It has been reported today that security researchers have discovered two new malware families distributed through phishing campaigns last year from the Necurs botnet: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT). The threat actor continues to target organisations in the financial and retail sectors, the researchers say, using Microsoft Word, Microsoft Publisher, and PDF files pull the malware on the victim computer host. Experts comments below: Boris Cipot, Senior Engineer at Synopsys: “Backdoors and remote access Trojans distributed via botnet aren’t new concepts. Even though this type of attack vector is already well known, it still poses a real threat…
ISBuzz Team
News F5 Labs research reveals IoT devices are now hackers’ No.1 target New research from F5 Labs has revealed that IoT devices are now cybercriminals’ top attack target, surpassing web and application services, and email servers. Gartner currently estimates that the number IoT devices will surge to 20,4 billion by 20201, which represents a staggering 143% growth rate over three years. “IoT devices already outnumber people and are multiplying at a rate that far outpaces global population growth. Increasingly, lax security control could endanger lives as, for example, cellular-connected IoT devices providing gateways to critical infrastructures are compromised,” said David…
Following the news that Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack, please see below comments from Igor Baikalov, chief scientist at Securonix. Igor Baikalov, Chief Scientist at Securonix: “Instead of a war exclusion clause, Zurich should have invoked a gross negligence clause, which is much easier to prove in this case than an attribution to a nation-state, particularly considering Mondelez was hit twice by the same ransomware. The “fool me once” proverb…
A huge MongoDB database containing over 200 million records with resumes from job seekers in China was left unprotected for at least one week with anyone able to locate it. The size of the cache weighed 854GB. The information exposed this way, 202,730,434 records in total, includes all the details one would expect to see in a resume: personal information (full name, date of birth, phone number, email address, civil status), professional experience and job expectations. Expert comments below: Jonathan Deveaux, Head of Enterprise Data Protection at Comforte: “In the case of this data breach, or data exposure, the unprotected data was open and available…
OxoInternational, ahomeware, office supplies, and kitchen utensil manufacturer has disclosed a two-year long breach that exposed customer details in a Magecart like attacks. Experts comments below: Robert Capps, VP and Authentication Strategist at NuData Security: “Once data has been stolen, it’s used in a number of ways, including account takeover and identity fraud. More recently, we’ve seen a change in the value of stolen data as more and more intuitions are implementing user authentication solutions that render stolen data valueless. The loss of credit card data is a worry for all organisations, not just the targeted company. The data lost…
Business leaders’ confidence in the digital skills of new entrants to the workplace has improved in the last six months, according to the latest Digital Disruption Index by Big Four accountant Deloitte. A growing number of business leaders think that school leavers and graduates have the right digital skills and experience, according to the new report. Experts comments below: Javvad Malik, Security Advocate at AlienVault: “The skills gap is tough to directly address because of the continued rate of digital change. The challenge for many companies is taking control of the rate and nature of change and mapping out a clear digital…
From watching funny cat videos to checking the latest news, we are all familiar with the exchange of personal data (email address information, and the like) for services. But, could we be becoming dangerously complacent? Studies reveal that 57 per cent of British consumers are concerned about how much personal data they have previously shared online. Often, we’ve even lost track and are unsure of what we have shared, when we have shared it, and most crucially who we have shared it with. Concerningly, this uncertainty around data sharing and user accounts isn’t exclusive to consumers, it is common with…
Facebook has violated Vietnam’s new cyber-security law by allowing users to post anti-government comments on the platform, the country’s state media said on Wednesday (Jan 9), days after the controversial legislation took effect in the communist-ruled country. Expert Comments below: Ilia Kolochenko, CEO at High-Tech Bridge: “The problem of many emerging cyber laws is that they may inadvertently, or even purposefully, impact the freedom of speech. Moreover, in developing countries, proper enforcement of such laws will be highly complicated, impractical and expensive both for social networks and the government. Who will decide and under which standard what is permissible and…
It has been reported that the National Counterintelligence and Security Center (NCSC) has launched a program aimed at helping U.S. companies protect themselves from cyber-attacks or other threats from foreign nation-state actors. The NCSC is now sharing materials on how firms can guard themselves against threats to the supply chain — or components manufactured outside of the U.S. — spear-phishing campaigns and economic espionage, like the theft of intellectual property. Expert comments below: Paul Bischoff, Privacy Advocate at Comparitech: “Spear phishing, supply chain security, and social media deception are all real and growing risks to US enterprises, but I’m doubtful as to whether…
Phishing attacks can be automated through a new penetration testing tool published by security researcher Piotr Duszyński. Modlishka is the name of the tool and it can bypass login operations for accounts protected by two-factor authentication (2FA). Don Duncan, Security Engineer at NuData Security: “While cybercriminals can get past two-factor authentication (2FA), this should only be one piece in the authentication stack and not the only one. This is why companies are using multi-layered authentication tools that can verify the legitimacy of a transaction from different angles. This way, if one of the layers is fooled by a bad actor, the…