Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Top Posts
Experts On Google Voice Outage
Preparing For Tomorrow – Why Weathering The Initial...
The Cybersecurity Disconnect: Remote Working Highlights The Need...
Expert Reaction On GCHQ To Use AI In...
Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford...
Expert Reaction On Private Data Leaked From Far-right...
LogMein And IDG Study Reveals Half Of Organisations...
For FIPS Sake – Smashing The iStorage DiskAshur...
Five Solutions To The Information Security Skills Crisis
Hackers Break Into ‘Biochemical Systems’ At Oxford Uni...
Information Security Buzz
Connecting Security Experts
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Expert(s): November 30, 2020
Stephen Kapp
CTO and Founderfeature_status*/ ?>
Cortex Insight

Comments Dotted : 9
February 25, 2021

Comment: Aircraft Manufacturers Bombardier Hit By Ransom Attack

The attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company.

Bombardier looks to be the latest victim to be hit following the discovery of vulnerabilities in Accellion FTA software. Rather than exposing customer information, the attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company. It is positive to see that Bombardier has come clean on the breach and the more the company communicates information to its shareholders, the better. The attack is another lesson on the dangers of not running security

.....Read More

Bombardier looks to be the latest victim to be hit following the discovery of vulnerabilities in Accellion FTA software. Rather than exposing customer information, the attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company. It is positive to see that Bombardier has come clean on the breach and the more the company communicates information to its shareholders, the better. The attack is another lesson on the dangers of not running security scans on all assets used to share confidential information. Companies should be scanning for vulnerabilities across their entire IT estate as this will help minimise these types of attacks happening in the future.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-aircraft-manufacturers-bombardier-hit-by-ransom-attack

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-aircraft-manufacturers-bombardier-hit-by-ransom-attack

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 24, 2021

Parents Alerted To Nurserycam Security Breach – Experts Comments

Organisations would be well-advised to embrace secure-by-design practices to avoid similar incidents.

This case highlights the importance of proper procedures in design and implementation, particularly for a sensitive product/solution aimed at monitoring children. The current actions of the vendor are right in taking down the service until a solution can be implemented. Organisations would be well-advised to embrace secure-by-design practices to avoid similar incidents. They should also work closely with security professionals to identify issues sooner rather than later.

Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organisations would be well-advised to embrace secure-by-design practices to avoid similar incidents...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/parents-alerted-to-nurserycam-security-breach-experts-comments

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organisations would be well-advised to embrace secure-by-design practices to avoid similar incidents...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/parents-alerted-to-nurserycam-security-breach-experts-comments

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 17, 2021

Cybersecurity Expert Commentary: Hacker Claims To Have Stolen Files Belonging To Law Firm Jones Day

In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments.

This second breach of a customer of Accellion highlights the importance of ensuring that services used by an organisation are properly secured and that vendor security is taken seriously, as when you use their services you are still responsible for the data they handle for you. In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments of your organisation. When doing this make sure that contracts with vendors allow for

.....Read More

This second breach of a customer of Accellion highlights the importance of ensuring that services used by an organisation are properly secured and that vendor security is taken seriously, as when you use their services you are still responsible for the data they handle for you. In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments of your organisation. When doing this make sure that contracts with vendors allow for this and also stipulate to the vendor their security obligations and your security requirements. Vendors should always be considering security in their offerings themselves. They should also take seriously good security practices when developing their services- performing security assessments, and implementing any identified remedial actions, as well as those reported to them from their customers.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-expert-commentary-hacker-claims-to-have-stolen-files-belonging-to-law-firm-jones-day

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-expert-commentary-hacker-claims-to-have-stolen-files-belonging-to-law-firm-jones-day

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 15, 2021

Experts On 223 Vulnerabilities Used In Recent Ransomware Attacks

Ransomware, just like all the various flavours of malware before it are here to stay.

Ransomware, just like all the various flavours of malware before it are here to stay. The motivations of the authors of malware have changed over the years, and as a result the methods they employ have changed too. The good thing this report is highlighting is how important it is to ensure every security patch is implemented and that it is implemented quickly. Some of the reports oldest highlighted vulnerabilities were not in Operating Systems but third party applications such as JBoss AS and a

.....Read More

Ransomware, just like all the various flavours of malware before it are here to stay. The motivations of the authors of malware have changed over the years, and as a result the methods they employ have changed too. The good thing this report is highlighting is how important it is to ensure every security patch is implemented and that it is implemented quickly. Some of the reports oldest highlighted vulnerabilities were not in Operating Systems but third party applications such as JBoss AS and a driver SYS file included within DVD and CD Cloning software. As Operating System patches are fixed quickly these ransomware authors will target whatever vulnerabilities they can leverage to get them in the position they need, developing reliable exploits for vulnerabilities that had none published or simple Proof of Concept exploits. The more time passes by on these older vulnerabilities, the more likely someone will develop a usable exploit to be used in ransomware. There is a huge backlog of potential security vulnerabilities, it just needs one to be left unpatched for you to become the victim of an attacker with the motivation to use it. So, it is ever more important to ensure that all security updates for all your software are applied as soon as possible, that includes your operating system, as well as first and third party applications. Plus, this doesn’t just affect Windows, but Linux and macOS users too.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Ransomware, just like all the various flavours of malware before it are here to stay...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-223-vulnerabilities-used-in-recent-ransomware-attacks

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Ransomware, just like all the various flavours of malware before it are here to stay...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-223-vulnerabilities-used-in-recent-ransomware-attacks

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 11, 2021

Old Security Vulnerability Left Millions Of Internet Of Things Devices Vulnerable To Attacks

The affected platforms could be in the thousands of devices and as an end-user.

