A metaphor for cyber-security
A metaphor for cyber-security

Is the ubiquity of technology putting corporate security at risk?

A new whitepaper from security company Forcepoint has raised the question: as more corporate data moves out of sight and into SaaS-style cloud services – which are increasingly used to drive business agility and reduce costs – how do security teams maintain visibility on where corporate information is being used?

Forcepoint's “The 2017 State of Cyber-Security” report says, “Without this insight, people-based vulnerabilities destabilise even the most secure networks and greatly reduce the efficacy of cyber-security investments.” [Read more]

SQL injection vulnerability found in popular WordPress plug in, again

A “severe” SQL injection vulnerability has been found in the popular WordPress plugin WordPress Statistics. Sucuri researchers discovered the vulnerability while security auditing popular open source products. If properly exploited, the vulnerability could be used to steal data.

WordPress allows developers to make content that can be injected into pages using a shortcode. This becomes a problem with the WP Statistics shortcode. The vulnerability stems from data not being properly sanitised, the researchers note, resulting in “some attributes of the shortcode, wpstatistics, are being passed as parameters for important functions.” [Read more]

What Breach? AA fails to alert customers after server leaks card data

Customers have been left in the dark about a security breach at the British Automobile Association (AA). Though large amounts of data were exposed last month, one of the UK's largest car insurers failed to tell its customers.

A misconfigured server led to the exposure of 13 gigabytes of transaction data on the AA shop. That tranche included a database containing information on over 100,000 customers. [Read more]

After the WannaCry ransomware campaign, why aren't people patching?

As the Petya/NotPetya/Petwrap/GoldenEye/ExPetr onslaught ripped its way through countless endpoints all over Europe on 27 June, a short, sharp realisation may have dawned on its victims.

It was only last month that WannaCry ransomware attacked over 200,000 endpoints in 150 countries. The campaign caught Renault factories, the Russian interior ministry and 48 UK National Health Service trusts in its grip, bringing public utilities and multinationals to their knees.

While commentators didn't think much of the ransomware itself, what really impressed them was the propagating mechanism, EternalBlue, which allowed the ransomware-worm to spread as far, as wide and as quickly as it did. It may have come as a shock to some that those events could be repeated, with the help of the same NSA-built exploit, just over a month later. [Read more]

Plugging the gap: Why are fewer women getting into cybersecurity?

The latest figures show the number of female cyber security professionals is reducing compared with previous years. What, SC's Kate O'Flaherty asks, is the industry doing wrong? [Read more]