Christy Wyatt, CEO at Absolute: The level of ransomware attacks continue to evolve, and are more sophisticated than ever. Hackers can simply disable security controls and tear down protection against vulnerabilities in their wake. In fact, seventy percent of all breaches are the result of known vulnerabilities that enterprises took too long to patch. Just as startling – it can take anywhere from 39 to 340 days for companies to address the vulnerability, leaving businesses exposed for a wide range of chaos to wreak havoc on their data, security and reputation. Enterprises today have deployed more security controls than ever, an…
ISBuzz Team
It has been revealed that a Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack. https://twitter.com/shah_sheikh/status/1143044355210432512 Jake Moore, Cyber Security Specialist at ESET: “This vulnerability highlights the issue of third party applications that are given partial access and could potentially be exploited by malware to gain administrator rights. “It also highlights the threat caused by rogue insiders and could cause companies to lose brand confidence even when it isn’t entirely their fault. Many PCs could be affected and as usual it is vitally important that these machines are updated…
A new botnet is abusing Android Debug Bridge (ADB) and SSH to capture & collect new Android devices to its network, according to Trend Micro. Experts with Juniper Networks and OneSpan offer observations on mobile device vulnerability and what organizations and users can and can’t to improve device security. https://twitter.com/DatexInc/status/1142840761773449216 Experts Comments: Mounir Hahad, Head at Juniper Threat Labs at Juniper Networks: “Juniper Threat Labs has repeatedly warned users about this very attack vector, including in a blog post one year ago that calls out some of the vendors that ship Android Debug Bridge enabled. The number of publicly vulnerable devices has declined from about 40,000 devices one year ago to…
Following the news that Riviera Beach City Council, in Florida, has just paid a $600,000 ransom demand after falling victim to ransomware three weeks ago, please see below comments from security experts at HackerOne, Nozomi Networks and Outpost24. Shlomie Liberow, Technical Program Manager at HackerOne: “The Riviera Beach City Council has taken a big gamble by paying the ransom as there are no guarantees the attackers will return any of the data, which could leave the city in an even worse situation. By paying the ransom, the council also encourages more of these types of attacks as it makes it more profitable…
An age-check scheme designed to stop under-18s viewing pornographic websites has been delayed a second time. The culture secretary confirmed the postponement saying the government had failed to tell European regulators about the plan. In the House of Commons, Culture Secretary Jeremy Wright said an “important notification process was not undertaken for an element of this policy”. Experts Comments: Brian Higgins, Security Specialist at Comparitech.com: “The age verification protocols proposed by the UK government are a a good-faith attempt to protect vulnerable young people from inappropriate online content. Unfortunately they have zero chance of meeting the governments objectives. There is always a ‘work around’ in cybersecurity.…
Cybercriminals are taking advantage of summer exam pressures by offering black market grade-hacking services and fake qualifications online, and ensuring these opportunities are easy to find with a quick internet search, Kaspersky researchers have found. Reports of young people breaking into school systems to change grades, improve attendance records or disrupt test processes are not new, and nor is the availability of fake certificates and diplomas. Over the years, a thriving underground industry has grown up to facilitate cheating when it comes to academic achievements. This includes discussion fora and how-to guides and videos. Kaspersky researchers decided to take…
A ansomware gang has breached the infrastructure of at least three managed service providers (MSPs) and has used the remote management tools at their disposal, namely the Webroot SecureAnywhere console, to deploy ransomware on the MSPs’ customers systems. Hackers breached MSPs via exposed RDP (Remote Desktop Endpoints), elevated privileges inside compromised systems, and manually uninstalled AV products, such as ESET and Webroot. Hackers searched for accounts for Webroot SecureAnywhere, remote management software (console) used by MSPs to manage remotely-located workstations (in the network of their customers). https://twitter.com/ZDNet/status/1142639911213961217 Expert Comments: Javvad Malik, Security Awareness Advocate at KnowBe4: “Going after MSSP’s allows attackers to attack many companies, or…
More cybercriminals are encrypting their phishing websites according to a report from Phishlabs. The report reveals that 58% of the phishing websites in the first months of 2019 were using the secure HTTP protocol. This is a 12% jump compared to the last quarter of 2018. https://twitter.com/AdliceSoftware/status/1142122584944848896 Expert Comments: Usman Rahim, Digital Security and Operations Manager at The Media Trust: “HTTPS as a security defense was more effective when websites ran mostly owned and operated code. That has changed. Now that third party code predominates such sites, most code on a website runs outside of the owner’s IT perimeter. This…
A new variant of the Ryuk Ransomware was discovered yesterday by MalwareHunterTeam, who saw that it was signed by a digital certificate. After this sample was examined by security researcher Vitali Kremez, it was discovered that a few changes were made to this variant that was not seen in previous samples. Kremez found that with this new variant, the ransomware will check the output of arp -a for particular IP address strings, and if they are found, will not encrypt the computer. https://twitter.com/AdliceSoftware/status/1141382719093559297 https://twitter.com/tooruhieda/status/1141479407271460864 Expert Comment: Roy Rashti, Cybersecurity Expert at BitDam: “This new variant allows the attacker to remove computers from their target bank. This means that they can selectively avoid those computers…
As tomorrow is World Productivity Day, please see below for comments from SailPoint, Maintel, Spitch, KCOM and LogMeIn as part of our experts comments series. The comments include: Sion Lewis, Vice President of EMEA at LogMeIn, discussing how employee engagement and wellbeing must take centre stage in any organisation, and the role that remote working plays in achieving this Sandra Schroeter, International Head, Customer Engagement Technologies at LogMeIn, explaining the role that AI and chatbots play in customer experience, in addition to increasing employee productivity John Bennett, General Manager, Identity and Access Management Business Unit at LogMeIn, provides insight into the role unified identity solutions play in organisations security and the…