A recent survey-report commissioned by 1E, Getting Your House in Order, was completed by 600 senior IT decision makers in the US and UK, split evenly between IT Operations and IT Security specialists. The intent was to see if, in the wake of so many devastating cyber-attacks in the last few years, lessons had been learned regarding security basics. One interesting testing ground was the Windows 10 data. Once upon a time, this wouldn’t be an obvious theme for a “security” survey, but times have changed (as WannaCry impact brutally illustrated). Indeed, 83% of respondents said security was a motivating…
ISBuzz Team
It has been reported that yesterday the Department of Homeland Security and the FBI publicly identified a new North Korean malware capable of funnelling information from a victim’s computer network. Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public about the new malware on Thursday. ElectricFish steals information from a target computer network by bypassing a server’s security protocols with a username and password. https://twitter.com/CyberScout/status/1126868210530209792 Expert Comments: Sam Curry, Chief Security Officer at Cybereason: “The government released information on the malware so that the North Koreans…
In a report published yesterday, researchers revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. This offer was for each individual company and it is not a set price. It could go as high as $1 million for one access. A definitive offer is still being discussed with intermediaries. According to the AdvIntel report, Fxmsp had managed to steal source code that included…
loomberg reported yesterday that Amazon.com Inc has been reportedly hit by an “extensive” fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year. https://twitter.com/Fin24/status/1126181752316231685 Expert Comments: Brian Higgins, Security Specialist, Comparitech.com: “I’m not at all surprised to hear that Amazon are exploiting children’s data in this fashion. Let’s also not forget that although this case has arisen in America, Amazon’s platform is global. The unscrupulous retention of data for potential commercial gain or advantage is common among all social media platforms and I’m delighted to hear that the practice is finally being challenged. A…
Windows Hello, Microsoft’s authentication system that comes with Windows 10, is now officially recognised as an authenticator, which means the company is inching towards completely killing off passwords in its software and services, reports TechRadar. https://twitter.com/MicrosoftSB/status/1126456868908470274 Expert Comments: Jake Moore, Security Specialist at ESET: “Considering the number of data breaches we have witnessed in the past few months, it is great to see companies taking the steps required to protect their users. The use of biometric tools like fingerprint scanning or facial recognition makes it easier for users to keep on top of security as they don’t have to juggle multiple passwords. However, the…
It has been revealed that a huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks. Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019. https://twitter.com/cyber_advising/status/1126265575620083712 Experts Comments: Warren Poschman, Senior Solution Architect at comforte AG: “If anyone is still snoozing while dreaming that their data is safe while “hidden in plain sight” on an “anonymous” cloud resource,…
In response to the news broken by TechCrunch that a development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects, including its SmartThings platform. Brian Higgins, Security Specialist at Comparitech.com: “This is a classic, although devastating example of insider threat. Not all data breaches are malicious in nature. Human error is the primary contributor in a large proportion of cases, but if you happen to be ‘patient zero’ in an embarrassing and potentially costly breach such as this, the potential impact can be very wide-reaching indeed. Reputational damage, loss of clients…
A possible delay in the roll out of the 5G network would happen because of security concerns, reported Reuters. https://twitter.com/inspiredBmedia/status/1126425115623866368 Expert Comments: Jake Moore, Security Specialist at ESET: “If 5G networks communicate our actions to an outside observer secretly, it could be devastating for civil liberties in the UK. It seems sensible therefore that every protective measure is taken by the government. Even with the best will in the world, our threat intelligence sees attempted hacks on hardware millions of times every single day, so it pays to be cautious.”
Series of Special Events at Infosecurity Europe 2019 to support, educate and nurture information security professionals and start up businesses Conference includes Capture the Flag, FutureSec, Women in Cybersecurity, Cybersecurity for CNI and Securing SMEs Symposium This year’s Infosecurity Europe (4-6 June 2019) – Europe’s number one information security event – will host a series of Special Events as part of its 2019 conference agenda, the world’s largest complimentary conference programme with 240+ free to attend sessions aimed at supporting, educating and nurturing those in the industry. Designed to bring together information security professionals at all stages of their career development, this year’s event includes some exciting new additions for…
Government agencies have been the target of password spray attacks in which cybercriminals try to pry open accounts that use simple or common passwords that they can then use to get into accounts to steal sensitive information. https://twitter.com/martinjonesaz/status/1125806560775626752 Ryan Wilk, VP of Customer Success at NuData Security: “The human element always plays a key role in cybersecurity protection and passwords are currently the weak link for some government agencies as well as businesses. Government agencies should adopt multilayered security technologies that include passive biometrics and behavioral analytics to detect non-human behavior both at the server and the endpoint. This allows these…