. Anyone who has signed up to Social Captain should change their Instagram passwords.  Read Less
January 08, 2020

Response Comment: Travelex Foreign Currency Website STILL Down After 4 Days Following Cyber Attack
The ongoing impact of this security breach serves as a stark reminder for businesses.
The ongoing impact of this security breach serves as a stark reminder for businesses to adopt and maintain robust cybersecurity policies and procedures – given that sustained attacks of this nature seriously drain a company’s resources and profits, and the amount of work involved to get a company back up and running. Even if a company on the receiving end of a ransomware attack declines to pay a ransom, cleaning up its systems, restoring data and ensuring business continuity is an involved.....Read More
The ongoing impact of this security breach serves as a stark reminder for businesses to adopt and maintain robust cybersecurity policies and procedures – given that sustained attacks of this nature seriously drain a company’s resources and profits, and the amount of work involved to get a company back up and running. Even if a company on the receiving end of a ransomware attack declines to pay a ransom, cleaning up its systems, restoring data and ensuring business continuity is an involved and costly process. This development also poses the question: should companies ever pay a ransom to cybercriminals? Whilst the decision to pay to restore valuable data is entirely a decision for the victim, it is important to remember the following: you can never entirely trust cybercriminals to keep their end of the deal, and in paying large sums to them, you are helping to fund cybercrime and making ransomware a more lucrative business in the future.  Read Less
November 08, 2019

Experts Comments On Billabong And Quiksilver Hit By Cyber Attack
Businesses should take a step back and re-evaluate their IT security strategy.
Cyber-attacks, of the sort impacting Billabong and Quiksilver, should seriously worry all retailers, especially as they ramp up for this year’s busiest shopping season – an attack of this proportion has the potential to cripple a business. With the sheer volume of shoppers turning to online retailers around Black Friday and Christmas, retailers need to be on red alert. This is effectively hunting season for cybercriminals now, and they are on the prowl for unprotected systems – to steal.....Read More
Cyber-attacks, of the sort impacting Billabong and Quiksilver, should seriously worry all retailers, especially as they ramp up for this year’s busiest shopping season – an attack of this proportion has the potential to cripple a business. With the sheer volume of shoppers turning to online retailers around Black Friday and Christmas, retailers need to be on red alert. This is effectively hunting season for cybercriminals now, and they are on the prowl for unprotected systems – to steal business or consumer data or to prevent a company’s normal operations. It is absolutely crucial that businesses ensure their cybersecurity measures are as stringent as they can be, and that their customers are as protected as possible. People need to be reassured that their data and personal information is safe, or they will be less inclined to shop online. Businesses should take a step back and re-evaluate their IT security strategy and insure there is a full lifecycle security plan in place, entailing: education for employees, the best defences to protect against attacks, and the most reliable tools for zero-day detection.  Read Less
October 13, 2019

Dutch Website Hack Reveals Data Of 250000 Sex Workers’ Clients
Websites like Hookers.nl hold an awful lot of valuable data – and there could have serious consequences if information leaked.
If people want to use legal services of this nature, they have the right to do so, and they have the right to rest assured their data is stored safely. The personal nature of this website means the people using it would not want their information public, so this data Is especially sensitive and could lead victims of the breach open to extortion and blackmail. Two years ago there was a similar breach with the website Ashley Madison whereof the advertised 37 million members, only about 12,000.....Read More
If people want to use legal services of this nature, they have the right to do so, and they have the right to rest assured their data is stored safely. The personal nature of this website means the people using it would not want their information public, so this data Is especially sensitive and could lead victims of the breach open to extortion and blackmail. Two years ago there was a similar breach with the website Ashley Madison whereof the advertised 37 million members, only about 12,000 active accounts belonged to real women. Websites like Hookers.nl hold an awful lot of valuable data – and there could have serious consequences if this information is managed or stored incorrectly. The website operators of Hookers.nl had a responsibility to protect customer data, and they fell short of this. We would advise consumers to carefully review their security and privacy settings, and exercise their own vigilance to help protect themselves.  Read Less