Enhancing security in emerging smart critical infrastructures will be a key focus areas for the European Union Agency for Network and Information Security in 2016.
The post ENISA to invest in emerging smart critical infrastructure security appeared first on We Live Security.
When it comes to protecting the private information housed within your company’s network, it’s been proved time and again that no business can afford to overlook the damage that a cyberattack can do. It’s also worth bearing in mind that an attack can originate from anywhere and, sometimes, the culprit can be a surprising one.
Following the news that British phone and broadband provider TalkTalk had suffered a “significant and sustained cyberattack”, it has since been revealed that a 15-year-old boy has been arrested in Northern Ireland in relation to attack.
The cybercrime, which took place last week, has led to the possible compromising of information relating to more than four million customers. The information includes bank account details and sort code numbers, which could have potentially devastating economic repercussions for those affected. Following the news of the attack, shares in TalkTalk fell by 12% and some customers reported that money had already gone missing from their accounts. It has since emerged that the company could face claims amounting to millions of pounds from the victims. The fallout from the attack, and the drop in shares, has seen the company lose around £360m since last Thursday.
While the investigation continues into how the attack was carried out, the company first indicated that it suffered a sustained DDoS attack – a distributed denial of service attack where a website is bombarded with waves of traffic. This was accompanied by an SQL injection, which is a technique where hackers gain access to a database by entering instructions in a web form. This type of attack is very easy to protect against and some industry experts expressed their surprise at an attack of this form being successful considering the advancements of IT security solutions.
This isn’t the first time that TalkTalk has been the target of cybercrime. In less than one year the company has suffered three security breaches and Dido Harding, TalkTalk’s CEO, stated that she believes all firms are at risk of cybercrime, in what is becoming the “crime of our era”.
“This is happening to a huge number of organizations all the time. The awful truth is that every company, every organization in the UK needs to spend more money and put more focus on cybersecurity – it’s the crime of our era.”
Investigations are currently being carried out by the Information Commissions Officer (ICO) and the Metropolitan police, as doubts begin to surface over whether the company was properly protected or not. An ICO spokesperson stated that “organizations do need to make sure they have the appropriate level of security in place to protect the customer information they hold. If they don’t, we will act.”
With this in mind, a cyberattack on your company won’t just affect its reputation and standing in the industry. It also has the potential to be financially damaging and can lead to long-term trust issues with customers, so we recommend avoiding these common errors committed by other companies in the fallout of a data breach.
The post Telecoms giant TalkTalk suffers critical data breach appeared first on MediaCenter Panda Security.
The TalkTalk cyberattack has attracted a lot of media attention since it was first reported that a serious incident had taken place. We cut through the noise and offer a concise summary of what has transpired.
The post TalkTalk cyberattack: The story so far appeared first on We Live Security.
Over the last few days, more details pertaining to the recent news that TalkTalk has suffered a data breach have been made public, but there are still many questions about exactly what was taken. In many data breach cases, details are limited by the need for the company and law enforcement agencies to ascertain the extent of the breach and to collect evidence.
With the news that a suspect has been arrested in connection to the cyber attack, I am sure more details will start to become available over the coming days.
So far, it appears the data exposed – some of which may have been encrypted – could include: names, addresses, DoBs, email addresses, phone numbers, TalkTalk account information, bank details and partial credit card details. But what could this mean practically?
Take account information, for example – is a user’s Active Choice information held within their account settings? If so, I wonder how many people would be embarrassed by people discovering they have disabled porn filters on their broadband. With this sort of personal information, could we be looking at ‘Ashley Madison 2.0′?
Looking at recent data breaches, spear phishing is a frequent method of entry – targeting individuals within a company or organization to reveal details allowing hackers access to internal systems.
This means implications for both companies and consumers. Organizations should limit employee access to sensitive information in order to limit the risk of falling victim to attacks like this. Employee education – ensuring workers are aware of the dangers – is also paramount.
My advice to consumers:
The fallout from a Wall Street Journal technology expose that claims Theranos has been less than transparent over its blood tests continues with Walgreens putting its partnership with the company “up for discussion”.
