ollowing the news regarding emails from top officials at the National Republican Congressional Committee being hacked during the midterms, Brian Vecci, Technical Evangelist at Varonis offers the following comment. Brian Vecci, Technical Evangelist at Varonis: “The biggest thing that stood out to me was that the attack was detected by a cybersecurity vendor in April. How is it that we’re just hearing about this now? This raises questions for me as to whether our midterms were truly as secure as was reported. The hack was of a senior GOP congressman, so it was extremely targeted – this wasn’t someone getting…
ISBuzz Team
Google has released Chrome 71 that will now block all ads on abusive websites including any ads or websites with hidden click areas, fake mouse pointers, non-interactive redirects, phishing, fake messages and alerts, or misleading behavior of any kind. Chris Olson, CEO at The Media Trust: “Google’s decision to add these features to Chrome 71 is a response to consumer demand for a safer, more pleasant online experience. Google’s move will likely apply pressure on operators of ad-supported websites to ensure their ads pose no threats to users. These operators would have to work closely with their upstream digital partners and…
Built to meet the highest level of FIPS validation and immune to malware Up to 180% faster read speeds boost efficiency and productivity on the move Ultra-rugged, tamper-evident enclosure which withstands the most demanding conditions Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB storage devices, today announced the release of the Aegis Fortress L3, which brings the highest level of security validation to a high capacity storage system. The new range includes FIPS validated USB 3.0, 3.1 and 3.2 drives, with military grade encryption that meets the requirements of highly regulated sectors including defence, finance, government, power and energy, legal and healthcare. The…
Following the news that Ukrainian authorities say they’ve thwarted a huge cyberattack on their telecommunications systems and are blaming Russia for the assault, please see below comments from Security experts. Moreno Carullo, Co-founder and CTO at Nozomi Networks: “The attacks on Ukraine’s telecommunications systems highlight that attackers are once again relying on phishing as a means to target critical infrastructure. It is therefore extremely important that staff within critical infrastructure organisations are taught to recognise phishing emails and not to click on links or open attachments from unknown sources. Phishing is one of the major attack vectors cybercriminals will use to target critical…
It has been reported that a severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Andrew van der Stock, Senior Principal Consultant at Synopsys: “APIs make the friction of doing business much less. We expect to see continued explosive growth of APIs – modern responsive apps, mobile apps and B2B use cases are tremendously popular. However, whilst there are new risks to APIs not covered by previous applications, application security is near universal and still is incredibly relevant going into 2019. Securing APIs should be the focus…
Researchers from leading cybersecurity vendor Check Point have uncovered a Russian IT consultancy named Dr. Shifro (http://www.dr-shifro.ru/) that claims to unlock and recover consumers’ and businesses’ encrypted files. But in fact, the company simply pays the ransomware’s creator themselves and passes the cost onto the victim at a 75%-plus profit margin. Dr. Shifro offers only one service – helping ransomware victims unlock their files. It claims to be able to unlock files scrambled by the Dharma/Crisis ransomware (for which no decryption key is available), among others, which is suspicious. This caused the Check Point researchers to investigate. They found that…
A hacker group has compiled a list of 35,000 chief financial officers, some working at the world’s biggest banks and mortgage companies, so it can target them with requests to transfer money. The “London Blue” hackers are the latest group to focus on “business email compromise” (BEC) campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets. Most of the rest of the people on the list were in accounting departments. Agari has handed its evidence to the US and UK law enforcement agencies. If members of the hacking group are found to be…
Quora.com, a site where people ask and answer questions on a range of topics, said hackers breached its computer network and accessed a variety of potentially sensitive personal data for about 100 million users. Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes. Colin Bastable, CEO at Lucy Security: “The bad news just keeps coming: Dark Web hackers now have access to data imported…
The Marriott Hotels data breach has sent ripples through the Infosec community, with questions being asked as to how the hackers were able to roam around a network for years, unbeknownst to the people charged with keeping networks safe. We have seen a similar situation developing in the breach of Canada’s 1-800 Flowers, reported to the California attorney General’s office recently. Sam Curry, Chief Security Officer at Cybereason: “Much the same as people who live too long in a war zone, the world’s population have become inured to the meaning and damage of mega breaches. Perhaps ‘Giga Breaches’ should be…
Cryptoming software can be used for other things such as stealing corporate secrets according to Troy Kent, a threat researcher at Awake Security who presented his findings at the InfoSecurity America Conference. Justin Jett, Director of Audit and Compliance at Plixer: “Malicious software writers are becoming more and more sophisticated in their attempts to breach organizations and steal their data. This new use of crypto mining software by hackers for more nefarious purposes is yet another example of how malware is evolving to be more difficult to detect. As Troy Kent, a threat researcher for Awake Security, stated while presenting his…