Telegram bot appeared in the beginning of 2020 but has been discovered recently. This is a paid service, it allows you to call changing your phone number — this is a widespread fraud approach which is frequently used for calls made from a “bank”, “security service”, etc. A person sends command to the bot indicating that the call should be made showing a different phone number, then the number of a recipient and the number which should be displayed during a call (for example, the official bank number) get entered. This type of fraud has been known already. The new…
Come visit us, your Nissan
What happened: The source code and internal tools of Japanese company Nissan became publicly available. The leak features the source code of Nissan’s mobile apps, market research tools, customer search and retention data, and important components of diagnostic systems. Nissan’s confidential data was actively distributed through hacker forums and Telegram channels.
Who is to blame: The weakness appeared to be an open Git server, which could be accessed via the standard username-password bundle, namely: admin-admin. The automaker has already confirmed the leak and is investigating the incident. …
These and other ticklish issues regarding the launch of information security solution within your system.
Is the system worth the money spent on it? Risk managers and information security officers know why special software is required, but how do you explain to a businessman that DLP is important? The system’s advantages become obvious during a trial period. According to our analysts’ experience, the
first three hours of the DLP’s work reveal incidents. …
There is a lot of novelty in medicine. Here, we can talk about the emergence of telemedicine, “smart” medical devices, and the digitization of medical cards. These innovations are designed to improve the quality of service and save time for patients and doctors. However, neither doctors nor patients realize how vulnerable medical information becomes.
Not only does digitization simplify the work of medical centre staff, but also reduces the risk of errors in the provision of emergency medical care, when patients can’t provide information on their own. …
1. There are locations with multiple official languages and even dialects, can the solution analyse texts written in any of them?
The solution support import of local dictionaries. As policies are customisable, dictionaries can be tailored to a company’s needs.
2. Does the endpoint software have tamper protection?
The software installed on an endpoint can’t be deleted or sabotaged by a user.
3. Can the policies be changed when a user’s laptop is outside the corporate perimeter?
There are a few measures to take before moving people to work from home:
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly.
The GDPR states explicitly that some violations are more severe than others. The less severe infringements could result in a fine of…
Every month we enrich our collection of classic and non-trivial cybersecurity cases. Data leaks, frauds, sabotage, and other incidents caused by insiders are of our interest.
Some of the cases are funny, others are scandalous, but all are definitely edifying. Some cases happen out of nowhere, and there are also some caused by the extremely negligent attitude to security rules (Eh? Trump) So, without further ado, let’s get started.
Tesla employee sabotage
What happened: At the auto plant in Fremont, California, the production line stopped for several hours. IT security has quickly figured out the incident details.
Who is to…
One of the most common threats which companies often learn about only after an incident occurs is keeping the accounts of dismissed employees active and failing to revoke excessive rights in case employees were terminated or changed their job responsibilities within a company — many user accounts which should be disqualified stay active. Make sure your system follows sensible and strict data access patterns, data privacy policies are abided by and permissions are configured. The monitoring solution will help you identify access attempts and avoid litigation involving data owners and prove compliance.
Just recently, The City of New Haven, Connecticut…
CyberNews journalists (aka cybersecurity experts) hacked 27,944 printers around the world and sent a quick information security guide to print. The prankers used the Internet of things search engines like Shodan and Censys to search for devices with open ports and an Internet connection. To print the documents, they wrote a special script.
Who is to blame:
The gamble was successful because the captured printers were not hidden from public access. For example, printers had default passwords, no firewall was enabled, wireless connections to the router were allowed, and so on. …