As many IoT devices are essentially blackboxes of components used to do a specific single job, they use specialist embedded System-on-Chips (SoC) which have small amounts of storage. Therefore, it is understandable that so many have implemented barebones TCP/IP stacks that have re-introduced old security vulnerabilities, as these are devices that often have to work with limited resources and sometimes in real-time with limited CPU processing power.

 

So choices were made, however, the

.....Read More

As many IoT devices are essentially blackboxes of components used to do a specific single job, they use specialist embedded System-on-Chips (SoC) which have small amounts of storage. Therefore, it is understandable that so many have implemented barebones TCP/IP stacks that have re-introduced old security vulnerabilities, as these are devices that often have to work with limited resources and sometimes in real-time with limited CPU processing power.

 

So choices were made, however, the risk/threat assessment was geared towards a different set of goals. As a result, it is good practice to treat IoT devices as insecure and vulnerable to attack by default and to build controls around them to minimize risk. The affected platforms could be in the thousands of devices and as an end-user, it can be next to impossible to know whether you need to update the device. This pushes the responsibility to the device vendor using the vulnerable TCP/IP stacks to produce an update which installs the updated firmware that uses an updated stack to any affected devices, and ultimately ensure the device in question has the ability to accept a firmware update via some form of update mechanism.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The affected platforms could be in the thousands of devices and as an end-user...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/old-security-vulnerability-left-millions-of-internet-of-things-devices-vulnerable-to-attacks

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The affected platforms could be in the thousands of devices and as an end-user...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/old-security-vulnerability-left-millions-of-internet-of-things-devices-vulnerable-to-attacks

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 05, 2021

Expert Insight On Critical Bugs Found In Realtek Wi-Fi Module For

Vulnerabilities in embedded devices are problematic due to their potential for being invasive in environments.

Vulnerabilities in embedded devices are problematic due to their potential for being invasive in environments and having little functionality for end-users to manage coordinated updates, as many devices are ‘blackboxes’ of components pulled together to perform a single job. Depending on the device function there could be hundreds of devices, if not more, running vulnerable hardware modules. As a result, it is good practice to treat IoT devices as insecure by default and build controls

.....Read More

Vulnerabilities in embedded devices are problematic due to their potential for being invasive in environments and having little functionality for end-users to manage coordinated updates, as many devices are ‘blackboxes’ of components pulled together to perform a single job. Depending on the device function there could be hundreds of devices, if not more, running vulnerable hardware modules. As a result, it is good practice to treat IoT devices as insecure by default and build controls around them to minimise risk.  In this case, for example, it is difficult to know what devices have the vulnerable Realtek WiFi module within them. Consequently, it can be impossible for end-users to know if they need to update their device. This pushes the responsibility to the device vendor using the Realtek module to produce an update that installs the updated module firmware to any affected devices and ultimately ensure the device in question can accept a firmware update via some form of update mechanism. It looks like the most serious of the vulnerabilities released in the Realtek 8195A module do not require knowledge of the WiFi password to exploit and thus use affected devices to gain access to networks containing the device. Therefore, if possible, it is recommended to install any available firmware updates and ensure network-level controls are in place to minimise the risk of the device being used as a stepping-stone into a wider environment.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Vulnerabilities in embedded devices are problematic due to their potential for being invasive in environments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-critical-bugs-found-in-realtek-wi-fi-module-for

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Vulnerabilities in embedded devices are problematic due to their potential for being invasive in environments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-critical-bugs-found-in-realtek-wi-fi-module-for

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 03, 2021

What Expert Says On VMWare ESXi Vulnerability To Encrypt Virtual Hard Disks

A significant level of effort is put into updating and patching your normal Desktop.

The targeting of enterprise infrastructure by ransomware is a good example of why it is important to carry out updates and patching for all elements within the enterprise. A significant level of effort is put into updating and patching your normal Desktop and Server operating systems, but the underlying systems for virtualisation that support these are often overlooked.

Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A significant level of effort is put into updating and patching your normal Desktop...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-vmware-esxi-vulnerability-to-encrypt-virtual-hard-disks

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A significant level of effort is put into updating and patching your normal Desktop...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-vmware-esxi-vulnerability-to-encrypt-virtual-hard-disks

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 03, 2021

Experts Reaction On Hackers Steal Foxtons Customer Data

It is safe to assume the worst and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach.

