The newly issued December 2018 McAfee Labs Threat Report states: “Dark web markets: The ripple effect of the takedowns of the Hansa and AlphaBay dark web markets were still apparent in Q3. Competing marketplaces, such as Dream Market, Wall Street Market, and Olympus Market eagerly filled the gap left by law enforcement actions last year.” Expert Comments below: Satya Gupta, CTO and Co-founder at Virsec: “While taking down dark web sites like Hansa and AlphaBay is laudable, few security experts expected this to make a dent in cybercrime. When the lights are turned on in a dirty kitchen and the…
ISBuzz Team
The news dropped today that the Justice Department has announced an indictment that connects spies working for the Chinese government for a hacking campaign against U.S. tech companies and other industry organizations as well. The indictment, which was dealt Thursday, accuses China’s main intelligence agency, the Ministry of State Security, of hacking into multiple tech companies and government departments, with the purpose of stealing IP. Prosecutors said the hackers were part of a Beijing-backed group, dubbed APT10, which various security companies had previously linked to China. Experts comments below: Carl Wright, CCO at AttackIQ: “The United States Justice Department’s indictments…
NASA revealed today that it was hacked earlier this year. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said. The agency said it discovered the hack on October 23, almost two months ago. It is unclear why the agency waited nearly two months to notify employees, but it is common for US law enforcement to ask hacked organizations to delay notifying affected victims while they investigate an incident. Commenting on…
All security starts with a policy – businesses should have an agreed policy for such situations, and they should train their staff accordingly. CEOs should hire strong people who are willing to stick to the policy under pressure. Of course, defying the CEO is a great way to get fired in American business, and the cybercrooks rely on this. Don’t play Santa Clause with CyberCrooks this Christmas!” Expert Comments: Paul Bischoff, Privacy Advocate at Comparitech.com: “Businesses and tax professionals are prime targets for phishing, a scam that’s cheap and low-risk for criminals that stand to steal large amounts of money.…
NASA has announced that they suffered a data breach in October that compromised the PII of current and former employees, including Social Security numbers. The agency is still unaware of the scope of the breach, but they are notifying all employees, so they can take countermeasures against possible fraud as a precaution. Previously, NASA has suffered similar security breaches in 2016 and 2011. Experts Comments below: Gaurav Banga, CEO and Founder at Balbix: “NASA and other government agencies store massive amounts of highly sensitive data. As disastrous as it is for NASA to expose its employees’ personally identifiable information (PII),…
Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter. The malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server. The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server. Commenting on the effectiveness of this stealthy form of malware, and how users and organisations can defend against it, is…
Following the New York Times report which reveals that hackers successfully infiltrated the European Union diplomatic communications network over a period of several years, Jake Moore, cyber security expert at ESET UK, has the following comment. Jake Moore, Cyber Security Expert at ESET UK: “When the risks are so high, cyber security needs to echo this. The more important the data, the more imperative the cyber security should be in place to mitigate the great heights it can fall as we’ve seen here. No expense should be spared when the implications can damage the country’s security and reputation.”
Privileged accounts, credentials and secrets – and the access they provide – represent the largest security vulnerability that enterprises will face today. Nearly all of the most destructive cyber attacks this decade were executed by successfully exploiting privileged access. As such, managing and securing privilege is increasingly an organisational priority and a core component of an effective cyber security strategy. But, knowing where to start can be confusing. The market offers an ‘acronym soup’ of different terms and tools for addressing privileged access security. For example, consider Privilege Access Management, aka ‘PAM’, and its close associate, Privilege Identity Management, aka…
Cryptojacking has increased 400% during 2018 according to Kaspersky Labs. Security researchers says cryptojackers are now using malware scripts to access people’s computers to mine cryptocurrencies. Expert Comments below: Mike Bittner, Digital Security & Operations Manager at The Media Trust: “There are several reasons why cryptojacking has overtaken ransomware in popularity among bad actors. It requires less work to execute, the likelihood of payoff is greater, and it requires little to no interaction with the unsuspecting victim. Once hackers install cryptomining JavaScript on a website, they will be able to siphon CPU power from every visitor to that site for…
After an audit of the US ballistic missiles systems, it has been revealed that the systems had no data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities. The report [PDF] was put together earlier this year, in April, after US Department of Defense Inspector General officials inspected five random locations where the Missile Defense Agency (MDA) had placed ballistic missiles part of the Ballistic Missile Defense System (BMDS) –a DOD program developed to protect US territories by launching ballistic missiles to intercept enemy nuclear rockets. Javvad Malik, Security Advocate at AlienVault: “The findings are indeed quite…