In this article, we outline how conducting regular GDPR pen tests can help to mitigate the risks of data breaches. Since it came into effect in 2018, the GDPR has helped to improve the way that organisations operating across the EU and UK collect, handle, process and store personal data. The GDPR covers all aspects of data protection, including the requirement for organisations that handle personal data to improve information security and governance.

Yesterday, FireEye published a report about a global intrusion campaign that utilized a backdoor planted in SolarWinds Orion. Attackers gained access to the download servers of Orion. They managed to infect signed installers downloaded by Orion users who had all reason to believe that the packages are safe and had not been tampered with. With this information out in the world, teams are scrambling to investigate if their environments are affected by this breach.

Cyberattacks are becoming a regular feature in the global market. The scale and variety of these attacks have grown considerably. The recent pandemic has spiked such attacks and many Covid-19 scams ranging from social media posts, smishing (small message phishing), phishing, ransomware, have skyrocketed this year.

Touchless solutions have risen to the forefront this year because of the latest pandemic that has reshaped the way we work and live. When social distance policies were placed in motion, borders closed, establishments paused operations, and businesses moved online operating amid lockdown. Touchless technologies had to be put in place almost everywhere to preserve human touch. It has ceased to be just an option since it is now a necessity in the new normal.

Analysis of a recently detected phishing kit, targeting a retail bank based in the Philippines and submitted to VirusTotal, led to the identification of a low-sophistication method used by threat actors in an effort to phish for usable one-time passwords (OTP) along with account credentials.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

The events of 2020 brought us unprecedented challenges that no one was prepared for, changing the way we live, work, and communicate, impacting the global economy, all geographic regions, and every single industry. In such a downturn cybercrime flourishes, especially when organizations move most of their operations and processes online.