US CERT has just posted Cisco Releases Security Advisory, with a link to Cisco’s notice: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability. An expert with Corero Network Security offers perspective. Sean Newman, Director Product Management at Corero Network Security: “The recent exposure of an inherent DoS flaw in Cisco’s ASA/FirePower software is a great example of why it’s now so important to deploy dedicated DDoS protection. The latest generation of DDoS protection solutions are typically deployed right at the very edge of any network, where it connects to the Internet, protecting any stateful infrastructure devices,…
ISBuzz Team
The news recently broke that Kitronik, a leading supplier of electronic project kits in the UK, was the latest victim of Magecart’s global payment card-skimming malware. Kitronik suffered a data breach that may have exposed names, email addresses, card numbers, expiry dates, CVV security codes and postal addresses. Rich Campagna, CMO at Bitglass: “Payment card-skimming malware continues to be a security challenge for retailers around the globe. British Airways, Newegg, and now Kitronik have all been victims of Magecart’s malware, highlighting the need for security solutions which monitor for vulnerabilities and threats, across all devices and applications, in real time. With these capabilities, retailers…
News broke that a malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran. According to Bleeping Computer, Iranian infrastructure and strategic networks have come under attack in the last few days by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,” and Israeli officials are refusing to discuss what role, if any, they may have had in the operation, an Israeli TV report said Wednesday. Andrea Carcano, CPO and Co-founder at Nozomi Networks: “Nearly a decade ago, Stuxnet was able to leverage both known and previously…
ZDNet is reporting today that the Radisson Hotel Group, based in Belgium, suffered a data breach of its loyalty member program. The chain accounts for over 1,400 hotels in over 70 countries and includes the Park Plaza brand, Country Inn & Suites, Park Inn, and Radisson Collection. Management suggests that employee accounts, which had permission to access this data, were potentially at fault and fraudulently accessed by an attacker. The hotel falls under the GDPR regulation and may be liable for fines. IT security experts commented below. Colin Bastable, CEO of Lucy Security: “Radisson rightly warns its customers that they may…
Eurostar has reset its customers’ login passwords after detecting attempts to break into an unspecified number of accounts. The rail service said it had notified those whose accounts had been targeted. Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details. However, the firm declined to say whether any of the hack attacks were successful but said payment details were not affected. Commenting on how Eurostar can mitigate these hack attacks, how customers can secure their accounts and how the company and its users might be…
It was reported today that Austal, an Australian-based global ship building and defense contractor, was the victim of a data breach and extortion scam. Jonathan Bensen, Director of Product Management at Balbix: “The U.S. and Australian governments rely on contractors like Austal to shore up national security. While Austal claims that data affecting national security and commercial operations was not compromised, this would not be the first time adversaries tried to breach a nation’s infrastructure by first breaching company networks in the energy, water and critical manufacturing sectors. With more than 100 operators in 54 countries, Austal needs to leverage tools that can continuously…
Google has denied claims that its Home Hub is dangerously insecure after it was revealed that it’s easy to yank information off the smart home device. Security researcher Jerry Gamblin shared a set of instructions that uses basic lines of XML to guide would-be hackers through how to suck data from the Home Hub and even brick it. The hack can be carried out remotely and is apparently enabled thanks to the use of an undocumented and unsecured API. Discussing Google’s stance on the flaw, how hackers can exploit it, and Gamblin’s own controversial means of revealing it, is Paul Bischoff, privacy advocate at Comparitech. Paul Bischoff, Privacy…
Cnet is reporting on a strict new Consumer Data Protection Act proposed today by Senator Ron Wyden from Oregon. Senator Wyden has been at the forefront of cybersecurity and privacy issues in the Senate; his new draft bill introduces harsh penalties for companies that violate consumer privacy. The bill would apply to companies with more than $50 million in revenue andpersonal information on more than 1 million people. Colin Bastable, CEO at Lucy Security: “This is overdue and we must hope that our politicians don’t make their usual mess of things by loading the legislation with special-interest privileges, pork and point-scoring. Seventy…
Friday November 2 2018 marks 30 years since the release of the Morris worm. One of the first computer worms distributed via the internet, the Morris worm was also significant because it led to the first US conviction by jury trial under the 1986 Computer Fraud and Abuse Act. Creator Robert Tappan Morris’s programme infected around 10% of the approximately 60,000 computers online at the time, including those at universities and government agencies, causing machines to crash and disruption to internet connectivity for several days. Estimated repairs cost between $200-$53,000 per location. Alex Hinchliffe, Threat Intelligence Analyst at Unit 42, Palo Alto Networks: “It was not…
Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. Earlier this week, researchers from Trend Micro published a report on the ways that Human Interface Systems (HMI), which are found in thousands of utilities worldwide, can be exploited. The report further highlights the variety of challenges industrial control system organisations are facing today. Andrea Carcano, CPO and Co-founder at Nozomi Networks: “The challenges of protecting ICS are real. Attacks targeting critical infrastructure – from transportation systems to power, water,…