FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to the government, telecommunications, and internet infrastructure entities across the Middle East and North Africa, Europe and North America. While they do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran. This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success. Expert Comments below: Emily Hacker, Security Researcher at DomainTools: “DNS hijacking is a particularly dangerous attack technique due to…
ISBuzz Team
The average cost of a cyber breach for companies now exceeds one-million dollars according to a new report by Radware. Justin Jett, Director of Audit and Compliance at Plixer: “The numbers reflect the reality that breaches are inevitable and expensive. However, both sides of that equation can be mitigated if companies can locate forensic data quickly to find and mitigate attacks. Specifically, IT professionals need network traffic analytics to fully understand where these attacks are coming from and how the attacks were possible. By looking at all of the data, network and security teams can work together to see the…
Every third Thursday of each quarter, ‘Know Your Customer’ Day is held. The day transcends all industries, aimed at businesses and designed to serve as a reminder of how important it is to take the time to understand your customer. In the cybersecurity industry, it is equally important. When it comes to knowing the ‘customers’, it is predominantly the users of the network, or the need to support customer and user activities. Information Security Buzz spoke to a variety of technology professionals to gauge exactly what ‘Know Your Customer’ Day means to them and their business, and how it impacts…
Marc Vanmaele, CEO of TrustBuilder considers whether blockchain will become an IAM game changer From a niche cryptocurrency discussed only in the most technical and computing-focused circles, to an imagination-capturing marketplace featured in the mainstream press, bitcoin has undergone a transformative journey over the past decade. As part of this evolution, bitcoin’s public transaction ledger has gone mainstream too. We are talking, of course, about blockchain. Across both the public and private sectors, multiple organisations believe that blockchain can add value to their operations. As reported in Forbes, ‘blockchain enables direct exchange of value between A and B without the need for the…
Everyone knows that major mobile service providers such as AT&T, T-Mobile, and Sprint are actively collecting their customers’ location data, but not many know that they’re also selling it to the highest bidder.As discovered by Motherboard’sJoseph Cox, you can locate anyone as long as you know their phone number and, of course, if you are willing to pay for it.$300 – the price to locate a phone in the U.S. Jonathan Deveaux, Head of Enterprise Data Protection at Comforte AG: “With the latest news regarding several US mobile service providers actively collecting and selling location data to the highest bidder, can we actually believe…
ZDNet is reporting that hackers breached the computer systems of a South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces. Local press reported that hackers breached 30 computers and stole internal documents from at least ten computers in October 2018.It’s believed that the stolen documents contain information about arms procurement for the country’s next-generation fighter aircraft, according to a news outlet reporting on the cyber-attack.The breached organization is South Korea’s Defense Acquisition Program Administration (DAPA), an agency part of the Ministry of National Defense. Expert Comments below: Pravin Kothari, CEO at CipherCloud: “The hack of…
A newly revealed trove of 772,904,991 unique email addresses and more than 21 million unique passwords that have been aggregated from over 2,000 leaked databases was recently discovered by Troy Hunt, the security researcher who maintains HaveIBeenPwned. The records were stored on one of the most popular cloud storage sites, MEGA, until it got taken down, and then on a public hacking site. The credentials were not even for sale; they were just available for anyone to take. In total, 1,160,253,228 unique combinations of email addresses and passwords were exposed. Experts Comments below: Ruchika Mishra, Director of Products and Solutions at Balbix: “In terms…
Following last night’s failed Brexit deal vote, and the instability it has caused, Corin Imai, senior security advisor at DomainTools has given her views on where Britain’s exit from the European Union leaves the cybersecurity industry. Corin Imai, Senior Security Advisor at DomainTools: “The UK is likely to face a plethora of cybersecurity challenges once article 50 is triggered. Information sharing across borders is already a tricky subject, and for the UK to leave its current arrangement with the European Union this will become even more difficult, damaging international law enforcement investigations and operations into cybercrime. Furthermore, the already mammoth task of hiring security professionals…
News broketodaythatBEC scammers have responded to the flurry of attention brought on their practices in 2018 by moving towards a different tactic; impersonating an employee and issuing a fraudulent request to change their bank account details with the HR department. Corin Imai, Senior Security Advisor at DomainTools: “As public awareness of BEC scams has grown in the past year, it is only natural for scammers to pivot towards a different entry point. While HR departments have always been a highly valued target for fraudsters due to the readily accessible PII and financial details, diverting funds by pretending to be an employee…
According toreports, evolving cyber threats are among the biggest risks in 2019, the World Economic Forum (WEF) has warned.The WEF’sglobal risks report- ahead of its annual gathering of world leaders and business figures in Davos next week – called for greater collaboration between nations. A survey of 1,000 decision-makers from the public and private sectors as well as academia found that the threat oflarge data thefts and large-scale cyber attacks were a large risk. Expert Comments below: Renaud Deraison, Co-founder and CTO at Tenable: “In the World Economic Forum’s 2019 Global Risk Report, data fraud/theft and large-scale cyberattacks landed in the…