The post Walgreens ‘halts’ Theranos partnership following WSJ technology expose appeared first on We Live Security.
Drones can be used to record incredible scenes for movies, to follow thieves from above, to save lives, or to carry out home deliveries at lightning speed. The great benefit that they provide has no limit and, unfortunately, this also opens the doors to various ways to misuse them for malicious gain.
They have since been used to introduce contraband into prisons, to illegally spy, and according to a group of investigators from the Singapore University of Technology and Design, they could also be used to intercept communications between a computer and a printer from above.
This flying robot could circle above a home or office and end up being more dangerous than you could imagine. If you don’t keep an eye on your security, private documents and files that contain information such as passport numbers and addresses could end up in the hands of criminals.
To demonstrate that this threat is real and exists, the investigators equipped a drone with a smartphone and developed two apps that were designed to intercept the communications of a printer from outside of the building in which it was running.
The first of these apps, Cybersecurity Patrol, detects vulnerable printers – in fact, it can be used to detect security holes and even close them – and the second, which for obvious reasons remains secret, passes itself off as the machine. Basically, it creates a false access point and pretends to be the printer, tricking the computer into sending the files to it.
In principle, all that you need is a smartphone in order to carry out these attacks, but the drone comes into play when it comes to getting the required distance (a radius of 26 meters, at most) to trick the computer. By flying over a building at this distance, a simply drone could give cybercriminals access to your home or office network.
Beyond the drone, the investigators have also shown that it is possible to use an automatic hoover to introduce the mobile device in search of vulnerable printers.
The aim of the team from the Singapore University of Technology and Design is simply to alert businesses to the danger that an apparently inoffensive printer could pose, and that it is relatively easy for a criminal to gain access to information by using rather simple methods.
“The main point [of the research] was to develop a mechanism to try to patrol the perimeter of the organization and find open printers from outside the organization,” state the experts. “It’s dramatically cheaper than a conventional pen test.”
The study was completed as part of a project on cybersecurity that was sponsored by the Singaporean government and focused on printers because, as was agreed by all involved, they are a weak point that is often overlooked in offices. A lot of wireless printers are sold with an open Wi-Fi connection as default, and a lot of the owners later forget to change this setting, leaving them vulnerable to cybercriminals.
The post How a drone can hack into your home’s network just by flying over it appeared first on MediaCenter Panda Security.
A new report finds that in the world of business, it is in fact IT workers who are the riskiest users of technology.
The post IT workers ‘the riskiest users of technology’ appeared first on We Live Security.
TalkTalk’s chief executive has confirmed that she has received a ransom demand from an individual or group claiming responsibility for the cyberattack.
The post TalkTalk ‘receives ransom demand’ for cyberattack appeared first on We Live Security.
It has been revealed that TalkTalk has been subject to a “significant and sustained cyberattack”, with criminals likely to have accessed personal and banking details belonging to its customers.
The post TalkTalk experiences ‘significant and sustained cyberattack’ appeared first on We Live Security.
One of the ways we proactively improve our security is through participation in the AVG bug bounty program on Bugcrowd. We have recently reviewed the rewards offered as part of this program and now offer up to USD$1,000 per bug.
We appreciate and reward the efforts of security researchers who, within the strict terms of the bounty program, are able to responsibly disclose vulnerabilities found in our nominated PC based client side applications.
If you have skills and experience reverse engineering binary code, or you like breaking AntiVirus engines in your spare time, then this could be the stimulating and rewarding challenge you’ve been looking for.
Bugcrowd is a great community of like-minded security geeks who get to pentest, hack and crack great companies like AVG, Fitbit, Dropbox and even Tesla Motors – all in the name of responsible disclosure for rewards and kudos!
So, if you’re a 1337 h4x0r then start finding bugs today by signing up to Bugcrowd as a researcher, and then join the AVG program.
We look forward to seeing what juicy vulnerabilities you’ll uncover, and in return get rewarded for helping us keep over 200 million friends safe and secure.
Get cracking! And until next time, stay safe out there.
