expert-profile | Information Security Buzz

David Emm

Principal Security Researcher feature_status*/ ?>

Kaspersky

Comments Dotted : 15

April 12, 2021

Expert On Study That Brits Using Pets’ Names As Online Passwords

Our passwords are the gateway to a plethora of valuable personal data that should never be openly shared.

Our passwords are the gateway to a plethora of valuable personal data that should never be openly shared. This is why we urge everyone to be extremely careful of the login credentials they set; using weak or obvious passwords such as pet or family names is as good as shouting your secure information to a passerby. Whilst seeing that 40% of respondents said they had never used an easily guessed item as a part of a password is encouraging, there is clearly work and education to be done for many. Often consumers are complacent to attacks if they do not think they are at risk, but it’s important not to take chances with weak passwords, and choose secure ones made up of random words. More importantly, you should never reuse them. While convenient and more easy to remember, just as you wouldn’t use one lock and key for every possession of value, you shouldn’t do it online. Implementing a password manager can help people create complex passwords. In addition, consumers should also consider using two-factor authentication where available, as it adds an essential layer of security.

Read Less

February 15, 2021

My Phone Is Listening To Me, Say 60% Of People – Expert Reaction

Remember, a popular app with an unremarkable privacy policy can compromise your sensitive data.

The findings reported by the Commission for Communications Regulation on digital services and online safety paint an interesting picture of public awareness around digital security in today’s interconnected world. On the one-hand, the majority of people expressed concern about security of their personal data, specifically related to private conversations, yet on the other side almost a quarter of people were willing to trade their data for free services.

To me, this says we’re in a major

To me, this says we’re in a major transitional period regarding the way that the average person considers and trades their personal data. We subscribe to services that collect our data, process it and sell it, giving us something like a social network platform or movies on demand in exchange. Most of the time we don’t even read those terms of agreement and jump right into sharing our private data with everyone.

The most important thing to understand is: your data costs as much as you value it. So make sure your privacy isn't the price you pay later for giving it away now. Remember, a popular app with an unremarkable privacy policy can compromise your sensitive data.

Read Less

February 03, 2021

Expert Insight On Babuk Ransomware Attack

Ensure that staff understand the tricks cybercriminals use and know what they can do to avoid falling victim to them.

Babuk is fairly new ransomware, and whilst reports have suggested that the coding of the malware isn’t very sophisticated, the way the encryption is implemented means that victims can’t decrypt files for themselves. It’s also unclear what the attack vector is in this case, although such attacks typically employ social engineering – i.e. tricking staff into doing something that compromises security, such as clicking on an attachment or link in a message. This is why developing an

Read Less

December 11, 2020

Expert Insight On QR Scanners Can Help Consumers Escape Device Intrusion

We want to encourage everyone to be cyber safe when they’re out and about this festive season.

Quick Response (QR) codes have fast become a feature in everyday life across the UK, not least as a result of track and trace system requirements in shops, restaurants, and businesses. They make information easy to access and provide quick, contactless check-in procedures, but with that simplicity comes a certain risk. One of the dangers of QR codes is that people can’t read or understand the information on the image without scanning it, which could expose their device to malicious files or materials. Criminals can place their own tainted QR codes over legitimate ones on public signage or tables in restaurants, for example, which when scanned could take users to phishing websites, illicit materials, or even redirect you to a URL with a malicious file (APK or JAR). A tainted QR code might ask a user to download a malicious app containing malware, which could then steal personal information like address and credit card details, turn on location tracking, send messages to premium numbers or even steal social media log-ins. We want to encourage everyone to be cyber safe when they’re out and about this festive season and one of the ways to do that is to use a reputable QR scanner, like the Kaspersky QR Scanner, to check a code without the potential dangers of device intrusion. If a code on a poster or in a restaurant looks tampered with, then you can always ask the establishment that you’re in to advise, but the best way to stay safe is by having appropriate security software downloaded onto your device already. Of course, we encourage everyone to be responsive to government guidelines on track and trace, but it’s also important to keep in mind procedures to keep your information and devices safe too,” says David Emm, Principal Security Researcher at Kaspersky. Read Less

November 25, 2020

11 Smart Video Doorbells Could Let Hackers Into Your Home

It is vital that consumers be made aware of these vulnerabilities and take all necessary precautions to keep themselves and their homes safe.

