Zscaler Releases Semi-Annual Cloud Security Insights Report Leader in Cloud Security Reveals 400% Increase in Phishing Attacks in 2018 Zscaler, Inc., the leader in cloud security, announced today the release of its semi-annual 2019 Cloud Security Insights Threat Report – An Analysis of SSL/TLS-based Threats, which examines encrypted traffic across the Zscaler™ cloud from July through December 2018. The report, compiled by the ZscalerTMThreatLabZ research team, delves into a variety of attacks executed over SSL and blocked by Zscaler, including phishing attacks, botnets, browser exploitation, and malicious content. As the use of SSL grows to the point where it’s the standard protocol, cybercriminals are increasingly using encryption to…
ISBuzz Team
TikTok has received a record fine for allowing underage children to use the app, with the FTC revealing the Musical.ly app had 65 million users in the US, a “large percentage” of which were underage. TikTok has reacted by requiring US users to verify their age when they open the app – this will be implemented on a trust basis and has not been rolled out beyond the US. https://twitter.com/CTVNews/status/1101082150848344066 John Fokker, Head of Cyber Investigations at McAfee: “The tech industry, and TikTok in this specific instance, needs to up its game when it comes to age verification and protecting young users. But the responsibility also lies with…
Over the past couple of years there has been a meteoric rise in cybersecurity incidents and it’s only a matter of time before the inevitable occurs in your organisation. Whether hit by a Distributed Denial-of-Service (DDoS) attack or infected by malicious programs or even becoming a victim to ransomware, the first-responder actions will often determine the output of the security incident. According to NTT Security’s 2018 Risk:Value Report the average recovery time from a breach is 57 days so whatever the form of the attack the immediate actions taken following incident are critical. Yet even though there are greater prevention efforts…
Convergence between physical and cyber environments is leaving businesses exposed More than half (59 per cent) of respondents to the latest social media poll conducted by Infosecurity Europe 2019 – Europe’s number one information security event – believe that an attack on the UK’s critical national infrastructure is likely this year. As more devices, systems and infrastructure are connected to the internet, the cyber and physical worlds are becoming increasingly linked, opening up new attack vectors. According to Ciaran Martin, head of the UK’s National Cyber Security Centre (NCSC), a major category one (C1) attack on our critical infrastructure – one that…
Following the news that Google and the Fast IDentity Online (FIDO) Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users can forego using passwords and instead use their fingerprint or a PIN to log into browsers or apps on their devices, a director at OneIdentity has offered the following commentary. Security Expert, Director at OneIdentity: “This move by Google underlines the evolution of authentication away from single factor authentication using passwords (something the user knows) to multi-factor authentication using bioemetrics (something the user is) and mobile devices (something the user possesses). Users find password authentication increasingly difficult to manage for the…
MWC 2019 has been all about 5G becoming a reality in 2019. However, the University of Iowa has reported that a security flaw has been found in both the 4G standard and in 5G too. Raj Samani, Chief Scientist and Fellow at McAfee: “MWC is awash with news that 2019 will be the year of 5G. Promising faster speeds and increased connectivity, the University of Iowa is right, 5G will inevitably introduce security risks to the networks people are using. “However, what they haven’t considered, is that the risk will have far wider consequences for consumers. As the user experience becomes quicker and more…
TurboTax maker Intuit notified users that a number of users that their accounts had been hijacked. Though not a breach of Intuit’s own systems, this was a case of credential stuffing, in which hijackers used old login credentials to break into other accounts. This is a perfect example of the importance of password hygiene – including regularly creating new passwords and not reusing passwords across multiple accounts. Below is commentary from LastPass CTO, Sandor Palfy, on the dangers of password reuse and best practices for online security. Sandor Palfy, CTO at LastPass: “Passwords play a huge part in one’s overall security, but people continue to neglect basic…
New tools and services will enable telecoms transitioning to 5G to optimise networks and monetise new services today Today F5 Networks (NASDAQ: FFIV) announced several new solutions and enhancements designed to allow service providers to launch 5G services. The announcements include a new network functions virtualisation (NFV) package that will enable the optimisation and scale of existing 4G and new 5G networks, along with other improvements to help providers speed up delivery of new 5G services and secure their networks at every layer. The company also announced a new service and support plan designed specifically to meet the complex and evolving needs of service providers. From F5’s 2019 State of Application Services…
It has been reported that a new ransomware called BorontoK is encrypting victim’s web sites and demanding a 20 bitcoin, or approximately $75,000 ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. In a BleepingComputer forum post, a user stated that a client’s web site was encrypted with the new B0r0nt0K Ransomware. This encrypted web site was running on Ubuntu 16.04 and had all of its files encrypted, renamed, and had the .rontok extension appended to them. Gavin Millard, VP of Intelligence at Tenable: “It’s difficult to know for certain how many have fallen victim to B0r0nt0k, however the bitcoin wallet…
Following the news around the FCA announcing that it saw the number of data breaches reported to it grow fivefold from 2017 to 2018, Malcolm Taylor, Director Cyber Advisory at ITC Secure offers the following comment. Malcolm Taylor, Director Cyber Advisory at ITC Secure: “There’s no doubt that corporations are reporting more attacks; GDPR is a part of that. But there’s also no doubt that as attackers get more capable – and they are getting more capable – more attacks are getting through. We see from our own experience that, very often, companies who get hit aren’t doing the basics, let alone the…