In yet another consequential cyberattack, T-Mobile, one of the largest telecommunication companies in the United States, is the latest victim.
Last month it was revealed that John Binns, a 21-year-old US Citizen who now resides in Turkey, successfully gained access to the sensitive data of over 50 million T-Mobile customers. He listed the database for sale on an underground hacking forum with an asking price of six bitcoin (approximately $280,000 USD).
Information such as names, addresses, social security numbers, and driver's licenses was accessed in the attack. T-Mobile stated that financial and payment information was not compromised.
Last week, the United States Cybersecurity and Infrastructure Security Agency issued an alert about a new vulnerability in Apache Log4j that you should be aware of.
What you need to know
Log4Shell is a new vulnerability being actively exploited in the wild that should be mitigated ASAP.
The TrustedSite platform does not rely on Log4j and is not, and has not, been vulnerable.
New vulnerability definitions in TrustedSite’s Server and Application Scanning services will identify potentially vulnerable assets.
Manual inspection is required in addition to TrustedSite services.
Third-party scripts are scripts that are developed externally and added to an organization’s website for various purposes. These scripts can have great benefits, but they can also introduce security risks for businesses.
Third-party scripts are added to an organization’s website by different teams for different purposes. Common categories of third-party scripts include:
The Transport Layer Security (TLS) protocol, the updated, more secure version of SSL (Secure Sockets Layer) is designed to add security to web traffic. It wraps the traffic in a layer of encryption, which protects it against being read and modified by an eavesdropper.
TLS works on the principles of public key cryptography, which uses a pair of public and private keys to securely generate a shared secret key between a website and a visitor. This shared secret key is then used to encrypt all communications between the client and the server.
A TLS certificate provides a user with the public key associated with a particular site and verifies its authenticity. Without the TLS certificate, it is impossible to prove that a certain public key actually belongs to a particular website. An attacker could provide a client with their own public key instead, enabling them to masquerade as the site owner.
To your customers, your website is the gateway to your products and services. But in the eyes of cybercriminals, it’s an entry point to your sensitive data. Without proper protections in place, attackers may be able to exploit your site’s vulnerabilities and gain unauthorized access, resulting in detrimental repercussions for your business.
In today’s world of ever-evolving security risks and hacking techniques, it’s not enough to set and forget the security measures you put in place to protect your site. What was once considered a foolproof security best practice may become penetrable by hackers tomorrow. Additionally, any new features and services you add to your site could inadvertently come into conflict with or override existing security protocols without your knowledge. Routine monitoring and testing is required to ensure your walls of defense continue to stand strong over time.
So what do you need to monitor for specifically? Here are 3 common security issues that should be on your checklist.
A vast majority of businesses are shifting operations to the cloud. With the promise of greater flexibility, self-service provisioning, and reduced costs, cloud migration seems like a no brainer, but it doesn’t come without its issues.
One commonly overlooked challenge is that when you have more internet-connected assets, you also have more potential entryways for attackers to infiltrate your business. We refer to this collection of entryways as the attack surface. As a way to keep track of the entryways and ensure they are sealed off from attackers, the practice of attack surface management (ASM) was born. ASM is a relatively new concept in the world of cybersecurity, so let’s break it down.
Data Privacy Day serves as a reminder to both individuals and businesses about the need to safeguard data online. The importance of data in business is universally understood. It allows you to communicate with potential customers, market products to them, process payments, and remarket post-purchase.
The importance of data in business is universally understood. It allows you to communicate with potential customers, market products to them, process payments, and remarket post-purchase.
Unfortunately, the importance of protecting data isn’t always as appreciated. Through the years many companies have underestimated or ignored the great responsibility that comes with data management and suffered breaches that impacted millions of people around the world.
Last month, CVS made headlines after a misconfigured cloud database left over 1 billion records exposed. Discovered by independent cybersecurity researcher Jeremiah Fowler months earlier, the records were accessible via a nonpassword protected database hosted by a third-party provider. CVS attributed the leak to human error, and acted swiftly to secure the database the day the issue was reported.
The records consisted of visitor and session IDs, device information, and event data. Some email addresses were also discovered, though CVS claims they were not customer account records and were entered into the search bar by visitors who mistakenly thought it was the account login field.
Fowler noted that it could have been possible to match a user’s session ID with what they searched for or added to the shopping cart during that session, and then try to identify the customer using the exposed emails, though there’s no evidence that a malicious actor did this successfully.
Every few years we conduct a survey to get inside the minds of consumers and find out what factors influence their trust in ecommerce sites. Since ecommerce sales are forecast to surpass $6.3 billion by 2023, we decided it was a good time to check in with consumers and see how their trust in ecommerce sites might have changed in recent years.
Cybercrime is a rampant issue around the world, with the number of people affected, the amount of money lost, the costs of remediation, and the techniques used to compromise organizations constantly increasing.
Too many organizations have failed to keep up with the ever-evolving landscape of cybersecurity, and have suffered crippling data breaches and other kinds of attacks as a result.
Some of the strategies that cybersecurity analysts have traditionally employed undoubtedly leave room for error, and often result in fruitless labor that could have been allocated more productively.
Let’s take a look at some of the common mistakes made when managing an organization’s security posture and why they fail to provide adequate protection.
Sign up to our newsletter for the latest Cyber Security news and resources.