Author: Admin

Many iPhone users are vulnerable to payment fraud due to vulnerabilities in Apple Pay and Visa, according to new research from the University of Birmingham and the University of Surrey. The experts revealed they could bypass an iPhone’s Apple Pay lock screen to perform contactless payments when the Visa card is set up in ‘Express Transit mode’ in an iPhone’s wallet. Transit mode allows users to make a quick contactless mobile payment without fingerprint or facial recognition…

Cybersecurity has been ranked as the second biggest global risk in a major new survey of 23,000 experts and members of the public. The AXA Future Risks Report was produced in partnership with the IPSOS research institute and geopolitical analysis consultancy Eurasia Group. Its findings were compiled from interviews with over 3400 experts in underwriting and risk management, plus a survey of 19,000 members of the public. Cyber came second only to climate change on the global…

Security researchers have disclosed a serious and wide-ranging API vulnerability stemming from the incorrect implementation of Elastic Stack, which could create serious business risk for customers. Elastic Stack is a popular collection of open source search, analytics and data aggregation products, including Elasticsearch. Salt Security claimed that nearly every provider customer is affected by the vulnerability — which relates to design implementation flaws rather than a bug in Elastic Stack code itself. Its Salt Labs…

In this episode, Patrick Miller, Founder of Ampere Industrial Security, discusses what utilities and other industrial companies need to consider when it comes to the goldmines of data they’re collecting from their machines and customers. He also explains why security and privacy needs to be incorporated in these operations by design. Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnmStitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcastRSS: https://tripwire.libsyn.com/rssYouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3 Tim Erlin: On the latest Tripwire cybersecurity podcast, I had the opportunity to speak with Patrick Miller, who is the…

As we emerge from the pandemic, hybrid working has proven hugely popular for individuals and organisations alike: staff enjoy increased flexibility and reduced commuting, and organisations benefit from lower overheads and greater productivity. Plus, the environmental benefits of homeworking are unmistakable.  However, hybrid working also provides greater opportunities for cyber criminals. It introduces new security vulnerabilities, makes staff more susceptible to phishing attacks, and makes it harder for security teams to respond to incidents.  Although the past 18 months have seen new working practices become normal for many organisations, security strategies are still struggling to adapt.  Detecting data breaches has always been a challenge. Even with staff…

Ransomware is making headlines once again, as cybercriminals target high-profile organizations. A prominent example is Colonial Pipeline, a Texas-based oil pipeline system that shut down its entire fuel distribution following an attack in May.  The attack resulted from a single compromised password used by hackers to gain entry into Colonial Pipeline’s networks. The hackers attacked successfully using ransomware. Ransomware is a constantly evolving attack tool used by cybercriminals. In addition to costing agencies time and…

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization. Privileged accounts, such as…

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization. Privileged accounts, such as…