About: Alex Harris

Cosmetics Giant Avon Leaks 19 Million Records A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption. “The…

Cloud Breaches Set to Grow in “Velocity and Scale” Cloud breaches are likely to increase in “velocity and scale” due to a prevalence of poor cybersecurity practices in cloud configurations that are creating exposures. This is according to the most recent The State of DevSecOps report by Accurics, which assesses cloud configuration practices that lead to breaches. The…

Home Distractions a Major Cause of Cybersecurity Errors During Lockdown Nearly half (43%) of UK and US employees have made errors leading to cybersecurity repercussions, according to a new study from Tessian. The analysis, undertaken in April during the height of the COVID-19 pandemic, suggests that the disruption and additional stress and distractions of remote working…

Password Reuse to Blame for Fifth of Account Takeovers Email account takeover (ATO) attacks often last for over a week and result from employees reusing passwords across multiple sites, according to new research from Barracuda Networks. The security vendor teamed up with researchers at UC Berkeley to study the lifecycle of email ATO attacks, examining…

Cloud Misconfigurations a Major Compliance Risk Cloud misconfigurations are considered a data security risk by 95% of IT decision makers in the UK, according to a new study from Trend Micro. The findings highlight how human error is a major cause of organizations’ compliance problems and is obstructing their digital transformation. Of those who regard cloud…

Blackbaud Breach Hits Nine More Universities A combined ransomware and data breach attack on a US cloud computing provider in May has affected many more universities and non-profits than at first thought. Infosecurity reported on Wednesday how the University of York in northern England had notified affected staff and students that their personal details may have been…

Three-Quarters of UK Businesses Facing Compliance Problems Following Lockdown Three-quarters (75%) of UK data protection officers (DPOs) anticipate the Covid-19 lockdown will cause difficulties in meeting data compliance obligations, potentially leading to large fines, according to a study by Guardum. In the survey, 72% of DSOs expect a backlog of data subject access requests (DSARs) upon…

NCSC Introduces Remote Working Testing Tool for Small Businesses An exercise which will enable small businesses to test their cyber resilience while staff work remotely has been launched by the National Cyber Security Center (NCSC). Part of its Exercise in a Box toolkit, the ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk…

Personal Data of the Average user Held by at Least 39 Different Organisations At least 39 different organizations hold personal data of the average UK citizen, providing a wide-range of opportunities for hackers to access sensitive information. This is according to Nomidio’s State of Identity 2020 Analysis, which also found that almost a quarter of Brits are…

SurveyMonkey Phishers Go Hunting for Office 365 Credentials Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters. The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain, according to Abnormal Security. “Within…