The ongoing development of smart doorbells has introduced a new wave of cybersecurity risks. With research today showing flaws in the common models that people are purchasing and installing in their homes, namely around weak password policies and lack of data encryption, these seemingly harmless devices could become literal keys to peoples’ lives. If hacked, the doorbells could give criminals access to entire home networks and other smart devices, which hold huge swathes of potentially sensitive information. Or more simply, the criminals could seize control and switch off the device, which could leave houses vulnerable to intruders. Pending the UK government’s proposed legislation on the security of connected devices, device manufacturers should protect their customers by adhering to the UK government’s code of practice for IoT security. As we enter the biggest buying season of the year, these smart devices will undoubtedly be a popular gift for many. It is therefore vital that consumers be made aware of these vulnerabilities and take all necessary precautions to keep themselves and their homes safe. Read Less

September 30, 2020

Expert Comment: Palm Scanner Launched For ‘Secure Payments’

The key lies in how the data is being encrypted and stored.

The new Amazon One payment sounds very convenient: you just hold your palm above the reader and it charges your card automatically – no swiping, no PIN, nothing. But to do this, they’re taking biometric data - in this case, a palm - and storing it in the cloud correlated with payment data. Amazon says the data will be encrypted. If we want to bring on the future securely, we must ensure it’s well encrypted, because Amazon One combines identification, authentication and authorisation into a single point. If someone were to steal and decrypt the data from the cloud they could potentially spoof someone's identity and spend their money. The key lies in how the data is being encrypted and stored. Where identification and authentication are separate, for example where a biometric is used to identify you and a PIN is used to verify that identity, anyone stealing the biometric data wouldn't have a complete set of information or enough to steal people's money. But in the case of Amazon One, they would have everything they need. Much safer to keep the two thing separate - biometric data to identify you and something else (such as a PIN) for authentication. Read Less

September 04, 2020

Businesses increasingly at risk from cyber attack due to home working

It is more important than ever to protect work devices that are no longer connected to a secure company network

Remote working has presented increased cybersecurity risks for businesses. With more of us working from home due to the pandemic – perhaps for the foreseeable future – it is more important than ever to protect work devices that are no longer connected to a secure company network. Research conducted by Kaspersky shows that nearly a quarter (23%) of desktops and 17% of laptops supplied by UK employers lack security software – leaving those devices potentially vulnerable to cyberthreats. It’s important that all businesses pre-install staff computers and devices with security software to ensure they are protected at all times, to minimise the risk of attack. Staff should also know how to install or check the status of antivirus software while working on personal, or company devices from home, to secure corporate information and networks. Read Less

April 30, 2020

Security Implications Of Covid-19 Contact-tracing Mobile Apps – Experts Commentary

Privacy concerns are critical to an app’s success and in this instance, the data should be handled in a balanced way.

New forms of technology, such as the NHS contact tracking app, are currently being implemented in order to help manage the country’s response to the pandemic and to help save lives. With the prospect of the government using the app to collect sensitive health data about the population on a mass scale, it’s of vital importance that this information is managed correctly, and is properly secured and encrypted to keep it safe. A key concern regarding the NHS contact tracking app is that the government has chosen not to follow the decentralised model that looks set to be adopted in many countries; and instead opt for a centralised approach that includes real-time location tracking. However, it’s important that a significant portion of the population installs and uses the app as concerns about privacy might put people off. Privacy concerns are critical to an app’s success and in this instance, the data should be handled in a balanced way that manages both the safety and privacy concerns of citizens. Read Less

February 24, 2020

Expert Analsysis Of US Defense Agency Says Personal Data ‘Compromised’ In 2019 Data Breach

A third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment.

The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent cyber-attacks, which includes taking steps such as educating employees about risks, using password managers, installing security software, and regularly updating systems. This can put businesses on the path to fully protecting themselves against cyber-threats. Read Less

February 03, 2020

Social Captain Instagram Account Exposed And Experts Reactions

The fact Social Captain – or indeed any online service – stores login credentials in plain text is of great concern.

While it’s understandable that people might want to boost their Instagram following, this shouldn’t be at the expense of their online security. The fact Social Captain – or indeed any online service – stores login credentials in plain text is of great concern. In this particular case it’s even scarier to think that someone else could view these credentials without even having to log in to the Social Captain site. Anyone who has signed up to Social Captain should change their.....Read More