Bugs Rack Web Host Sites and Flight-Booking System

Infosecurity Magazine | January 16, 2019

Bugs Rack Web Host Sites and Flight-Booking System
Two security researchers working independently on different projects have discovered multiple vulnerabilities that affect multiple web hosting platforms, including the popular Bluehost, as well as Amadeus, the online reservation system used by several different airlines. According to independent security researcher Paulos Yibelo, Bluehost, a popular web hosting platform, was riddled with vulnerabilities, including one that would allow complete account takeover. Rated as having a high severity, the vulnerabilities grant attackers access to personally identifiable information, partial payment information and tokens that grant access to sites like WordPress, Website Planet wrote. In addition to those bugs discovered in BlueHost, Yibelo also reported several bugs in other web hosting platforms, including Dreamhost, HostGator, OVH, and iPage. “This should serve as a warning call for those companies authenticating customers online with legacy technology. Today, account takeover is not a hard attack to deploy, and the consequences can be devastating with bad actors stealing money and products,” said Ryan Wilk, VP of customer success for NuData Security, a Mastercard company.

Spotlight

Theft of equipment or information is becoming more prevalent today due to the fact that most devices today are mobile. Cell phones are prone to theft and have also become far more desirable as the amount of data capacity increases. Sabotage usually consists of the destruction of an organization′s website in an attempt to cause loss of confidence to its customers. Information extortion consists of theft of a company′s property or information as an attempt to receive a payment in exchange for returning the information or property back to its owner

Related News

DATA SECURITY

Darktrace Joins INDYCAR Team Arrow McLaren SP as an Official AI Cyber Security Partner

Darktrace | April 16, 2021

Darktrace, a main self-sufficient digital protection AI organization, today reported that it is broadening its association with McLaren Racing and setting out on another sponsorship of the Arrow McLaren SP. Interestingly, the Darktrace logo will include as an afterthought suspension of both the No. 5 Arrow McLaren SP Chevrolet and the No. 7 Vuse Arrow McLaren SP Chevrolet, beginning with the season-opening race at Barber Motorsports Park on April eighteenth. Darktrace's Cyber AI independently distinguishes, examines, and reacts to quick digital dangers continuously across different advanced conditions, including cloud-based programming and email. The innovation is utilized by McLaren's innovation and security groups to help shield against cutting-edge digital dangers. About Darktrace Darktrace is a main self-governing network safety AI organization and the maker of Autonomous Response innovation. It gives far-reaching, undertaking wide digital guard to more than 4,700 associations in more than 100 nations, securing the cloud, email, IoT, customary organizations, endpoints, and mechanical frameworks. A self-learning innovation, Darktrace AI self-governing identifies, researches, and reacts to cutting-edge digital dangers, including insider danger, distant working dangers, ransomware, information misfortune, and production network weaknesses. The organization has 1,500 workers internationally, with central command in Cambridge, UK. Consistently, Darktrace AI distinguishes a digital danger, keeping it from causing harm.

Read More

DATA SECURITY

Cowbell Cyber Unites Cybersecurity Giants and Cyber Insurance Industry with Launch of Cowbell Rx

Cowbell Cyber | September 21, 2021

Cowbell Cyber, the industry's first AI-powered cyber insurance provider for small to medium enterprises (SMEs), today announced the launch of its cyber risk exchange marketplace, Cowbell Rx. Cowbell Rx closes insurability gaps by providing cyber insurance applicants with resources to meet eligibility requirements while also enabling active policyholders to continuously improve their organization's risk profile. This comprehensive list of partners is the first of its kind in the cyber insurance industry. Cyberattacks continue to proliferate and damage business operations, with predictions that new attacks will happen every 2 seconds by 2031. However, cybersecurity and cyber insurance have traditionally operated in silos with insufficient coordination, resulting in a misalignment between cyber threats faced by an organization and the security measures to prevent them. Because of this, cyber insurers are tightening up insurability requirements for policyholders to obtain coverage or to renew existing cyber policies. Cowbell Rx is the first marketplace provided by a cyber insurer to help businesses gain access to recommended partners that offer solutions to organizations in order to meet the minimal criteria to get cyber insurance coverage. "Cybersecurity and cyber insurance must work in harmony to build an organization's cyber resilience. We are working with more than 20 of cybersecurity's biggest leaders to make this happen," said Isabelle Dumont, vice president of market engagement at Cowbell Cyber. "Cowbell Rx is a key component of Cowbell's closed-loop risk management initiative to continuously improve an organization's risk profile. Together with our partners, we are bringing streamlined access to today's top cybersecurity services and solutions straight to current and future policyholders." "Cowbell is an innovator in the field of cyber insurance and we share their passion for data-driven risk assessment," said Eric Skinner, vice president of Market Strategy at Trend Micro. "We're pleased to be part of Cowbell's new marketplace. By bringing together Cowbell policyholders with cybersecurity experts like Trend Micro, we can all work together to ensure our mutual customers stay resilient in a world of constantly changing cyber threats." "True cyber risk management is the combination of cyber insurance and effective cybersecurity operations," said Odin Olson, vice president of Alliances at Arctic Wolf. "Cowbell Rx is an excellent way to expose Cowbell's policyholders to some of the best cybersecurity service providers in the industry." About Cowbell Cyber Cowbell Cyber is dedicated to providing standalone, admitted individualized, and easy-to-understand cyber insurance for small and mid-size enterprises. In its unique AI-based approach to risk selection and pricing, Cowbell's continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Cowbell Insurance Agency is currently licensed in 50 U.S. states and the District of Columbia.

