Ray DeMeo, Co-Founder and Chief Operating Officer at Virsec, today commented on ESET’s discovery of GreyEnergy malware used to attack energy companies and other critical targets in Ukraine and Poland for the past three years. Ray DeMeo, Co-Founder and Chief Operating Officer at Virsec: “It should be no surprise that threats like BlackEnergy are morphing into new variants. There is a large arsenal of advanced hacking tools, many developed by the NSA, now readily available. These are difficult to detect because they manipulate legitimate application processes in runtime memory, and create new variants further evades signature-based detection. More disturbing is that many of these…
ISBuzz Team
Following the news that several Global book publishing houses and an international scouting agency have warned their staff of a flurry on phishing emails that seek authors’ and phishers’ sensitive information, including book manuscripts. Dr Guy Bunker, SVP of Products at Clearswift: “Phishers are now targeting book publishers because it is just another way to make money from stealing access. It might be to threaten leaked information (from a bestselling author) and holding them to ransom. It might be to sell the manuscript to another publisher in a different part of the world. It can even be used as a next stage phishing…
Facebook recently announced Portal, its take on the in-home, voice-activated speaker to rival competitors from Amazon, Google and Apple. Initially, Facebook stated that “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.” It has been reported, however, that Facebook has backtracked and changed its stance: Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties. Please see below for commentary from several…
As the old saying goes, “darkness falls across the land, the midnight hour is close at hand.” Halloween is upon the scene and frightening things are unforeseen. Imagine watching a chilling movie depicting a zombie apocalypse or a deadly virus spreading fast across a metropolis, infecting everything in its wake. Sounds like a monstrous scenario? Sounds analogous to a cyber-attack? You could be onto something. Strap yourself in. It’s going to be a bumpy ride. According to recent F5 Labs threat analysis, the top application breaches haunting companies right now with rapidly mutating sophistication include payment card theft via web…
In response to reports by the AP and other news outlets that Feds investigate after hackers attack water utility, an expert with STEALTHbits Technologies offers advice to avoid similar ransomware attacks or minimize their impacts. Adam Laub, Senior VP, Product Marketing at STEALTHbits Technologies, Inc. “Ransomware has made big headlines for the past few years and will continue to for as long as it remains effective in its mission of making money and causing disruption, or at least one of the two. “Organizations serious about (at a minimum) mitigating the damage that can be done by Ransomware in the event of an infection can focus on a…
Despite 59% of cybersecurity professionals saying the widening workforce gap puts their organizations at risk, a majority of workers report strong job satisfaction and are focused on developing new skills (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today announced the findings of the 2018 (ISC)2 Cybersecurity Workforce Study. The research shows a widening of the global cybersecurity workforce gap to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA). The 2018 (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is based on feedback from a broader,…
In response to the report from NCSC which says that the UK has faced ten cyberattacks per week for the last two years, please see below comments from IT security experts. Adam Bacchus, Director of Program Operations at HackerOne: “Brexit may exacerbate the growing talent gap within the field of information security, and potentially reduce the ability to share and receive threat intelligence. Working with the wider white hat hacking community via disclosure or bounty programs can help organizations simulate realistic attacks to safely test DFIR capabilities, as well as find and fix vulnerabilities before they’re exploited by criminals. Encouraging…
News has broken that an advertisement on a forum that sells data breach information is also offering the personally identifiable details and voting history of millions of US residents. The estimated size of the cache is in excess of 35 million records. The announcement says that the data sold is from updated state-wide voter lists, and includes millions of phone numbers, full addresses, and names. Robert Capps, VP and Authentication Strategist at NuData Security: “With cybercriminals bidding on millions of stolen U.S. voter records from 20 states, citizens on those lists should keep a close eye to spot the creation of new accounts…
This morning, the National Cyber Security Centre (NCSC) published its two-year review, detailing findings from its second year of operations. The report found that there is “little doubt” that a major cyber attack will happen in the near future and whilst the NCSC has cut the UK’s share of phishing attacks targeting the UK in half from 5.3% to 2.4%, most worryingly, it has also had to prevent multiple attacks from hostile nation states. IT security experts commented below. Fraser Kyne, EMEA CTO at Bromium: “This report should raise the alarm for any organisation unprepared for attacks from hostile nation states. Whether it’s a sophisticated…
Researchers at vpnMentor were analysing Tinder and other dating applications when they discovered a Tinder domain, go.tinder.com, that had multiple XSS vulnerabilities. According to vpnMentor, the flaws could have been exploited to access Tinder users’ profiles. Following vpnMentor’s research please see below for commentary and insight from Rusty Carter, VP of Product Management at Arxan. Rusty Carter, VP of Product Management at Arxan: “The DOM-XSS vulnerabilities found in Tinder, Shopify, Yelp, Western Union, and Imgur, and the data exposure risks created by them, exemplifies the risks that consumers are exposed to in browser-based applications. Over the past weeks we have seen massive…