ISBuzz Team

Bernard Parsons, CEO and Co-Founder of Becrypt:  The security and vulnerability of hardware-based disk encryption of solid-state drives (SSDs) has been forensically probed recently, as the relevance of data breaches continues to increase. Established thinking has pointed to the security offered by hardware-based encryption as being similar to, or superior than, software-based encryption methods. The current reality seems somewhat different, with some iterations of hardware models allowing for relatively easy access to encrypted data by attackers, through a variety of methods. Although full-disk encryption is typically the solution of choice for data at rest protection, software solutions can render devices susceptible…

The Secret Service has issued a security warning regarding a new service being offered by the U.S Postal service that allows residents to view all scanned images of their mail before it is delivered. While Informed Delivery sounds like a great service, the Secret Service says identity thieves are already using it to steal credit cards and other information. Don Duncan, Security Engineer at NuData Security: “The government or other online companies should alert their customers when they sign up for a service such as Informed Deliver and also allow them to opt out easily if they want to. Customers…

It’s been reported that The Cyber National Mission Force in the US is now uploading malware samples it finds to VirusTotal.  IT security experts commented below. Chris Doman, Threat Engineer at AlienVault: “The US Cyber Command has uploaded two malware samples relating to APT28, the Russian group behind the US election hacking. So far, the quantity has been small, but the quality is high. “Hopefully, these additions from the US Cyber Command will be another useful source of malware which will help the industry to defend against it. However, downloading files requires paid access to VirusTotal Enterprise, so this should…

4.4 million patient records were compromised in 117 healthcare data breaches in the third quarter of this year alone according to the Protenus Breach Barometer. Justin Jett, Director of Audit and Compliance at Plixer: “Data breaches in healthcare pose a serious risk not only for the organization but also for the patients. Should a hacker get this critical information, they can use it for insurance fraud which turns into a nightmare for the patient as there is no formal process for patients to correct their healthcare records and it could have serious impact if a patient needs a test or…

What is the hacking technique known as ‘Credential Stuffing’? Hackers used data stolen from less secure sources to access HSBC customers’ bank accounts. Does this mean all our online profiles now need the same level of security as our online banking credentials? How can consumers really know which websites and connections are secure? Tim Callan, Senior Fellow at Sectigo: “Credential stuffing” attacks are an example of how broadly information theft can be exploited by sophisticated criminals.  Even seemingly innocuous personal details, stolen in a context that appears to be completely devoid of risk for critical information theft, can then be repurposed to gain inappropriate login access somewhere…

In response to today’s Krebs on Security story Busting SIM Swappers and SIM Swap Myths detailing this intricate type of mobile fraud and how one victim lost $100,000 when his mobile number was hijacked, mobile security experts with OneSpan offer information on how institutions can protect their customers from this threat. Will LaSala, Director Security Solutions, Security Evangelist at OneSpan: “Sim swap fraud is extremely dangerous. Users should be wary by now about using SMS as their primary form of two-factor authentication.  There are many well publicized problems with SMS as a two-factor solution.  From a financial institution standpoint, many have already started…

News is breaking that banking giant HSBC disclosed a security incident exposing an undisclosed number of customers’ data. This is just the latest security incident reported by HSBC, which experienced DDoS attacks in January 2016 and July 2016, in addition to leaking customer data in April 2015 and March 2010. The security incident appears to fit the characteristics of a credential stuffing attack, also known as brute-force password-guessing attempts. This is when hackers try usernames and password combos leaked in a data breach at other companies. HSBC has confirmed that some of these attacks were successful, and attackers have gained…

Leon Lerman, CEO of healthcare cybersecurity solution provider Cynerio, commented on the 2018 CHIME HealthCare’s Most Wired survey released last week, in which only 29 percent of healthcare organizations report having a comprehensive cybersecurity program in place. Leon Lerman, CEO at Cynerio: “CHIME HealthCare’s Most Wired survey stated that for most healthcare organizations, establishing a comprehensive cybersecurity program is a work in progress. The components of such a program include organizational aspects such as having a dedicated CISO or a board level committee that the cybersecurity team can report to. Other aspects of the program involve the reporting of security deficiencies, updates and progress. This requires…

It has been reported that researchers at Radboud University in the Netherlands have today released a report detailing their discovery that widely used data storage devices with self-encrypting drives do not provide the expected level of data protection. Gary McGraw, Vice President of Security Technology at Synopsys: “Software design is difficult, especially when it comes to security.  Hardware security design suffers from many of the very same issues.  This design flaw with SSDs percolates up into common disk encryption schemes, showing that in some cases, the flip of a bit means everything.  Our only hope is better security engineering and architecture analysis during system design…

Online tech retailer Kitronik said Friday it was the victim of Magecart’s payment card-skimming malware, and that the data breach that is the work of the same group which hacked British Airways and Newegg. Matan Or-El, CEO at Panorays: “Once hackers like Magecart find a technique that works, they will use it for every industry until the gig is up. This time it’s Javascript injection through third-party snippets. The call for action here is for organizations to put processes in place to manage and review their susceptibility to the Magecart threat through third parties. The wake-up call should have been…