In response to news that Finextra is reporting Euro cops bust 95 criminals responsible for EUR8 million in online fraud – NuData offers perspective and comments. Robert Capps, Vice President of Business Development at NuData Security commented below. Robert Capps, Vice President of Business Development at NuData Security: “The impact – both on consumers and merchants – of crimes like these is often far greater than victims might first realize. “It starts when payment data is initially used for fraudulent transactions as it’s the case here. NuData has seen a 100% increase in purchase attempts with flagged – suspicious – credit cards. “Payment information is…
ISBuzz Team
Hackers are leveraging a critical vulnerability in D-Link DSL routers in an attempt to make them part of Satori, a botnet that is used to take down websites and mine digital coins according to researchers at Netlab 360. Ashley Stephenson, CEO of Corero Network Security commented below. Ashley Stephenson, CEO at Corero Network Security: “At this point, Corero detects scans that are indicative of a “bot-herding” phase, seeking devices to compromise as Sartori bots, potentially for multiple botnets owned by different botmasters. The question is, what will those who control the Sartori botnets do next? Will they quietly steal compute…
Telnet brute force attacks have risen 249% since 2016 Research released today from F5 Labs has found Telnet brute force attacks against IoT devices, led by Chinese hackers have risen a staggering 249% since 2016. Findings from the latest Threat Intelligence report shed light on the challenges vulnerable IoT devices place on businesses, as the proliferation of brute force hacks both intensify and become harder to monitor. F5 Labs’ research reveals 44% of attack traffic originates from China and IP addresses in Chinese networks. The most attacked countries were the U.S., Singapore, Spain, and Hungary, and with no standout country in relation…
A study has suggested rewards should be provided for staff that manage to avoid online scams and ransomware. “Instead of employing fear tactics to scare employees off weak passwords and phishing schemes, employers should consider rewarding or acknowledging individuals who embrace good cyber strategies,” OpenVPN recommends. “When smart online habits become second nature, both employers and employees can better prevent hackers from taking advantage of otherwise stagnant security environments. Tim Helming, Director Of Product Management at DomainTools: “This is a promising approach to protecting a business from the woes of cybercrime. While nobody would suggest that rewards for cyber diligence alone are enough to…
HelpNet Security is today reporting findings by Appthority security researchers on a new vulnerability that leads to data exposures, not due to any code in the app, but to the app developers’ failure to properly secure backend data stores (hence the name of the vuln, HospitalGown). The news story 3,000+ mobile apps leaking PII data from unsecured Firebase databases notes that the newly-discovered Firebase variant of this vuln exposes large amounts of mobile app-related data stored in unsecured Google cloud-hosted databases. Ryan Wilk, Vice President at NuData Security, a Mastercard company commented below. Ryan Wilk, Vice President at NuData Security: “Mobile application security is…
News has surfaced that one of the world’s most popular flight tracking services Flightradar24, which shows real-time aircraft flight information on a map, has suffered a massive data breach that may have compromised email addresses and hashed passwords for more than 230,000 customers. IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “While details are still emerging, it is encouraging to see that the company was able to apparently detect the breach within a few days and notify its customers. Compared to industry averages, this is a quick turnaround, and highlights the importance of having strong monitoring and threat detection controls…
With recent news that a London council’s data protection efforts are under review after telling residents to email in their payment card details via a Word document, Dr Guy Bunker, SVP of Products at data security company, Clearswift, commented below highlighting issues behind this method and why it shows a lack of data security education. Dr Guy Bunker, SVP of Products at Clearswift: “When handling sensitive data, information security education and awareness among general employees is extremely important – this shows there is none or very little within Islington council. Understanding the risks and consequences of requests like this is essential. Good data security…
Cyxtera Technologies, a cybersecurity vendor based in the USA, have built DeepPhish, a piece of machine-learning software that, allegedly, generates phishing URLs that beats phishing defense mechanisms. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “If cybersecurity researchers are using machine learning as a method of keeping us safe online, it seems only reasonable to assume that the bad guys are trying to use the same technology to further their own aims. The fact that this machine learning generated URLs capable of bypassing phishing defenses is of course worrying, and reinforces the point that because phishing…
More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet, according to research from Lacework. According to reports, the containers suffer from poorly configured resources, lack of credentials and the use of non-secure protocols. As a result, hackers can remotely access the infrastructure to install, remove or encrypt any application that the company is running in the cloud. In total, Lacework found 22,672 open admin dashboards on the web; and more than 300 of them were unprotected by any credentials whatsoever. Tim Mackey, Senior Technical Evangelist at Black Duck by Synopsys commented below. Tim Mackey, Senior Technical Evangelist at Black…
It was reported yesterday that Amazon Alexa is going to become a butler at Marriott Hotels. Alexa for hospitality would assist in providing services ranging from ordering room service to requesting housekeeping or calling the concierge for dinner recommendations without picking up the phone. Terry Ray, CTO at Imperva commented below. Terry Ray, CTO at Imperva: “There is no shortage of concerns about home and digital assistant technology, especially the always on systems, like Alexa. I can see the appeal of in room butler services and room service ordering, being a very frequent, multi-hundred thousand annual miler myself. In short, yes, there may be some ways…