It is safe to assume the worst and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach. With both personal information and payment card information lost, Foxtons customers should take some time to validate payments and potential credit history interactions since October and flag anything suspicious to their bank. Even though a subset of the entire customer data has been leaked with the attackers claiming they have the entire data and

.....Read More

It is safe to assume the worst and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach. With both personal information and payment card information lost, Foxtons customers should take some time to validate payments and potential credit history interactions since October and flag anything suspicious to their bank. Even though a subset of the entire customer data has been leaked with the attackers claiming they have the entire data and they have released only 1% publicly, it doesn’t mean it hasn’t be shared and exploited privately.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It is safe to assume the worst and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-hackers-steal-foxtons-customer-data

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It is safe to assume the worst and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-hackers-steal-foxtons-customer-data

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
January 22, 2021

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

Pixlr should look to improve its internal processes by holding user information.

The breach against Pixlr shows how cybercriminals are actively targeting organisations to monetise on data.

 

To help limit the damage, Pixlr should look to improve its internal processes by holding user information within application databases or a dedicated SSO systems, such as those offered by AWS. This would allow for dedicated password hashing that includes a Salt Work Factor to help mitigate against brut force attacks.

 

Any users of Pixlr who may have been affected by the breach are

.....Read More

The breach against Pixlr shows how cybercriminals are actively targeting organisations to monetise on data.

 

To help limit the damage, Pixlr should look to improve its internal processes by holding user information within application databases or a dedicated SSO systems, such as those offered by AWS. This would allow for dedicated password hashing that includes a Salt Work Factor to help mitigate against brut force attacks.

 

Any users of Pixlr who may have been affected by the breach are advised to update their passwords for the site and any others that use the same password. Going forward they should ensure that all current and new accounts have unique passwords which can be managed using a password manager to keep them secure.

  Read Less
Like(0)  (0)

Linkedin Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Pixlr should look to improve its internal processes by holding user information...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-hacker-posts-1-9-million-pixlr-user-records-for-free-on-forum

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Stephen Kapp, CTO and Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Pixlr should look to improve its internal processes by holding user information...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-hacker-posts-1-9-million-pixlr-user-records-for-free-on-forum

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Adam Enterkin, SVP, EMEA, BlackBerry

"Even the best cybersecurity teams have had major challenges this last year. "

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Jamie Akhtar, CEO and Co-founder, CyberSmart

"Universities are home to some of the world’s most cutting-edge research. "

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab Studying Covid-19

Jake Moore, Cybersecurity Specialist, ESET

"Honourable criminal hacking is still illegal and comes with some of the same intentions of standard unethical hacking. "

Expert Reaction On Private Data Leaked From Far-right Platform Gab

Dan Panesar, Director UK & Ireland, Securonix Inc.

"Even unsophisticated attacks can cripple digital engagement efforts. "

NPower Shutsdown App After Hackers Steal Customer Bank Info

Sam Curry, Chief Security Officer, Cybereason

"Oxford's researchers have likely spent months working on, they will see a big payday. "

Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab Studying Covid-19

Adam Palmer, Chief Cybersecurity Strategist , Tenable

"The attack against the Npower app is just the most recent example of cybercriminals. "

NPower Shutsdown App After Hackers Steal Customer Bank Info

John Vestberg, President and CEO, Clavister

"In the new era of remote working, security needs to span on premise and the cloud. "

NPower Shutsdown App After Hackers Steal Customer Bank Info

Martin Jartelius, CSO , Outpost24

"Password managers are helpful but two-factor authentication should ideally be something most sites offer today. "

NPower Shutsdown App After Hackers Steal Customer Bank Info

James McQuiggan, Security Awareness Advocate, KnowBe4

"Organizations want to implement a robust security culture to inform users of the importance of unique passwords. "

NPower Shutsdown App After Hackers Steal Customer Bank Info

Brad Ree, CTO, ioXt Alliance

"The Clubhouse data breach has once again brought mobile app security vulnerabilities into the spotlight. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Saryu Nayyar, CEO, Gurucul

"Employee's email account being breached and the attacker failing in their scam. "

Sequoia Capital Discloses Data Breach – Expert Insights

Satnam Narang, Senior Research Engineer, Tenable

"There are confirmed reports that attackers are probing for vulnerable vCenter Server systems. "

VMware Advisory – Expert Comment

Niamh Muldoon, Senior Director of Trust and Security EMEA, OneLogin

"Always remember that your employees are your most valuable asset. "

Federal Reserve Nationwide Outage Impacts US Banking System

Steve Forbes, Government Cyber Security Expert, Nominet States

"CNI, government and the cyber industry should collaborate with a clear focus on large scale interventions. "

Expert Reaction On New CNI UK Cyber Report

Sam Curry, Chief Security Officer, Cybereason

"Good for Accellion for urging its customers to migrate away from the vulnerable FTA web server. "

Comment: Aircraft Manufacturers Bombardier Hit By Ransom Attack

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

ISB CONFERENCE

ISB Conference 2021

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel