In response to news that DDoS Attackers Targeted Final Fantasy XIV, Square Enix Final Fantasy XIV over the weekend, an expert with Corero Network Security offers perspective. Sean Newman, Director Product Management at Corero Network Security: “With reports of more high-profile disruptions over the week-end, it’s somewhat bemusing why some providers of online gaming platforms appear to still accept a certain air of inevitability when it comes to suffering as the result of DDoS attacks. With solutions available which can protect against DDoS automatically, and in real-time, help is at hand to keep games online, avoid lag, and ensure that player confidence and…
ISBuzz Team
Also, Phishing Attempts Seen by Webroot Increased by More Than 60 percent Webroot, the Smarter Cybersecurity® company, shared the results of its Webroot® Threat Report: Mid-Year Update, which explores the evolving cybersecurity landscape. Based on trends in the first half of 2018, Webroot found that cybercriminals are shifting to increasingly sophisticated and targeted means of attack while also expanding their money making endeavours, as shown by the uptick in cryptojacking and cryptomining. This report also highlights the importance of implementing a robust and evolving security approach to protect valuable data and keep systems secure. Key Report Findings: There has been…
An academic study published shows that despite years worth of research into the woeful state of network traffic inspection equipment, vendors are still having issues in shipping appliances that don’t irrevocably break TLS encryption for the end user. Craig Young, Security Rresearcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “TLS middle boxes were introduced to improve the performance and security of HTTPS connections but in an ironic twist of fate, more often than not, these systems are the weakest link in an otherwise secure chain. One of the main problems is that many vendors in this space run their…
A year ago, the Equifax breach that exposed personal data of over 145 million people to cyber attackers shocked the country. Everyone from cyber security firms to Congress weighed in, making predictions about what went wrong and how cybersecurity would adapt to prevent such attacks in the future. Most notable about the incident, was that the initial breach took place in March 2017, four months prior to Equifax administrators discovering the attack in July 2017, and a full six months before Equifax publicly disclosed the breach in September 2017. Now, at the one-year mark, we beg to ask the question:…
News is breaking that Google is shutting down Google+ for consumers after an API bug exposed the private account details of more than 500,000 users. The bug, located in the Google+ People API, allows users to grant access to their profile data via third-party apps – like users of other social apps Facebook and Twitter sometimes allow. In a blog post, the Google engineering team said the bug allowed third-party apps to also gain access to users’ data that had previously been marked as private. This includes sensitive details such as a person’s name, email address, occupation, gender, age, nickname, birthday,…
In light of the news this morning that GDPR could mean that ‘hackers can access all your online data’, please find below comment from David Emm, Principal Security Researcher at Kasperksy Lab. David Emm, Principal Security Researcher at Kasperksy Lab: “GDPR enforcement presents an opportunity for positive change for customers, who now have the opportunity to find out exactly what data is being held on them – and what it’s being used for. Of course, wherever data is stored, there’s the risk that it can be stolen. We’ve become used to seeing reports of online providers’ systems being compromised in…
News broke over the weekend that Google could face a bill of up to £3.3bn over claims it harvested personal data from over 4 million Brits without their permission. Commenting, Javid Malik, security advocate for AlienVault, an AT&T company commented below. Javid Malik, Security Advocate for AlienVault: “The amount and accuracy of personal information that devices and applications can collect on individuals is continually increasing. On one hand, this can bring about peaks in innovation and even safety. However, it does make the data ever-more valuable for businesses and, unfortunately, criminals. “Therefore, it is vital that information security is kept top of…
US officials have shared details of a widespread hardware hack which saw Chinese spies infiltrate 30 American companies, including Amazon and Apple, in 2015 by planting rice-sized computer chips onto their server motherboards which gave hackers access to sensitive consumer and government data. Nicolas Waisman, VP of Security Consulting at Cyxtera: “The supply chain is always at risk so it’s not surprising to learn about this implant vulnerability. Our team uncovered BMC vulnerabilities earlier this year and reported that they could easily be exploited for malicious purposes, with or without a backdoor implant. The only dependency was a network connection.…
The BBC has reported that default passwords such as “admin” and “password” will be illegal for electronics firms to use in California from 2020. The state has passed a law that sets higher security standards for net-connected devices made or sold in the region. It demands that each gadget be given a unique password when it is made. Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm. Please see below for commentary from several cybersecurity experts. Amit Sethi, Senior Pprincipal Consultant at Synopsys: “This will certainly get connected device manufacturers to think about the problem of default…
Anthony James is vice president at CipherCloud and former CMO at TrapX, whose researchers previously discovered the Chinese-generated Zombie Zero nation‐state sponsored Zero Day attack. Anthony James, Vice President at CipherCloud and Former CMO at TrapX: “The accusation that the Chinese are embedding malware and surveillance into standard devices is quite real and based on facts. In 2014 an embedded malware named “Zombie Zero” targeted the shipping and logistics industry. The weaponized malware was delivered into enterprise shipping and logistics environments by a Chinese manufacturer that sold proprietary hardware for terminal scanners (barcode readers) used to inventory items for shipment. The malware…