In response to the news that the authors of the Mirai botnet have avoided prison sentences after cooperating with the FBI and providing substantial assistance in other complex cybercrime investigations, IT security experts commented below. Nadav Avital, Threat Analytics Manager at Imperva: “Assuming that the justice system in cases of cybercrimes works in the same way as in other type of crimes, it is a common practice to cut a deal with the state to get a reduced sentence. I trust that the justice system carefully weighed the consequences in this case and can only guess that the benefits from…
ISBuzz Team
With the Summer holidays coming to an end, students across the UK will soon be returning to the classroom. As preparations for the next academic year commence, now is the time for everyone do their homework and ensure a cyber-savvy approach to schooling sits front and centre for 2018 and beyond. Hackers typically target teachers and parents around this time because they are often ill-equipped to deal with cyber thefts. At the same time, sensitive data held by schools, such as children’s medical records and academic achievements, are lucrative on the Dark Web. Malware and phishing are the most popular types…
Few are confident in spotting security risks and vulnerabilities in DevOps operated public cloud environments A majority of European and Middle East cybersecurity professionals at organisations using DevOps practices in the public cloud believe that their organisations are trading speed for security. In a newly published cloud security study commissioned by global security leader, Palo Alto Networks® (NYSE: PANW), 72 percent of cybersecurity professionals indicated that the speed of public cloud adoption is introducing preventable security risks to software updates. The DevOps model increases collaboration between development and operations teams, allowing for a fast-paced approach to application creation and enhancement.…
The breach suffered last year by credit rating agency, Equifax, when details of more than 145 million U.S. customers was stolen, continues to remain a burning topic. In fact, Flexera is sounding an alert that there’s a new high-risk Struts vulnerability that can be exploited by malicious people to compromise a vulnerable system. It’s imperative that organisations patch Struts now (without ignoring other vulnerabilities), as its visibility is likely to generate issues quickly. Organisations must undertake a re-prioritisation effort for the following reasons: The same day this vulnerability was disclosed, Flexera’s Secunia Research documented 25 other vulnerabilities in software from…
Global ransomware attacks are increasingly linked to nation states, with the lines between politics and crime often blurring, Europe’s police agency Europol said on Tuesday. Key ransomware attacks include the so-called WannaCry and NotPetya malware, which infected hundreds of thousands of computers around the world in 2017, demanding that users pay ransoms to regain access.”Ransomware retains its dominance,” said Europol’s latest annual report on cybercrime. “In addition to attacks by financially motivated criminals, a significant volume of public reporting increasingly attributes global cyber-attacks to the actions of nation states,” said the agency, based in The Hague. IT security experts commented below. Ed Williams,…
Last night, it was reported that the State Department has suffered a data breach. According to reports, some employees had their personal information exposed by a breach of an unclassified email system. Other reports stated that a report published earlier this year by administration watchdog Government Accountability Office said that the State Department had only rolled out some form of two-factor authentication to 11 percent of required agency devices, despite a legal requirement to secure all accounts with higher privileges. Pleas see below for commentary from cybersecurity experts. Sam Curry, Chief Security Officer at Cybereason: “In the past, the State Department has turned down help from other agencies to help them identify problems and improve. There are a…
Philadelphia-based insurer Independence Blue Cross confirmed about 17,000 people have been affected by a data breach when an employee uploaded member information including names, birth dates and diagnosis codes to a public website. Zohar Alon, Co-founder and CEO at Dome9 Security: “The Independence Blue Cross data breach represents yet another example of an exposure of sensitive information at the hands of an employee. This underscores the critical importance of properly training all employees in an organization on cybersecurity best practices, and providing continuous educational opportunities as threats evolve. Additionally, because humans are prone to error, companies need to be looking to automate…
After researchers recently discovered a way to physically hack into PC’s, Tyler Reese, Product Manager from One Identity, explains how organisations can protect systems from these attacks and what users can do to protect their data. Tyler Reese, Product Manager at One Identity: “Physical security is just as important as cyber security. Organizations should ensure that their systems are physically secured. Practices and techniques such as using physical locks, educating employees on the danger of allowing unknown individuals onto work premises, locking IT equipment to desks and employees physically securing IT equipment while traveling, such as keeping laptops in hotel…
It’s been reported this morning that a payment website – Government Payment Service Inc.- used to process US government payments for traffic citations, court-ordered fines, bail payments and more has leaked more than 14 million customer records. The leak included names, addresses. phone numbers and sections of the credit card number used. IT security experts commented below. Andy Norton, Director of Threat Intelligence at Lastline: “Another day another breach. An abundance of caution has become the default cyber notification, philosophy or cyber risk culture advocated by legal counsel following a data breach. Unfortunately we need organisations to be abundantly cautious before, not after a data breach occurs. We need…
Operationalizing cybersecurity has been a major challenge for oil and gas engineers to date. With their primary priority to maintain uptime, these managers have been putting off updating security: ironically, implementing cybersecurity across process control networks can be seen as increasing risk. As a result, operations would rather isolate their systems from that of the rest of the company, including IT from IT security policies. However, this is changing. Several advanced oil and gas operators now recognize the need to deploy cybersecurity technologies to stay in business. The need for cybersecurity is being used by savvy plant managers to make…