You’ve probably seen the news that SamSam ransomware is still plaguing organisations across the US, with fresh attacks against 67 new targets — including at least one involved with administering the upcoming midterm elections. IT security experts commented below. Glen Pendley, Tenable, Deputy CTO at Tenable: “The latest SamSam ransomware campaign is interesting for a few reasons. For one, the cybercriminals have set up a contingency-plan-of-sorts to ensure that the attack doesn’t have a single point of failure. Instead, they’ve embedded several variations of the malware into victims’ environments making it difficult for security teams to know whether they’ve secured their network…
ISBuzz Team
Today, it has been reported that an employee of the US Geological Survey (USGS) viewing adult content at work has led to a government network being compromised by malware. Investigators have since found that the culprit had viewed over 9,000 sites at work. IT security experts commented below. Richard Walters, CTO at CensorNet: “This story is a fable in how the bad actions of one employee can throw an entire network into jeopardy. And before we get on our high horse and start to think that it could never happen in the UK, remember that official data found 160 adult content requests a day from…
In light of the news this morning that the value of the average data breach fine in the UK has doubled in one year, please find below comment Kaspersky Lab. Kaspersky Lab: “Customers that entrust private information to the care of any online provider, should be safe in the knowledge that their data is stored securely. However, in the past year alone, many companies including four airlines announced they had suffered from data breaches, which demonstrates that the security solutions in place still aren’t strong enough. “With data breaches happening more frequently, it’s no wonder that the fines are increasing. Companies that…
76% of Consumer Sites Fail to Offer Users Full Complement of 2FA Options Dashlane announces the results of its Two-Factor Authentication (2FA) Power Rankings. The rankings, which examined the prevalence of 2FA offerings among 17 top consumer websites in the United Kingdom, found that 76% of sites do not offer users a full set of 2FA options. Dashlane researchers tested each website on three critical 2FA criteria, awarding one point for SMS or email authentication, one point for software tokens, and three points for hardware tokens, such as YubiKey or U2F authentication, for a maximum and passing score of 5/5. Any site that scored…
It’s Halloween. Each year, Bitglass publishes a number of research reports focusing on different aspects of cybersecurity and breach trends in different industry sectors. Below is a list of some of the most alarming statistics included in Bitglass’ 2018 reports on malware, cloud security and breaches in financial services and healthcare. Scary Security Stats 44% of organizations are infected by malware in at least one of their cloud apps haunted by malware (source: Bitglass Financial Breach Report 2018) 93% of antivirus engines are unable to detect zero-day ransomware like ShurL0ckr (source: Bitglass Financial Breach Report 2018) Only 44% of enterprise IT departments…
Iranian Hackers have attempted to hack into UK universities offering government-certified cybersecurity courses. Students and employees with UK university log-ins were sent phishing emails in an attempt to trick them into giving their passwords. IT security experts commented below. Dr Guy Bunker, SVP of Products at Clearswift: “While this is not unexpected, we know that phishing and hacking attacks occur every day of the year, this shows how increasingly sophisticated the attacks are becoming on what might have previously been thought innocuous targets. Students are particularly vulnerable to phishing, especially those who are looking at the next round of education / courses for them to attend.…
Sensitive information stored in the cloud, SaaS collaboration and IaaS/PaaS configuration mistakes, along with cloud threats, are at all-time highs—creating significant risks to enterprise data Key Findings: Twenty-one percent of all files in the cloud contain sensitive data, demonstrating a steady increase year-over-year (YoY) The sharing of sensitive data with an open, publicly accessible link, has increased 23 percent YoY Organisations have more than 2,200 individual misconfiguration incidents per month in their public cloud instances (IaaS/PaaS) Threat events in the cloud, e.g., compromised account, privileged user and insider threats, have increased 27.7 percent YoY, with threats in Office365 growing by…
Earlier, at the Autumn Budget Statement, Chancellor Philip Hammond announced £1 billion on funding will go into securing UK organisations and interests. There was a big focus on spending in cyber and making sure software used by UK firms are being secured and about the cyber calamity of WannaCry in May 2017. Paul Farrington, Director EMEA and APAC at CA Veracode: “It’s encouraging to see how highly the UK Government views cyber security as being critical to its national defence strategy. Foreign state-backed and other malicious cyber actors are finding more sophisticated ways to gain access to sensitive data and use it for dangerous means.…
A consumer-grade network attached storage (NAS) device owned by Rice Consulting, a fundraising firm working primarily with the Democratic Party, containing client data and passwords giving access to other organizations, was left publicly accessible, a cyber security research firm discovered. The factory-set authentication of the Buffalo TeraStation NAS device was disabled, leaving it open to being spotted and indexed by Shodan or Google’s IoT search engine. The data leakage has highlighted the firm’s failure to implement basic security measures to protect swathes of highly sensitive voter and donor data. Evans, Senior Director at One Identity: “The concerning thing about this leak is…
A new critical remote code execution vulnerability flaw has been discovered in Cisco’s WebEx online and video collaboration software. The vulnerability can allow malicious attackers to remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections. Lane Thames, Senior Security Researcher at Tripwire: “This is an interesting vulnerability. I wouldn’t necessarily consider it earth-shattering, however, organizations might want to patch this quickly. Why? Because this vulnerability will be leveraged by malicious insiders (insider threats) and targeted attacks. The vulnerability requires a malicious actor to already have an account on the machine or on the domain.…