In the past couple of years, while we have seen a rise in businesses adopting new cyber-security policies, such measures have not been able to curb the rise of malicious malware and cyber-weapons used against healthcare.
Former England international footballer Sol Campbell has hosted a defensive masterclass for small businesses to help them protect themselves against cybercrime. Research by Barclays has found, on average, London businesses have lost over £50,000 each as a result of cybercrime. It also found more than half of London businesses have been targeted by a scam or fraudulent activity, and 24% have had to make staff redundant in order to recoup the money lost.
New research by data security company, Clearswift, has shown that 45% of employees have mistakenly shared emails containing key data with unintended recipients, including personal information (15%), bank details (9%), attachments (13%) and other confidential text (8%).
By Trevor Dolan, Segment Director at Kollective
It’s a great time to work in IT. In 2018, the role of IT is now seen as a key business function rather than a cost cutting one. IT is helping businesses progress in the current digital climate, managing processes so employees can be more productive, and helping innovation thrive. While IT may be at the forefront of all of these processes, one area where it is still falling behind is in the speed at which IT teams can download, test and install software upgrades.
There is an urgent need to find the people that will protect and safeguard businesses, people and their data. In response, a number of banks and financial institutions are investing in their cyber security, particularly personnel. Today, Cyber Security Challenge UK, a non-profit organisation dedicated to inspiring and enabling people to seek careers in the cyber security industry has partnered with the prestigious Bank of England for the launch of its first Face-to-Face cyber security competition of 2018. The competition will test 30 of the brightest untapped talents in the UK to identify the next-generation of cyber security experts.
As I am attending the Cyber Security Event (http://www.cybersecuritysummit.com.br/) running in Sao Paulo Brazil in July 2018 with a presentation entitled ‘Dark Matter’, given the number of recent insecurity debacles which have occurred in the Financial Sector, from Experian to Equifax, from RBS to TSB, and of course not forgetting the high-impact outages which implicated the Bank of England’s (BoE) Chaps Infrastructure in 2017, halting the transactional processing of part of the £277bn which passes through the wired tentacles of the system each day, when it went down for around 10 hours during peak trading hours:
News broke this week that criminals are attempting to trick Airbnb users into handing over passwords and credit card details by taking advantage of the flood of emails being sent out ahead of the new European General Data Protection Regulation. The email included the following message:
When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I quickly found out there’s a reason why many TV shows and events will start out with the message “don’t try this at home.” I ended up in the emergency room with a fractured left arm.
It’s a (new) weekly update! Lights are in, things are much brighter and… I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone’s input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that’s what people are ultimately listening to so that’s a fantastic start. You’ll notice I’ve also changed the video thumbnail and removed the text in the opening frames, I hope that’s an improvement. (Oh yeah – and there’s a 4 min blank spot at the end due to a rogue element in the Premiere project I didn’t clean up – sorry!)
Twitter has warned its 330 million users to immediately change their passwords, as a result of a bug that caused passwords to be logged in plaintext before being hashed. Although Twitter says passwords are stored using the bcrypt hashing algorithm, it seems they were inadvertently placed in an internal log before being hashed.
Reading Time: ~2 min.
The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
—–BEGIN PGP SIGNED MESSAGE—–
Ultimately, the FTC is alleging Ohev-Zion and BLU violated the FTC Act’s section pertaining to “deceptive representation regarding disclosure of personal information.” The proposed settlement will be made final after a 30-day public comment period. In its proposed complaint, the FTC said Florida-based BLU contracted with Adups to issue security and operating system updates to millions of phones sold by the firm through Amazon, Best Buy and Walmart. In addition to allegedly failing to protect consumer privacy, the FTC asserts that BLU failed “to adequately assess the privacy and security risks of third-party software installed on BLU devices” resulting in “common security vulnerabilities that could enable attackers to gain full access to the devices.”
Twitter just asked all 300+ million users to reset their passwords, citing the exposure of user passwords via a bug that stored passwords in plain text — without protecting them with any sort of encryption technology that would mask a Twitter user’s true password. The social media giant says it has fixed the bug and that so far its investigation hasn’t turned up any signs of a breach or that anyone misused the information. But if you have a Twitter account, please change your account password now.
In today’s technologically driven society, more and more criminals have turned to cyber crime as a means to steal information and intrude on other people’s privacy. These cyber criminals are often thought of as being computer masterminds who know all kinds of backdoors and secret channels to steal information and to get into secure systems. While this may be true for some, others have turned to social engineering techniques to accomplish the same goal.
Microsoft has released debugging symbols for many of the core components of Hyper-V. Using these debugging symbols, security researchers can analyze them for vulnerabilities in order to submit them to the Hyper-V bug bounty program.
Twitter is ringing in World Password Day by notifying its users, all 330 million of them, that their login credentials were left unencrypted in an internal log file and should be changed.
An anonymous report claims that a ton of your company’s customer data has been exposed. A sense of calm is in the air as you enact your vulnerability disclosure policy. You save the day, get a promotion and rainbows and unicorns fill the sky. Then you wake up!! You don’t have a vulnerability disclosure policy. Panic quickly washes away the sounds of harps.
The State Department will double the cyber defense aid it pledged to Ukraine last year to $10 million in an effort to bolster the security of an ally in the crosshairs of alleged Russian hackers, according to department spokesperson.
Yes, it’s that time again — password changing time. On Thursday, Twitter revealed that a bug caused the platform to store user passwords in unmasked form. Normally, sensitive personal data like passwords would be stored in hashed form using a mix of letters and numbers to protect the content of the password itself. In this instance, it sounds like Twitter stored plain text passwords openly without any hashing on an internal log.