On May 25th, the FBI recommended that all U.S. households and small businesses reboot their internet routers, due to infection by Russian malware. In March, we had reports of Russia hacking U.S. critical infrastructure sectors, including energy, nuclear, water and critical manufacturing facilities. At the same time, the Industrial Internet of Things (IIoT) network connections for energy and utilities increased 41 percent in the last year. With all of these new connections one might wonder if facilities are making themselves, and the citizens that rely on them, more vulnerable to attacks. Just as every immunization contains a harmless dose of…
ISBuzz Team
McAfee has just released its new Advanced Threat Report, which finds that Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks. An expert with Corero offers thoughts and perspective. Ashley Stephenson, CEO at Corero Network Security: “If your system is accessible from the Internet then you should expect malicious actors somewhere in the world will try and break in. They do this automatically and continuously with scripts so there is no way to avoid their attempts. In the overwhelming majority of cases they are not specifically targeting you, just any system that is on the Internet. “There are legitimate needs for…
Please find the comment below, from Andy Cory, Identity Management Services lead at KCOM as part of our security experts comments series on latest cyber security news. Andy Cory, Identity Management Services lead at KCOM: “There has always been a conflict between security and convenience. Consumers are increasingly irritated by intrusive authentication measures, including obscure security questions and complicated passwords. They want their lives to be made constantly easier, so are happiest using apps and services that are both simple and fast to log into. However, they may fail to understand that the smoothest logins are compromising security for the…
It’s a statement that’s true for a lot of industries, but it’s different for the government. These aren’t traditional ransomware attacks, or email phishing scams carried out by people at home trying to make easy money. Government hacks are calculated. They’re resourceful. People that target the government are often politically motivated and looking to steal specific information. In the most extreme cases, these hackers are state-funded, giving them the time and money they need to ensure their efforts are successful. Hacking is a full-time job for them. We only have to look at the Clinton campaign email hacking scandal where…
Please see below for comment from Trustwave regarding a key committee of the European Parliament approving a draft Cybersecurity Act that will introduce a new security certification system for connected devices, as well as strengthen the EU’s networks security agency Enisa. Ed Williams, Director EMEA, SpiderLabs at Trustwave: I welcome any initiative to increase the security and assurance of ICT products; given the current climate this legislation is welcome. Without question, this is a difficult task, ICT products can be difficult and complex, ensuring that security is baked in could, initially, be difficult but is clearly the correct thing to…
HackerOne has today launched its 2018 Hacker-Powered Security Report, which is an annual study of the bug bounty and vulnerability disclosure ecosystem. The study analyses over 72,000 resolved security vulnerabilities, 1,000 customer bug bounty programs and more than $31 million in bounties awarded to hackers from over 100 countries. The full study can be found here, however key findings include: Critical vulnerabilities are earning higher bounties. The average award for a critical vulnerability increased 33% to $20,000 for the top awarding programs. A total of 116 unique critical vulnerabilities earned over $10,000 each in the past year. Some of the most…
The amount of so-called mega breaches – cases that involve more than 1m records being lost – have nearly doubled over the last five years, with 16 mega breaches occurring in 2017. Data compiled by IBM revealed that breaches on this scale can cost a business anywhere from $40m (£30m) to $340m, with more than 90 per cent of these breaches stemming from malicious and criminal attacks as opposed to glitches or human error. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “This is a worrying, but expected statistic. The cost of breaches has…
The Facebook fine announced today for the Cambridge Analytica breach would have been significantly larger under GDPR. While the flurry of activity around the May 25 GDPR deadline may have subsided, the confusion regarding privacy, consent and what comprises actual GDPR compliance is only building. Pravin Kothari, Founder and CEO of cloud security provider CipherCloud, offers insights and advice regarding consent and other GDPR issues. Pravin Kothari, Founder and CEO at CipherCloud: Lack of Compliance readiness: “With compliance regulations in the U.S. such as HIPAA, most companies were active well ahead of the deadline to ensure compliance. With GDPR, most companies…
During penetration testing performed as an internal attacker, Positive Technologies researchers were able to obtain full control of infrastructure on all corporate networks they attempted to compromise. Penetrating the network perimeter has become easier over time, the report reveals, with the difficulty of accessing the internal network assessed as “trivial” in 56% of tests in 2017, compared with just 27% in 2016. On average, Positive Technologies testers found two attack vectors (vulnerabilities) per client that would allow their internal network to be penetrated. Christopher Day, Chief Cybersecurity Officer at Cyxtera commented below. Christopher Day, Chief Cybersecurity Officer at Cyxtera: “Organizations…
A Kaspersky Lab study revealed that news of data breaches and pressures to manage multiple online accounts are causing German employees increased levels of stress. The study revealed that 69 per cent of people admit to being stressed by news of data breaches 73 per cent of people reveal the number of passwords they have to manage is causing them undue stress 72 per cent of people having feelings of stress when it comes to protecting their devices 66 per cent are overwhelmed by the amount of sensitive information they have Kaspersky Lab also surveyed office workers on what caused them…