New research from Janrain reveals that almost a third of consumers do not trust a single company with their personal data, highlighting the impact of a series of high-profile data breaches this year. In response to this, Jake Moore, cyber security expert at ESET UK commented below. Jake Moore, Cyber Security Expert at ESET UK: “Large organisations will always be a prime target with the more lucrative datasets at stake. With such big companies as British Airways, Ticketmaster and Marriot hotels all having data breaches with varying severity, it is no wonder that people are becoming less confident in the way their…
ISBuzz Team
Most businesses are now aware of Business Email Compromise (BEC), but 50 percent of management teams still are not cognizant of Business Process Compromises (BPC). what these attacks are or how their business would be impacted according to a recent survey by Trend Micro. Justin Jett, Director of Audit and Compliance at Plixer: “Business process compromises are a serious threat to businesses. Because businesses often deploy practices that have multi-point, and multi-people, processes, malicious actors find ways to circumvent one of these processes . They inject themselves into one of the stages artificially. Additionally, many of these processes may not require…
1989 was of a year of positive milestones which would have a profound impact on the way we live and work today. The World Wide Web was invented, the Berlin Wall was torn down, and the first GPS satellite went into orbit. However, not everything about the year was a cause for celebration. Alongside these progressive developments was the creation of the world’s first computer worm. Initially crafted to test the size of the internet, the worm spread out of control, causing devastation and alerting businesses to the importance of investment in security products including firewalls. This was the first…
Following the news around hackers stealing more than $800,000 from Cape Cod Community College last week through an email phishing scam Matt Radolec, Security Architect Manager at Varonis offers the following comment. Matt Radolec, Security Architect Manager at Varonis: “There has been another hack where the human element was exploited. When will people learn we must not provide access to computers to anyone, especially if it’s a large university or other public organization, where security minded individuals are often the minority? All jokes aside, humans are the weakest element of any security program and there is no shortage of people at a…
Cybercriminals are still leveraging a 17-year old bug in Firefox that has not been fixed, to snag users on malicious websites. Mike Bittner, Digital Security & Operations Manager at The Media Trust: “While bad actors may find a haven in the Firefox browser, they are able to execute similar campaigns using malicious sites regardless of which browser users default on. As an open source product, Firefox is easier to exploit for ill or for good. However, bad actors have become sophisticated enough to know the wide range of vulnerabilities they can work with in order to hijack a browser session.…
Following the news that Australia passed a hotly-debated national encryption law, IT security experts commented below. Colin Bastable, CEO at Lucy Security: “The issue is back doors and exploits – if governments can use them lawfully, cyber criminals can use them unlawfully. EternalBlue, for example, was gifted to cybercriminals by a leak from the NSA. Australia is opening a backdoor, and we should assume that other Five Eyes nations will follow or are already there. People should act on the basis that they have no privacy with email, web browsing or using a mobile app.” Terrie Anderson, APAC Regional Director at Venafi: “This new…
It has been reported that researchers have created new artificial intelligence that could spell the end for one of the most widely used website security systems. The new algorithm, based on deep learning methods, is the most effective solver of captcha security and authentication systems to date and is able to defeat versions of text captcha schemes used to defend the majority of the world’s most popular websites. Shane Martin, Software Consultant at NuData Security: “What makes some captchas raise above these sophisticated attacks are not the captchas or challenges themselves, but the risk assessment behind the challenge. If an attacker used this method…
It has been reported that Kubernetes vulnerability hits top of severity scale. The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.The vulnerability (CVE-2018-1002105) allows for privilege escalation and can be accessed by both authorised and unauthorised users. Gavin Millard, VP of Intelligence at Tenable explains the vulnerability and what organisations can do to protect themselves. Gavin Millard, VP of Intelligence at Tenable: “With the proof of concept code being published in the last 24 hours for the Kubernetes flaw, anyone running the orchestration software should consider patching as quickly as possible. Due…
The media headlines were about the end of austerity and the digital sales tax on Google and Amazon. Yet from the viewpoint of a technology innovator it was the Chancellor of the Exchequer’s emphasis on investment in tech talent and cyber security that stood out in this year’s Budget. While an additional £1bn was announced for defence for the remainder of this year and next, in order to enhance cyber capabilities and anti-submarine warfare, the Chancellor also stressed that “scientific and technological discovery” is “pouring out” of the country’s universities and tech industries. He backed this up by promising £1.6bn…
The DanaBot banking trojan is back, and has expanded beyond banking to compromise Web-based email servers. Will LaSala, Director ,Security Solutions and Security Evangelist at OneSpan: “Previously the DanaBot focused on mainly harvesting banking credentials by a similar means to the new threat, essentially by compromising the Bank’s Web Portal. It would steal usernames and passwords. The new functionality appears that they are focusing on just harvesting email addresses, from all sorts of different companies. The change in direction of the DanaBot shows that attacks that started in banking are moving beyond banking. Attacks such as Marriot, British Airways and Newegg were…