Two Canadian Researchers from Concordia University in Montreal report that adware behaves like malware and should be classified as such. In a research paper*, the two reviewed Wajam, a software that injects ads into browser traffic and found that it uses techniques employed by malware for browser process injection attacks. Expert Comments: Mike Bittner, Associate Director of Digital Security and Operations at The Media Trust: “Everyone should be concerned about any kind of unwanted ware. While consumers and legislators have put big tech platforms in their crosshairs, they fail to understand the pervasiveness of consumer data collection without consumer consent…
ISBuzz Team
Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and AlgoSec, the leading provider of business-driven network and cloud security management solutions, today announced the results of a new study titled, “Cloud Security Complexity: Challenges in Managing Security in Native Cloud, Hybrid and Multi-Cloud Environments.” The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in…
The vulnerability is severe enough that Microsoft took a pretty unusual step in releasing updates for Windows XP and Server 2003 in addition to currently supported versions of Windows that are affected. Unlike WannaCry, this threat is seen as extremely easy to exploit. It took a leaked NSA tool to exploit the WannaCry vulnerability, whereas the fear with BlueKeep is that it will be much easier to take advantage of. And, with a patch now available you can bet there are cyber adversaries who are reverse engineering the patch as you read this, getting ready to exploit organizations and individuals alike. If you remember…
According to new research uncovered by security specialists, Pen Test Partners, who were investigating the systems within Tesla vehicles, found that if hackers could attach an ELM327 Bluetooth module to the interface, they would have the ability to analyse the traffic and read CAN messages. If left in, a hacker could also potentially shut the car down. Experts Comments: Martin Jartelius, CSO at Outpost24: “Firstly, not only car manufacturers but all manufacturers should ensure that they address security – the more critical the asset the more important this is. Electric cars are – compared to equally equipped cars – not more exposed. But compared to an older car…
It has been reported that Google has suspended Huawei’s access to updates of its Android operating system and chipmakers have reportedly cut off supplies to the Chinese telecoms company, complying with orders from the US government as it seeks to blacklist Huawei around the world. According to the story, Chipmakers such as Intel, Qualcomm, Xilinx, and Broadcom have told employees they will not supply chips to Huawei until further notice, Bloomberg reported on Monday, citing people familiar with the matter. Oleg Kolesnikov, VP of Threat Research at Securonix: en be able to source some of the advanced Intel, Qualcomm, and…
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour. From a brief review of the data, each record contained public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country, but also contained their private contact information,…
There is no bulletproof digital network, and blockchain doesn’t stand out from the rest in this regard. However, the attacks targeting distributed ledgers differ from the ones used to compromise conventional computer networks. These exploitation scenarios rely on tampering with the process of achieving consensus to alter the data added to the ledger. 51% attack If a certain number of network participants, or miners, get the majority of the “votes”, their prerogative to control the consensus may allow them to complement the blockchain with their own data only. If a malefactor has the exclusive privilege to add a block, he…
Experts Comments: Joseph Carson, Chief Security Scientist & Advisory CISO at Thycotic: The EU GDPR has been positive for the Information Security industry as it has forced many companies to re-evaluate their cybersecurity posture and better understand the type of personal information they have been collecting on EU citizens. It means that companies who are regulated by the GDPR have improved their cybersecurity capabilities – incident response has been one of the areas which companies have significantly improved. We have also recently seen the first fines under the GDPR given to several companies, mostly related to consent or data minimisation, though many…
Google published a blog post highlighting their research that showed that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation. Expert Comments: Jake Moore, Security Specialist at ESET: “All of the big tech firms offer many layers of extra security; the problem lies with them not being mandatory. These companies want to help their customers’ accounts be secure, but the problem is that users tend to favour ease-of-use over security. However, it isn’t difficult to add…
The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services to them. The GDPR applies to personal data, which is defined as any information relating to an identifiable natural person. In certain cases, frameworks such as the EU-US Privacy Shield have been implemented to ensure the protection of data being transferred outside the EEA. However, such frameworks have not been established with all countries outside of the EEA. In such cases,…