Read More

DATA SECURITY

eSentire Leverages Guidewire to Quantify and Reduce Cyber Security Risk

eSentire | October 11, 2021

eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), and Guidewire Software, Inc. today announced that eSentire is leveraging Guidewire Cyence’s market-leading, internet-scale cyber data listening and modeling capabilities to support in financially quantifying and reducing cyber risk. Cyber threats pose one of the greatest risks to businesses today, yet it is becoming increasingly harder to identify and protect against those risks and secure insurance coverage,The combination of eSentire and Guidewire Cyence technologies and expertise fill a significant gap to help businesses assess, design, and implement cyber risk solutions and quantify their security ROI and risk reduction. eSentire Chief Technology Officer Dustin Hillard eSentire’s technical cybersecurity expertise in 24/7 threat detection and response to real-time and zero-day threats, combined with Guidewire’s strengths in economic modeling, will enable cybersecurity leaders to tie the efficacy of their security spends to security program return-on-investment. The eSentire Atlas XDR platform, ingesting data from over 1,000 customers across 70 countries worldwide, automatically blocks more than 1 billion threats per year and learns from more than 2 million rapid, human-led investigations per year, yielding a significant proprietary data set that maps internal risk factors to security outcomes. Guidewire’s cyber risk modeling and scoring data for more than 600,000 businesses is now integrated with eSentire’s asset risk scoring, providing security recommendations through eSentire’s Insight Portal: Business Risk Scoring: eSentire customers now have access to Guidewire’s Cyence Risk Rating within the eSentire Insight portal. This business risk rating predicts the probability of a public data breach in the next 12 months. Each business risk rating is contextualized based on industry, size, and revenue band in comparison to its segment peers. Asset Risk Scoring: eSentire customers will benefit from eSentire’s own artificial intelligence risk models learned from targeted attacks defended across its global customer base to determine the probability of an internal security incident originating at the asset level over the next three months. eSentire leverages these insights to make proactive security recommendations on how to reduce each customer organization’s risk. The Royal United Services Institute reported that despite ransomware being the leading claim source for cyber insurers, many organizations are not approved due to open internet access, primarily through open Remote Desktop Protocols (RDP). Through their work together, eSentire and Guidewire have identified and remediated several open RDP scenarios, thereby reducing risk and enabling the organizations to improve their cyber insurance risk profile. In fact, eSentire and Guidewire have developed preferred cybersecurity insurance relationships with Guidewire customers that deliver improved deductibles and expansive coverage for eSentire customers. Hillard added, “eSentire customers now have the opportunity to engage with an expert Cyber Risk Advisor to build a proactive security plan tailored to reducing risk in their environment while considering business- and asset-specific insights,” says eSentire Chief Technology Officer Dustin Hillard. “As a result of our work together, we earn the confidence of the insurance market and our customers get improved cyber risk insurance pricing and policy coverage.” “We are thrilled to join eSentire in making tangible, transparent, and quantifiable cyber risk reduction a reality for businesses worldwide,” says Guidewire Chief Innovation Officer Paul Mang. “We are committed to helping organizations manage the economic volatility associated with cyber threats, both through the efficient use of risk transfer insurance solutions and through proactive risk management actions.” This exciting innovation in cyber risk quantification has been complemented by the introduction of eSentire’s Cyber Risk Advisor program as part of the firm’s overall customer success engagement model. These advisors are security practitioners with consultative and solutions architecture experience, who act as an extension of the customer’s cybersecurity team, demonstrating a clear understanding of each organization’s business objectives and security priorities. The Cyber Risk Advisor supports customers with infrastructure assessments, regular service reviews, and interprets risk scoring metrics to develop a tailored risk reduction roadmap with recommendations that prioritize risk mitigation. These recommendations are based on the insights driven from eSentire’s 24/7 Security Operations Center, Threat Response Unit (TRU), and the new Guidewire Cyence Risk Rating integration. About eSentire eSentire, Inc., the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business-disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analytics & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response Services. For more information, visit www.esentire.com and follow @esentire. About Guidewire Software Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire. As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record, with 1,000+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of applications that accelerate integration, localization, and innovation.

Read More

Spotlight

Theft of equipment or information is becoming more prevalent today due to the fact that most devices today are mobile. Cell phones are prone to theft and have also become far more desirable as the amount of data capacity increases. Sabotage usually consists of the destruction of an organization′s website in an attempt to cause loss of confidence to its customers. Information extortion consists of theft of a company′s property or information as an attempt to receive a payment in exchange for returning the information or property back to its owner