Canadian police last week raided the residence of a Toronto software developer responsible for authoring and selling “Orcus RAT,” a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a Remote Access Trojan. https://twitter.com/briankrebs/status/1113116204925845507 Expert Comments Below: Ilia Kolochenko, CEO at High-Tech Bridge: “It is pretty difficult to draw a straight line and delineate legitimate RA software from malware. They frequently share many identical functionalities, with…
ISBuzz Team
Biometric fingerprint technology is no longer a novelty. In fact, today’s banks and card issuers are looking to integrate fingerprint biometric technology into every day payment cards to provide customers with convenient and secure payments. According to research carried out by IDEX Biometrics, 66% of consumers anticipate biometric fingerprint payment cards will be introduced this year. To bring biometric fingerprint technology to the mass market, and meet consumer expectations, the banking industry must remain at the forefront of innovation and embrace this new technology. Whilst there is no denying the fingerprint biometric smart card is reaching its inflection point, one barrier to…
Following the news that researchers have identified an online manipulation campaign ahead of the Israeli elections, Corin Imai, Senior Security Advisor at DomainTools, offers the following commentary. Corin Imai, Senior Security Advisor at DomainTools: “This campaign is yet the latest demonstration of how the political game has changed. Cybersecurity is no longer a matter of protecting enterprises’ digital assets and data, but a responsibility towards the preservation of the democratic process. The meddling of Russia in the 2016 elections was just the most blatant example of disinformation campaigns aimed at pushing a certain political agenda, and it is not surprising that many more nation states, as well…
It has been reported that Automattic, the company behind the WordPress.com blogging platform, said it fixed a bug in its official iOS application that might have exposed users’ account authentication tokens to third-party websites. https://twitter.com/FainPablo/status/1113031537325457408 Expert Comments Below: Tim Mackey, Senior Technical Evangelist at Synopsys: “Access and authentication tokens are common when authenticating apps and services with persistent connection requirements. For example, if a mobile app doesn’t prompt the user for their credentials at each app launch, then there is a strong possibility an access token is in use. Were a malicious user to gain access to the token, replaying that token could…
It has been reported that a database breach at Georgia Tech has exposed the personal information of up to 1.3 million current and former faculty members, students, staff and student applicants, according to school officials. Georgia Tech announced yesterday that a central database was accessed by an unknown outside entity through a web application, though it is unclear exactly who was affected. The school, which typically has around 30,000 students enrolled, said it learned of the security breach in “late March.” https://twitter.com/mattdotts/status/1113256133978779648 Experts Comments Below: Adam Brown, Manager of Security Solutions at Synopsys: “Indications that the breach came through a web application are surprising, given this institute’s strong…
Securing the supply chain As products become more responsive and organisations move away from the waterfall model of software development, businesses will depend more heavily on third-party services and components. Software as a service (SaaS) is predicted to dominate 73% of organisations’ operations by 2020. Testing will need to adapt by taking a more holistic approach to securing the supply chain. By using testing to identify and understand any potential risks, and to ensure the functionality of each production stage, the overall supply chain’s security and resilience is enhanced, reducing downtime and costs, while increasing revenue. DevSecOps vital in Security-by-Design Security-by-design to meet specific compliance regulations can…
Ransomware no longer dominates the malware landscape – but it still has the power to inflict serious disruption. Orli Gan, Head of Product Management and Product Marketing, Threat Prevention at Check Point looks at why organizations still need to be vigilant about ransomware – and how they can stop attacks causing damage Just when it seemed that ransomware was becoming a thing of the past, it has reared its ugly head again. While cryptomining malware dominated the malware landscape throughout 2018, replacing ransomware as the most popular method for cybercriminals to earn illicit cash, ransomware didn’t disappear entirely – it…
Following the news that a Buca di Beppo Parent admits breaching a month after 2 million customer cards sold online, Jonathan Deveaux commented and offered advice for organizations to avoid a similar situation. Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG: “If Italian food doesn’t give you heartburn, a data breach will! Cut and copy any news headline in the past five years involving a data breach, and paste the headline right here. Remember Target? The Home Depot? Wendy’s? PaneraBread? Now it’s Buca Di Beppo. The number of high-profile data breaches is continually growing, and many companies with…
Following the news that Microsoft researchers have found an NSA-style backdoor in Huawei laptops, Oleg Kolesnikov VP of Threat Research and Head of Research Labs at Securonix commented below. Oleg Kolesnikov, VP of Threat Research and Head of Research Labs at Securonix: “While there currently is no direct evidence that the software security issues were intentionally added for Huawei’s driver code to be leveraged for a malicious backdoor, these vulnerabilities appear to align with the earlier National Cyber Security Centre, GCHQ etc (HCSEC) report regarding Huawei products and the lack of proper software security practices in the Huawei’s approach to software engineering likely…
The vxCrypter Ransomware could be the first ransomware infection that not only encrypts a victim’s data, but also tidy’s up their computer by deleting duplicate files. When the ransomware was first tested, it deleted every file in a folder except for one. As this ransomware was still being developed, it was assumed that this was just a bug in the encryption routine. However, it has been confirmed that this deletion of files was intentional as the ransomware was deleting duplicate files. This was the first ransomware that the researchers have seen that performed this behaviour. Experts Comments Below: Colin Little, Senior Threat Analyst at Centripetal: “Ransomware is a…