Cyber criminals are beginning to target Enterprise Resource Planning (ERP) applications, with the aim of disrupting and stealing data from large companies, according to reports from both security experts and the US government. According to a recent report from security companies Digital Shadows and Onapsis, hacktivists and state-sponsored groups in particular and looking to exploit flaws in platforms provided by Oracle and SAP.
New research from DataSolutions, an Irish IT solutions provider, has revealed that a majority (60%) of senior IT decision makers consider human error to be the greatest threat facing Irish businesses and organisations at the moment. This is consistent with results of similar surveys in other countries such as the US or UK, as cyber criminals evolve to target end-users and take advantage of improperly-trained staff instead of trying to bypass or hack complex technical security measures. The survey also revealed that 93% of respondents claim that they have a formal cyber security and defense strategy in place to help navigate today’s online threat environment, particularly in a post-GDPR world.
Cyber criminals are becoming increasingly smart and how they target organisations, targeting un-training staff instead of complex technological security measures
It has come to light that a recent breach disclosed by Ticketmaster UK may be much larger than initially reported, with not just the company’s UK site, but also their sites for Ireland, New Zealand, Australia, Turkey and even the US found to contain digital card-skimming code. Similar to the recent breach at Harvey Norman, this incident was caused by cyber criminals compromising a third-party service provider, not the site itself directly, leading security experts to believe many more websites may be at risk or have been compromised. This is part of a concerning new trend whereby cyber criminals are targeting third-party providers, who may deal with hundreds of websites, rather than attacking a website individually, exponentially increasing the damage inflicted.
Ticketmaster originally believed that only its UK website had been compromised, in a statement released last week
It’s 2018, and cyber crime is on the rise. It seems every other week there is another data breach or cyber attack somewhere in the world, and many people are rightfully apprehensive that they may be hacked too, or even that their details may have been exposed online through a breach of a service that they use. What if your email and password were compromised in the Adobe breach in 2013, the Yahoo breach in 2016, or the LinkedIn breach in 2012? What if your email had been obtained online and sold to cyber criminals as part of a spam list, such as Exploit.In, or the Anti Public Combo List, both discovered in 2016? If so, you may be at risk of hackers gaining access to your accounts, or even committing identity fraud against you. Luckily, security researcher and Microsoft regional director Troy Hunt has developed a database so that you can check to see if you’ve been compromised – so you can secure your online presence again.
haveibeenpwned.com is a breach database run by security researcher and Microsoft regional director Troy Hunt
Adobe has been forced to release an out-of-schedule emergency security patch to its users, after a zero-day vulnerability was discovered to affect Adobe Flash Player. Users are being urged by Adobe to update to version 184.108.40.206 of Flash Player, which contains mitigations for the zero-day as well as addressing three other flaws. This latest flaw was discovered already being used in the wild to attack Windows users, and doesn’t exploit browsers like typical Flash exploits – instead, it works through Microsoft Office documents which it utilises to download and execute malicious code.