The Electronic Frontier Foundation (EFF) announced a new project named STARTTLS Everywhere that aims to provide guidance to server administrators on how to set up a proper email server that runs STARTTLS the correct way. As according to this report, it’s mostly done wrong. STARTTLS Everywhere is similar to Let’s Encrypt, another pro-encryption initiative the EFF launched together with Mozilla and Cisco two years ago. Ilia Kolochenko, CEO and Founder at High-Tech Bridge commented below. Ilia Kolochenko, CEO and Founder at High-Tech Bridge: “It’s a laudable initiative that’s been necessary for a while already. At High-Tech Bridge, we acknowledge the global…
ISBuzz Team
University of Hertfordshire research finds people aren’t sufficiently erasing data before selling old memory cards from mobile phones, tablets and other connected devices New research released today by the University of Hertfordshire finds that two-thirds of second-hand memory cards found in mobile phones or tablets and sold to the public still contain personal data from their previous owners. The study, commissioned by Comparitech.com – the security and privacy reviews and comparison website, analysed data held and therefore sold on used memory cards. This analysis uncovered a host of personal information and sensitive materials, including passport copies, contact lists and identification numbers being…
Business have been rushing to take advantage of the Internet of Things (IoT) for some years now. The early IoT has been a ‘gold rush’, with entrepreneurs jumping in to secure their share of an exciting and rapidly growing market – one that is expected to reach $933.62 billion by 2025 according to findings by Grand View Research. The opportunity is huge – but so is the risk. In this gold rush, and the race to realise the market’s potential, many companies have been deprioritising security. Marry this with a new security breach being reported almost every week, and we…
[su_youtube url=”https://www.youtube.com/watch?v=BYyxP3hNwfA&feature=youtu.be”] Yesterday, security researchers discovered that a Chinese-made baby monitor sold on Amazon is riddled with vulnerabilities, confirming a mother’s suspicion that her device had been hacked to spy on her infant. This is just another example, of the millions of vulnerable IoT devices across the globe, which are waiting to be compromised by malicious actors. Sean Newman, Director at Corero Network Security: “After lessons learnt from the Mirai IoT DDoS botnet, over 20 months ago, you might have thought that more IoT device manufacturers would have started to make improvements to the security of their devices by now. …
Yesterday, Google confirmed it has introduced Continued Conversation, available on Google Home, Google Home Mini and Google Home Max. While this introduction facilitates a more natural conversation between user and device, it does raise questions around privacy and security although it may not be the worst offender. Aaron Zander, IT Engineer at HackerOne commented below. Aaron Zander, IT Engineer at HackerOne: “While you may think your smart home devices are always on and always listening, in reality most of these devices have a local chipset that listens for the key phrases. Only once those local patterns have been recognized do they…
Securing third party remote access has become a top priority for enterprises according to SecureLink’s “Third Party Remote Access Study”. Matan Or-El, Co-Founder and CEO at Panorays commented below. Matan Or-El, Co-Founder and CEO at Panorays: “Compliance is just part of the bigger challenge that enterprises are increasingly encountering with third party vendors and their entire supply chain. This loss of control over their data could cost companies significant fees with new privacy laws and cause damage to their brand as well as their customers. More than 50% of breaches originate from third parties that have become the weakest link.…
A new malware named GZipDe that is a downloader used by hackers in a cyber-espionage campaign was discovered by researchers at AlienVault. IT security experts commented below. Sean Newman, Director of Product Management at Corero Network Security: “It’s interesting to see a new downloader malware instance being discovered after a sample of it was uploaded to VirusTotal for inspection. In the past, this has been a tactic used by hackers to check that their code is not detected by any current AV vendors, so it would be interesting to know if that was the case in this instance. Either way,…
Study reveals 78 percent of IT professionals are more likely to trust a product or company that has been tested by external hackers for flaws HackerOne, the leading hacker-powered security platform, today announced the results of a survey conducted at Infosecurity Europe, which revealed that the vast majority of those surveyed (70 percent) believe the Cambridge Dictionary should update its definition of a hacker so the word ‘illegally’ is removed. The Cambridge Dictionary currently describes a hacker as “a person who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems”. However,…
Today’s Vectra 2018 Spotlight Report on financial services finds that cyber attackers are using hidden “tunnels” to break into networks and exfiltrate PII from financial institutions, while remaining largely undetected. Among key findings: More than 2x command and control tunnels for data exfiltration were found per 10,000 devices in financial services than in all other industries combined; For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected on average, but in financial services, that number more than doubled to 23. In response, experts with OneSpan, Prevoty and NuData Security, a Mastercard company, offer perspective.…
A malware downloader with full bot capabilities named Kardon has been discovered by security researchers at Netscout Arbor.* Kardon is believed to be a rebrand of the ZeroCool Botnet built by the same cybercriminal that goes by Yattaze. Sean Newman, Director of Product Development at Corero Network Security commented below. Sean Newman, Director of Product Development at Corero Network Security: “Recent reports of a new botnet-capable malware loader, named ‘Kardon’, for sale on the dark web don’t represent a particularly new advance in the way the cybercriminal community now functions. We are way past the time when hackers operated solely…