IBM X-Force researchers have warned of a new malicious financial malware currently targeting Brazilian banks. The banking trojan, dubbed CamuBot, can in some cases hijack one-time passwords used for biometric authentication. Please find a comment below in response to this from OneSpan. Will LaSala, Director Security Solutions, Security Evangelist at OneSpan: “CamuBot is a unique and sophisticated overlay attack with advanced features that adds new dangerous components to an already dangerous attack. We are seeing some banks starting to roll out connected devices that help provide easy to use authentication systems that combine One Time Passwords (OTP) with biometrics connected via USB to the…
ISBuzz Team
In response to news that over half of Brits are happy to share health data with the NHS for artificial intelligence, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “The use of technology brings great benefits – especially in the time- and budget-strapped healthcare industry – but these advancements must be deployed with caution. The news today that over half of Brits are happy to share health data with the NHS reinforces the trust placed in organisations despite recent attacks such as WannaCry – and demonstrates the need for robust security. Consumers –…
In light of this afternoon’s news that TSB has been forced to apologise for yet another disruption to its online services – with customers reporting issues accessing their accounts – Andy Cory, identity management services lead at KCOM, comments on the impact of a broken authentication system on customer experience. He explores the solution to balancing access with security: frictionless customer authentication, including geo-location and geo-velocity. Andy Cory, Identity Management Services Lead at KCOM: “A broken authentication system has an instant impact on customer loyalty. If a business cannot provide easy access to its services without sacrificing security, it only has itself to blame when its users…
7,339 Magento stores has been found to have malware that collects payment card data according to security researcher William de Groot who says it is the most successful infiltration campaign to date. Devon Merchant, Digital Security and Operations Manager at The Media Trust: “Magento is an open source platform and for this reason is also a favorite target of bad actors. This latest attack was likely carried out through password guessing and exploited vulnerabilities in Magento servers that allowed hackers to take over vulnerable websites and create a malware backdoor to periodically inject malicious script. The vulnerabilities might lie in…
This Saturday 2nd September, marks 100 days of GDPR and, while it may be a step in the right director for consumer rights, John Buyers, a Partner specialising in artificial intelligence at international legal practice Osborne Clarke, believes the regulation has hot a roadblock in terms of artificial intelligence: John Buyers, Partner Specialising in Artificial Intelligence at Osborne Clarke: “GDPR has certainly been an important step in the right direction for consumer rights within the European Union but when it comes to AI, the regulation hits a bit of a roadblock. For example, in any given scenario, we are currently technologically incapable of understanding…
It has been revealed that despite selling off more than £1bn worth of property over the past six years, including the New Scotland Yard building and hundreds of flats and buildings, the Metropolitan Police Federation says it is at a breaking point financially due to budget cuts and this is affecting the number of personnel it can keep. This will seriously impact on the Met Police’s ability to tackle cybercrime effectively! Javvad Malik, Security Advocate at AlienVault: “It’s unfortunate to see the Met Police budget being impacted at a time where acquiring cybersecurity skills is of utmost importance. The most important…
Cryptocurrency mining detections increased more than nine-fold in the first half of 2018 compared with the first half of 2017 whereas the number of ransomware families declined 26% in this year’s first half compared with the second half of last year. In addition, ransomware growth slowed considerably, only inching forward by about 3% from the first half of the year compared with the last half of 2017. Israel Barak, Chief Information Security Officer at Cybereason: “Ransomware turned into one of the most prevalent, effective and successful forms of cybercrime because it is relatively easy to catch consumers and businesses, essentially trapping them and…
Anonymous Catalonia is claiming that they are responsible for the Denial-of-Service attack on the Bank of Spain’s website which took the website offline for a couple of days. This attack was part of a protest against the arrest of Catalan political leaders last year who were fighting for independence of the region. Andrew Lloyd, President at Corero Network Security: “The claim is that they used a DDoS attack to create the Denial of Service that the Bank of Spain reported. It looked likely that was the case, but we should probably wait for the Bank to verify this. Whether you classify this as nation…
A flaw in the web platform of Fiserv Inc., a technology services provider for financial institutions, reportedly exposed personal and financial account information on hundreds of bank websites. The vulnerability was discovered within its one-way messaging feature. Javvad Malik, Security Advocate at AlienVault: “This appears to be the case of oversight in the application development and testing phase. Being able to change a value in the URL to gain access to other accounts is a well-documented security flaw that should be avoided. Knowing of this vulnerability, it would have been trivial for an attacker to write a script that would automatically change the URL…
Ninety-six percent of IT security professionals believe machine identities are central to company security and viability, but few have capabilities to protect them Venafi®, the leading provider of machine identity protection, today announced the results of “Securing The Enterprise With Machine Identity Protection, a June 2018 commissioned study conducted by Forrester Consulting on behalf of Venafi.” The study focused on enterprise machine identity protection challenges and included responses from 350 senior IT security professionals who are responsible for their organizations’ identity and access management from the U.S., U.K., Germany, France and Australia. Key findings from the study reveal that ninety-six…