Cybersecurity Trends for 2019 – The Escalating War Against Encryption, Privacy, and Security It’s time to take stock of security for another year. 2018 has seen some corkers, from the BA data breach to Cambridge Analytica, but as ever, it could always be worse. The range of consumer-facing breaches in 2018 have truly proved that cyber security is the last line of defence for personal security. Companies and individuals alike have lots to lose if their digital security is lacking, and whether the attacker is a terrorist or a disgruntled employee, there’s plenty to combat over the next year. From…
ISBuzz Team
It has been reported that Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google’s Threat Analysis Group when they saw the vulnerability being used in targeted attacks. According to Microsoft’s security bulletin this is vulnerability in how the Internet Explorer scripting engine handles objects in memory. Satnam Narang, Senior Research Engineer at Tenable: “Microsoft has released an out-of-band patch to address a remote code execution vulnerability (CVE-2018-8653) in Internet Explorer that has been exploited in the wild. The vulnerability allows an…
Following the news that the police will set up a new “hate lab” that will utilise AI to help predict spikes in hate crime on the streets following Brexit, Andy Davies, consultant, police & intelligence services at SAS UK highlights the importance of using data to mitigate preventable or predictable trends.Andy stresses the need for law enforcement to find innovative ways to make analytics and resulting insights accessible to officers. Ultimately, AI and data analytics has the power to help police do their jobs more efficiently and effectively. Expert Comments below: Andy Davies, Consultant at Police & Intelligence Services, SAS…
US law enforcement authorities are urging Americans to remain calm after a massive spam campaign carrying bomb threats has scared people and caused building evacuations all day across the country. The source of all problems is a spam campaign that got underway today, and which was sent to millions of email inboxes, primarily in the US. The emails had different subject lines and various text variations, but all carried the same threat. Extortionists threatened to blow up a person’s workplace or building unless the person paid the equivalent of $20,000 in Bitcoin to a specified Bitcoin address. Expert Comments below:…
Asher Benbenisty at AlgoSec examines four common security policy errors, and shows how organizations can avoid them As security threats become more and more advanced, managing your network’s defences correctly has never been more critical. The effectiveness of firewalls and other security devices depends on the security policies which control how they operate. These policies, which can comprise tens or even hundreds of thousands of firewall rules, dictate what traffic is blocked, what is allowed, and where it’s allowed to go to enable security, ensure compliance and drive business productivity. It’s increasingly challenging to maintain these policies, so that the…
Yesterday Splash Data revealed its annual list – which included ‘123456’ and ‘password’ – of the most commonly used passwords of the year,. In response to this, Jake Moore, cyber security expert at ESET, had the following comment. Jake Moore, Cyber Security Expert at ESET: “With over 925 million cyber-attacks in September 2018 alone, I think it’s fair to say everyone needs to up their password game in 2019 and think more carefully about online security. However, this needn’t just be a dig at the account holders, websites need to ban simple and overused passwords. A excellent place to start…
It has been reported that state-sponsored hacking of US officials has been tied to sanctions levied against Iran by the US. Expert Comments below: Israel Barak, Chief Information Security Officer at Cybereason: “This news shouldn’t come as a surprise to anyone as Iran and all nation-states have been hacking each other for decades and we can expect it to continue in an aggressive fashion. We are in an era of new spying, one dominated by advancements in technology where cyber spies rule this type of world the same ways spies did during the cold war battles between nations. The pattern…
It is being reported thata new variant of the Shamoon malwarewas discovered on the network of Italian oil and gas contractor Saipem, where it destroyed files on about ten percent of the company’s PC fleet. The vast majority of the affected systems were located in the Middle East, where Saipem does a vast majority of its business, but infections were also reported in India, Italy, and Scotland. Experts Comments below: Andrew van der Stock, Senior Principal Consultant atSynopsys: “The resurgence of the Shamoon wiper should remind all IT Executives and Directors of the critical importance of the basics of infosec…
Today, the Wellcome Trust reported details of two phishing attacks that targeted members of senior management and allowed potential fraudsters to gain access to sensitive information. While the charity has confirmed that there have been no financial losses, the police investigation will continue. The breach was disclosed on the charity’s website in September but was not reported then. Expert Comments below: James Hadley, CEO at Immersive Labs: “The most alarming aspect of this breach is that it was members of the Wellcome Trust’s senior management team that were targeted and duped. At a time when cyber attacks against organisations of…
Following the news that security researchers haveuncovered the Sharpshooter malware, which is targeting nuclear, defense,energy, and financial businesses, please see below comments from YounesDragoni, security researcher at Nozomi Networks. Younes Dragoni, Security Researcher at Nozomi Networks: “The attackers behind the Sharpshooter malware appear to be using phishing as a means to lure victims into opening malicious Word and PDF files and executing a hidden shellcode, which is in charge of injecting the downloader on the targeted system. The Sharpshooter downloader has the only task to retrieve the second-stage implant Rising Sun. This implant is used for reconnaissance purpose (gathers information…