Most organisations are aware that they could be the target of a DDoS attack and have deployed protection to keep their public-facing services online in the face of such attacks. However, far fewer have thought about the potential for their servers to be harnessed for use in a botnet, the group of servers used to conduct such DDoS attacks. Up until a few months ago, attackers typically only used well-known infrastructure services, like DNS resolution servers, to launch and amplify DDoS attacks, but Memcached – a popular database caching system – changed that. Malicious hackers have begun abusing Memcached to…
ISBuzz Team
On Saturday it was reported that the Tory Party Conference app had a flaw within it that exposed all the contact details and other personal information on those registered to attend the conference – including those of senior Tory party members, such as Boris Johnson – and allowed them to make changes to the details. In response to this, please see below for commentary from Mark Noctor, VP EMEA at Arxan Technologies – the trusted leader of application protection solutions. Mark Noctor, VP EMEA at Arxan Technologies: “The Tory app data breach this weekend is just yet another example of…
Some common malware will attempt to gather information about its environment, such as public IP address, Language, and Location. System queries and identifier websites such as whatismyipaddress.com are often used for these purposes but are easily identified by modern network monitors and antivirus. Everyday interactions with legitimate websites provide much of this information and is not monitored due to the legitimacy of the interactions. Threat actors can bypass automated defenses by abusing legitimate websites that often cannot be blocked for business purposes. First, cookies—easily accessible records of a user’s interactions with a webpage—are often stored on the local machine and can be…
It has been reported that security researchers at Avast have uncovered “the most sophisticated botnet that they have ever seen”, and it is targeting IoT devices. This new IoT malware strain/botnet labelled ‘Torii’ has spread over poorly secured Telnet services, with the attack coming from Tor exit nodes. The malware captures data from IoT devices, and gives attackers remote code execution – allowing them to hijack infected devices, and run any command they choose. Torii is able to fetch and execute other commands through multiple layers of encryption, share device information, and execute any code or deliver any payload to the infected device. Sam…
Following Cisco’s SMB Cybersecurity Report, which has revealed that 53% of midmarket companies have experienced a data breach, Todd Peterson, Product Manager at One Identity, discusses why they are such an attractive target to hackers and how they can protect against attack. Todd Peterson, Product Manager at One Identity: “There are so many more SMBs than there are large enterprises, so the number of targets is much higher. Also, SMBs generally have less money to spend on security than large organizations and have smaller staffs dedicated to IT security. To protect themselves, SMBs need to do the same things as large enterprises…
In its first enforcement of the Identity Theft Red Flags Rule, the SEC fined Voya Financial Advisors one million dollars for insufficient security policies to protect confidential personal data. Will LaSala, Director Security Solutions, Security Evangelist at OneSpan: “This is another big indicator along with the increase in the size of fines that other corporations are seeing—Uber this week announced it’s paying a massive amount in fines to cover up a data breach from 2016. Regulatory bodies are starting to takeonline privacy seriously. The enforcement of the “Identity Theft Red Flag Rule” by the SEC is a very large step in the…
In light of the news from the EU that will mean payments of over €30 will require multifactor authentication, please see the below comments from Brett Beranek, General Manager, Security Line of Business, Nuance Enterprise Division. Brett Beranek, General Manager, Security Line of Business at Nuance Enterprise Division: “Fraud is a force to be reckoned with and any laissez-faire approach to security is putting all of us at risk – including consumers, businesses and financial institutions alike. As is the case, for more than 15 years, Nuance has been a major proponent in encouraging organisations worldwide – from major global brands…
Just a few weeks ago, Brussels airspace was closed for several hours following a technical problem. Labelled “a disaster” for Brussels Airport, the incident saw flights cancelled, delayed or diverted and passengers stranded. Unfortunately, this isn’t an isolated event and in fact they’re on the rise. TSB and Visa have both recently suffered technical downtime which left customers unable to access their accounts or make payments. Last year, British Airways had not one but two system failures that saw 75,000 passengers grounded in the first instance, with head of parent company IAG admitting it was “damaging to our reputation”. The…
Following the news that the Trump administration has taken its first steps towards crafting a nationwide data privacy policy, Paul Bischoff, Privacy Advocate at Comparitech, discusses whether a uniform national approach is realistic, why this is important and the possible implications for consumers and companies. Paul Bischoff, Privacy Advocate at Comparitech: “A uniform approach to data privacy is achievable. Most states are moving in the same direction when it comes to online privacy protections. Some are just further ahead than others. For example, as of this year, all states now have breach disclosure laws. Internet companies often do not require their…
Ofcom confirmed that new consumers protection rules will come into effect from Monday 01 October in an announcement yesterday, but UK based security services company, Redscan, believes it should be on the radar of security pros and that it could have a bigger impact that simply reducing nuisance calls. Redscan CTO, Andy Kays, explains below how these new rules may help prevent vishing (voice phishing) scams – in which criminals target individuals or businesses with social engineering campaigns by phone (often elderly and vulnerable persons). Andy Kays, CTO at Threat Detection and Response Specialist at Redscan: “Beyond nuisance calls for PPI…