You are here
Home > Author: Peter Glock

Retailer Leaked Hundreds of Internal Passwords on Pastebin

Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired. Based in Sunderland, VT. an

Vermont town set to recoup money lost in email scam

This is why your organisation needs cyber risk insurance...: NORWICH, Vt. (AP) - A Vermont town will recoup nearly $250,000 lost in an email scam. Norwich Town Manager Herb Durfee says the Vermont League of Cities and Towns, the town’s insurer, will cover nearly $169,000. The Valley News reports that in addition to the insured money, Comerica Bank returned nearly $80,000, which leaves Norwich out $1,000, the cost of its insurance deductible. A report released by Nor

Secure cyberspace to save civilisation

This is from today's Times. The report quoted is officially published on 12 November, worth a read but I don't see any governments picking up on the recommendations so it's more an intellectual exercise than anything practical...: A jargon jungle and alphabet soup await anyone navigating internet governance. The technology is baffling. So is the plethora of watchdogs, commissions and committees. But few things matter more. The internet has become, piecemeal, civilisation’s c

New Platform Aims To Help Protect Power Grid From Cyber Threats

An interesting initiative in the US for power companies to Know Your Supply Chain by sharing information about the vendors that supply them...: [...] The sheer volume of supply chain vendors that provide equipment, software, and services to power utilities makes this a daunting task. The vast majority of the 3,000 electricity providers are small, regional operations that don’t have the manpower or budget to address this requirement effectively. The reason Fortress and AEP

Five Emails you don’t want in your Inbox

I've had all of these hit my inbox at one time...: [...] 1. Payment Diversion Fraud Cybercriminals often masquerade as a supplier, requesting invoices are paid to alternative bank details. They can also pretend to be an employee, asking the HR department to pay their salary into a different account. Payment diversion fraud targets both businesses and individuals and the results can understandably be devastating. There’s little point requesting someone to make a bank t

MI5 mounts top-secret operation to protect MPs’ phones from Russians hackers

Not exactly 'top secret' if it's reported in one of the tabloid papers...: MI5 has mounted a top-secret election operation to protect MPs’ phones from Russian hackers. Spy chiefs have ordered unprecedented measures to beef up the security of candidates vulnerable to foreign cyber attack. Warnings were issued to MPs and their staff after it was discovered that some phone accounts were being targeted by hackers. Personal and political communications have been shut dow

Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials

I want to know why this wasn't picked up in product testing... Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Researchers discovered the problem in Amazon’s Ring Video Doorbell Pro IoT device, a smart doorbell that combines security cameras with motion-detection to help prot

Security in the supply chain – a post-GDPR approach

I work a lot with startups who are too young and too small to have even thought about ISO27001 accreditation and complex security controls. In the absence of a recognised accreditation (which doesn't necessarily prove that your data is secure and private), a sensible approach is to ask you suppliers for their Technical and Operational Measures (TOM) which they should be able to give you under NDA. At the simplest level this can be a two page document. My preference is to use ...

Four ways to defend your network against IoT vulnerabilities

Since I've been selling IT Asset management, I've seen numerous articles like this one pop up. Knowing what's on your network, both hardware and software, are the top 2 things in the CIS top 20 so it's no surprise that this applies to IoT. Ask me about Axonius some time...: [...] 1. You can’t protect what you can’t see Less than half of all businesses are able to detect IoT breaches, according to a recent study. This detection issue is largely the result of the sheer n

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes. Researchers at Vanderbilt University‘s Owen Graduate School of Management took the Department of H