• About Us
Friday, 6 December, 2019
IT Security Guru
Advertisement
  • Latest News
  • About Us
  • Topics
    • Cloud Security
    • Compliance News
    • Contactless News
    • Breaking Cyber News
    • Data Protection
    • DDoS News
    • Featured
    • Guru Picks
    • Hacking News
    • Malware News
    • Mobile Security
    • Network Security
    • News
      • Editor’s News
      • Top 10 Stories
      • This Week’s Gurus
      • Opinions & Analysis
    • Security News
    • Threat Detection
  • Product Reviews
No Result
View All Result
  • Latest News
  • About Us
  • Topics
    • Cloud Security
    • Compliance News
    • Contactless News
    • Breaking Cyber News
    • Data Protection
    • DDoS News
    • Featured
    • Guru Picks
    • Hacking News
    • Malware News
    • Mobile Security
    • Network Security
    • News
      • Editor’s News
      • Top 10 Stories
      • This Week’s Gurus
      • Opinions & Analysis
    • Security News
    • Threat Detection
  • Product Reviews
No Result
View All Result
IT Security Guru
No Result
View All Result

“Reddit of Latin America” suffers data breach: The cybersecurity industry reacts

by The Gurus
September 8, 2017
in Editor's News

Despite most of the population lazily clinging onto the remnants of summer, in the world of data breaches it was as busy as ever. In the firing line this week was the “Reddit of Latin America” Taringa, who were pwned in spectacular fashion, allowing nearly all of their 28 million users to have their login credentials compromised.
 
Social media attacks can be potentially devastating for the victims. As so much of someone’s everyday life is present across social media channels, cybercriminals will not be privy to a wealth of information that can in turn be used to leverage even more sensitive information. If their login details fall into the wrong hands, spear phishing emails, targeted specifically to them could be in their inboxes before you can say ‘malware’.
 
As always, those within the cybersecurity industry did not hold back when asked for their opinions on the latest privacy fiasco. A few experts from the world of cyber gave their opinions to the IT Security Guru below:
 
Tim Woods, VP Technology Alliances at FireMon
 
“This latest breach underscores the need for greater security visibility and real-time monitoring of our security controls across the enterprise.  While this may seem trite and obvious, corporations continue to try and manage their security infrastructure with limited resources and limited management effectiveness.   I speak with top rated security professionals routinely that tell me; It’s not that I don’t know what to do, it’s having the time and tools and to it.”  Most organization are cognizant of their security weaknesses, but shifting business priorities have delayed or redirected additional security spending.  However, it’s not new technology investment that’s needed but rather adequately managing what they have presently deployed.   Security management solutions on the market today have significantly matured over the last five years and represent a very economical way to increase resource efficiency and effectiveness of existing deployed technology significantly.    Holistic security visibility and real-time policy data analysis is not out of reach, and I would encourage anyone who has experienced a breach or is looking to “up” their security game, to explore this valuable security area.”
 
Andrew Clarke, EMEA Director at One Identity
 
“The reported breach at Taringa highlights some fundamental issues.  The fact that an administrative file holding passwords was accessible demonstrates little or no control over privileged accounts.   Then the passwords were easily cracked since the company used a weak MD5 (128-bit) algorithm rather than SHA-256.   And the user passwords were not enforced by a strategic password policy since when revealed the passwords used by the users were fundamentally weak – the most popular password used being 123456789 followed by 123456.   Taringa was quick to realise mistakes and forced a global reset on users and updated to SHA-256 but that incident does point out that users also need to take steps to protect themselves.
 
A Taringa password change is the first priority – but also change any passwords on other personal accounts that use the same password.  Other recent attacks on organisations have pin-pointed password re-use as a major factor in their downfall.   And when a new password is selected even though the web-site allows a weak password to be chosen – always make it 12+ characters; and a mix of upper/lower case alphabetic plus numbers and special characters.   Use of a password manager can help select and recall these passwords.   And of course don’t reuse passwords across multiple sites.”
 
Giovanni Vigna, CTO and co-founder at Lastline
 
“Stealing social networks credentials is an effective way to access personal data, exploit the trust between users to spread malware, and also expand the criminals’ foothold in the case the credential are re-used across services. The impact of this type of attack that would sensibly reduce if 2-factor authentication would be ubiquitous.”
 
So there you have it; Protect your privileged accounts, use two-factor authentication and use real-time monitoring of security controls and you’ll be protected from the devastating consequences of a breach…right?

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
Previous Post

Mobile & single sign-on access pose biggest risk to future ID verification and fraud prevention

Next Post

Equifax hit by critical breach leaving 143m affected - Cyber experts give insight

Leave a Reply

avatar
500
This comment form is under antispam protection
avatar
500
This comment form is under antispam protection
  Subscribe  
Notify of
IT Security Guru

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

wpDiscuz

This site uses functional cookies and external scripts to improve your experience.

More information
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept