Data Protection

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behaviour, CISA assumes active exploitation of this vulnerability is occurring in the wild. ED...

A brand-new Insider Threat Report authored by Shareth Ben, director of insider threat and cyber threat analytics at Securonix has found that employees deemed “flight risks” are linked to around 60% of the insider threat incidents detected. Ben explained in the report that flight risks are those employees about to terminate employment with the company for various reasons and can be determined by Securonix’s advanced user behaviour analytics. The Securonix Threat Research Team analysed hundreds...

By Elad Shapira, Head of Research at Panorays In the wake of coronavirus, companies are shifting their workforce to remote locations to keep businesses underway. This is an attempt to keep workers healthy and semi-quarantined to protect against the spread of a world pandemic that is not only a threat to health, but also to the world’s economies. The list of global organizations mandating work-from-home policies includes Microsoft, Apple, Google and Amazon, and that list...

It was reported yesterday that French sporting retail giant Decathlon leaked over 123 million records through an improperly secured ElasticSearch server, leaving customer and employee details exposed. The leak was spotted by security researchers Noam Rotem and Ran Locar at VPNmentor on 12th February, Decathlon were notified four days later, the leak was investigated, and the server pulled down shortly after. In light of the data breach affecting the retail firm, which has 44 UK...

Data privacy is at the center of core issues that governments are trying to solve this year. Privacy advocates have been requesting more stringent privacy laws and governments have responded. The European Union’s General Data Protection Regulation (GDPR) has served as an effective blueprint for new privacy laws. This year, we are seeing new privacy laws come into effect, such as Brazil’s LGPD, the United States’s CCPA, and more. Under GDPR, there have been over...

Companies need to beware of both external cyberattacks and insider threats. Like a classic horror film, both threats come with their own elements of mystery, suspense and fear. Fortunately, it is possible to defend each type of attack vector using a similar cybersecurity strategy for each. More on that later. First, let’s set the scene of the current security landscape.

“I think therefore I am.” - René Descartes This isn’t just a pompous philosophical proposition of autonomy, instead it is a timely piece of advice for ensuring corporate cybersecurity. Descartes really was ahead of his time! Identity and access management (IAM) plays an important part in securing your IT infrastructure by mitigating risk from both external cyberattack, and internal threat. Any company that thinks seriously about protecting sensitive information about their employees or customers should...

Leading fraud protection provider ClearSale (http://clear.sale)will have a team including VP of Partnerships Denise Purtzer at MageX 2019 in Austin, Texas, Sept. 12-13. MageX gives Magento merchants, developers, partners and agencies the opportunity to network face-to-face and to learn from Magento experts who will share best practices, case studies, consultations and other resources for attendees. Speaker topics at this year’s event include e-commerce cybersecurity and B2B e-commerce. ClearSale recently released an extension for Magento 2...

By Barry McMahon, Senior International Marketing Manager at LastPass When it comes to the workplace, who would have thought that your identity would be so important? Yet, for IT security professionals, identity and access management is an ongoing thorn in their side, particularly when organisations lack the necessary tools to keep data secure. In the office, your identity ensures that you have access to the right resources and that you can work securely and uninterrupted....

By Danielle VanZandt, Industry Analyst, Security, Frost & Sullivan The significant breach and vulnerabilities recently discovered by vpnMentor researchers within Suprema’s BioStar 2 database are enough to scare any potential end user away from biometric security measures. With potentially over 1 million fingerprint biometrics and user passwords exposed in the breach, BioStar 2 has become the first major example of how biometric access still has its own vulnerabilities that vendors, integrators, and end users must...