It has been reported that top password managers have fundamental flaws that expose user credentials in computer memory, according to a new study by researchers at Independent Security Evaluators (ISE). In the new report titled “Under the Hood of Secrets Management,” ISE researchers revealed serious weaknesses with top password managers: 1Password, Dashlane, KeePass and LastPass. ISE examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked. More than 60 million individuals 93,000 businesses worldwide rely on password managers. https://twitter.com/deadmilkman/status/1098530791309611008 Experts Comments below: Gavin Millard, VP of Intelligence at Tenable: “While…
ISBuzz Team
News has surfaced that North Country Business Products (NCBP), a Minnesota-based provider of point-of-sale (POS) products, announced a security breach last week. The company said hackers compromised its IT system and later planted POS malware on the network of some of its customers. It is thought that 139 locations have been compromised with critical customer payment data likely exposed. https://twitter.com/citypagesfood/status/1098257979609178112 Expert Comments below: Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG: “Coffee, Burrito, Beer, Hack – Your credit card details were just stolen. Yet another incident of malware installed which was able to syphon credit and debit card details from 139 businesses. Companies who…
Following the news that Microsoft announced that hackers targeted European think tanks and non-profit organizations which often have contact with government officials, Corin Imai, Senior Security Advisor at DomainTools commented below. Corin Imai, Senior Security Advisor at DomainTools: “Microsoft’s discovery is an important reminder that while phishing is often associated with consumer-facing scams, the threat to businesses and organisations is equally as serious. The fact that EU think tanks and not for profits were targeted would indicate that the threat actors behind it were attempting to steal sensitive information or funds from the organisations, indicating a nation-state or large scale criminal enterprise. The aim could also have been simply to disrupt…
Half of all UK businesses (49%) believe they have unknown third-party devices on their networks, an increase of 110,000 since last year 85% of IT managers say this poses a security risk to their organisations Half (49%) of the UK’s 5.7m businesses are leaving themselves vulnerable to cyber-attacks by having unknown devices on their network, new research from Forescout has revealed today. This marks a significant increase of 2%, or 110,000, of businesses since April 2018. The survey conducted by Censuswide found that 85% of CIOs and IT decision makers understand that a lack of visibility and control of the devices on their network poses…
https://twitter.com/cyberintelhouse/status/1098529029941010433 Following the news that Toyota Australia confirmed a cyber-attack which took down its email system, Jake Moore, cyber security expert at ESET UK commented below. Jake Moore, Cyber Security Expert at ESET UK: “Cybercrime constantly evolves and the usual vectors used by malware creators to spread infections are difficult to detect by antivirus products alone these days. Moreover, second generation malware can go undetected for months; malicious actors evolve and improve their tactics to avoid detection as much as possible, as we have seen with large scale attacks such as BA.com. To enhance security, businesses should be using modern…
The number of users attacked by malware out to steal premium access login data to popular adult websites more than doubled in a year, rising from around 50,000 users in 2017 to 110,000 users in 2018. In all, more than 850,000 attacks were detected. This growth was accompanied by more offers of stolen credential for sale on dark web markets and an increase in the number of malware families launching attacks. These and other findings are unveiled in Kaspersky Lab’s report on threats to users of adult websites in 2018. While porn is usually considered a good decoy to attract…
It has been reported that thousands of websites are being hit by cyber-thieves who implant code to scope up payment card numbers. Security giant Symantec found more than 4,800 websites were being hit by these “form-jacking” attacks every month. They were now inserting “attack code”, either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras. High-profile victims of these attacks include airline BA and Ticketmaster. Experts Comments below: https://twitter.com/jhales1971/status/1098526759174225922 Oscar Tovar, Vulnerability Verification Specialist at WhiteHat Security: “Formjacking is growing in frequency and scope. Looking at a few of the big formjacking attacks…
As businesses take advantage of mobile workforce and consumers, they have also been actively migrating their data centers and “webifying” applications to the cloud. To this end, security professionals have been building out an application-based access security architecture called Software Defined Perimeter (SDP). SDP leverages the Zero Trust tenet of ‘never trust, always verify’ by essentially enabling secure access directly between the user and their device to the application and resource no matter the underlying infrastructure – but in a scalable way and according to policy. In a sense, SDP enables Secure Access elasticity as users gain easy means for…
A new Microsoft malware infiltration technique has just been discovered, which involves the execution of malware even if the user does not open the Word document containing the malware. https://twitter.com/BobWillcox/status/1097818601308995584 Expert Comments Below: Dr Darren Williams, Founder and CEO at BlackFog: “The new malware infiltration technique identified must come as a wakeup call around the increased sophistication of attackers. Despite the prevalence of security solutions that focus on intrusion detection systems such as Firewalls and Anti-Virus, together with Malware solutions that remove known infections, attackers are finding new and imaginative ways to break down company walls. So, when hackers break into company networks,…
Over one third of Bezeq’s customers pay a premium for enterprise-grade LAN security, stopping more than 100,000 attacks every week Tel Aviv, Israel (February 20th, 2019) – SAM Seamless Network, the intuitive security system for smart home networks, today announced that it has successfully created a new revenue stream for Israel’s largest telecommunications company Bezeq via a premium subscription offering. SAM also announced its expansion into Europe and USA with new offices in Berlin and New York, as well as the appointment of Pirjo Tuomi as Chief Revenue Officer. SAM prevents an average of 67.4K DoS attacks, 15,6K Malware attacks, 18K spyware…