ISBuzz Team

WIPRO, an IT outsourcing and consulting company is investigating a possible breach of its own IT systems where hackers are using the infiltration to target WIPRO customers.   https://twitter.com/briankrebs/status/1118140758924697603 Experts Comments:  Dan Tuchler, CMO at SecurityFirst:   “The bar continues to rise. The increasing complexity and interconnectedness of IT infrastructure makes it harder to protect. Wipro, a firm with broad IT expertise, is a victim and a part of a complex hack against some of their customers, despite extensive security and monitoring measures. This underscores the importance of protecting data where it resides on servers, including encryption, comprehensive key management, and data…

New survey data reveals a third of organisations have shipped products with known security vulnerabilities to beat competition   With vulnerabilities recently being disclosed in Huawei and Asus laptops, which have highlighted the importance of vendors carrying out thorough security checks on technology before shipping to customers, a new study from Outpost24, an innovator in identifying and managing cyber security exposure, has revealed that 23 percent of organisations don’t carry out any security testing at all on products before they are launched into the market.  The study, which was carried out in March 2019 at the RSA Conference in San Francisco, also shockingly revealed that 31…

Research published in a new report on the state of cybersecurity in healthcare organizations included findings that third-party vendors were behind 20% of healthcare data breaches in 2018.  https://twitter.com/cabletocloud/status/1118177259851014146 Matan Or-El, CEO at Panorays:  “This latest research illustrates why it’s so crucial for healthcare organizations to check the cyber posture of their third parties. For this, healthcare organizations need to build a policy and to require vendors to abide by that policy.     How can organizations enforce suppliers’ adherence to a certain security standard?    First, suppliers’ security posture should be assessed using an inside-out view—security questionnaires that check that suppliers comply with regulations and internal…

A new exploit discovered in Adblock Plus, AdBlock, and uBlocker browser extensions would allow hackers to inject malicious scripts into the blockers according to Security Researcher Armin Sebastian.   https://twitter.com/Techmeme/status/1118176262676197376 Usman Rahim, Digital Security & Operations Manager at The Media Trust:   “Blockers have risen in popularity not only among consumers, but businesses. And for very good reasons. To begin with, they promise to block annoying or criminal elements. The problem is they may not live up to their promise, such as when bad actors inject malicious code that reprograms a blocker to steal from site visitors. Blockers were never meant to be a complete solution, and…

It has been reported that Energy industry firms are vulnerable to increased cyber espionage and sabotage attacks due to outdated systems and technology, and poor security posture, prioritisation and awareness, with phishing the most popular method of infiltration, a report warns. Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially, and interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time, according to the report by security firm F-Secure.  https://twitter.com/ianwhi77/status/1118398890569498624 Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks: “The report is not particularly surprising as the ICS environment is often the Achilles heel for many energy firms in terms…

Kaspersky Lab’s automated technologies have detected a previously unknown vulnerability in Microsoft Windows. It was exploited by an unidentified criminal group in an attempt to gain full control over a targeted device. The attack was aimed at the core of the system – its kernel – through a backdoor constructed from an essential element of Windows OS. Backdoors are an extremely dangerous type of malware, as they allow threat actors to control infected machines discreetly for malicious purposes. Such escalation of privileges from a third party is usually hard to hide from security solutions. However, a backdoor that exploits a…

David Emm, Principal Security Researcher at Kaspersky Lab:    “It’s interesting to see TSB take the step of reassuring customers that it will reimburse customers if they fall victim to fraud. It will be even more interesting to see how far they’re prepared to take this.  Given the potential costs involved, it’s unlikely that banks will have a blanket policy on this and will instead continue to look at each case on an individual basis and decide whether or not the victim took reasonable steps to secure themselves.    “With almost every area of our daily lives now being online, fraud is a…

Over the weekend, Microsoft confirmed that a certain limited number of people that use Outlook, Hotmail and MSN email systems had their accounts compromised. Hackers were able to access users’ email addresses, folder names and the subject lines of emails but not the content of any emails or attachments, or any login credentials and passwords either. The breach occurred between January 1 and March 28 and the hackers were able to get into Microsoft’s system by compromising a customer support agent’s credentials.  https://twitter.com/pcmsystemsltd/status/1117778307280510976 And the solution is to move to more secure email provider that can guarantee privacy.  https://twitter.com/leggendario12/status/1117137881175330819 Experts…

PIN verification will soon become a thing of the past. Thanks to advances in fingerprint biometric technology, the reality of being able to authenticate a payment with a simple touch of the finger is set to explode across the globe. Whilst some countries remain conservative in terms of adopting this technology – Asia is one region driving the charge for biometric fingerprint payment cards. Countries such as India and China have already welcomed fingerprint biometric payment smart cards into their everyday lives.    In its race to become the next ‘Silicon Valley’, Asia has positioned itself as a world leader when…

After a period of enforced downtime, my first International visit of 2019 was at the invitation of those very nice people at Paliscope to visit their offices in Gothenburg, Sweden to take part in a little product collaboration. First of those readers who don’t know the company, Paliscope are the developers of the highly functional on-line Investigations Browser based tool which provides the functionality to quickly and effectively transform, what can be meaningless data and transforms it into meaningful into understandable intelligence.