In response to reports about MysteryBot Android Malware (Fossbytes story link), which combines a keylogger with a banking trojan and ransomware, a OneSpan expert offers perspective. Samuel Bakken, Senior Product Marketing Manager at OneSpan: “As more users adopt mobile banking, it becomes all the more juicier a target. Attackers invest significant time and resources to find ways to defraud banks and their customers. Despite Google and Apple’s best efforts, attackers will always find a way. Therefore, banks and financial institutions can’t count on the mobile platform providers alone to keep them secure. They need to take a layered approach to mobile app security that includes,…
ISBuzz Team
A new report was released from the University of Roehampton today, which looks at how many pupils achieved GCSE and A-level computing qualifications in 2017. The report shines a light on the digital skills gap. Key stats include that just 12% of UK students choose to take ICT at GCSE, and just 20% of those who do take the subject are girls. Trish Burridge, Director of Consulting Services EMEA at Skillsoft commented below. Trish Burridge, Director of Consulting Services EMEA at Skillsoft: “Not only are these worrying statistics for the tech industry, but the corporate landscape as a whole. Every industry in…
In response to the news that cybercriminals are currently developing a new strain of malware, named MysteryBot, which is targeting Android devices and blends the features of a banking trojan, keylogger and mobile ransomware, Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “This particular strain of Android malware appears to have successfully managed to show “overlay screens” on Android 7 & 8, which could be used to either show fake logon screens over legitimate apps, or trick the user into granting permissions by masquerading screen presses as other functions. For most of these functions…
As many as 1,000 patients suffered harm from medical devices hit by a cyber attack, according to a new survey conducted by researchers at the University of California San Diego. The results were announced at the HIMSS Healthcare Security Forum earlier this week. Garrett Sipple, Managing Consultant at Synopsys’ Software Integrity Group commented below. Garrett Sipple, Managing Consultant at Synopsys’ Software Integrity Group: “This is another example of recognising the importance of security as it plays a role in maintaining the safety and effectiveness of medical devices. Medical devices often move through long product development cycles that can make them slow to react to new cybersecurity threats,…
In response to the news that Apple is going to patch a flaw which has allowed authorities to gain access to iPhones, Alex Rice, CTO at HackerOne commented below. Alex Rice, CTO at HackerOne: “Fixing known vulnerabilities is the only way to ensure they aren’t leveraged by criminals. Back in 2016, when the FBI revealed it utilized third parties to help break into iPhones, a new issue presented itself — there was a known vulnerability being exploited that wasn’t shared with the only organization in the world that could fix it. There are over 700 million iPhones in the hands…
Researchers at F5 Networks released a report identifying a series of cyber-attacks targeting Singapore on 6/11/2018 and 6/12/2018. Specifically, 88% of malicious traffic originated from Russia and targeted VoIP Phones (the kind found in many hotels) and IoT devices in Singapore – a country that does not typically fall within the top 10 countries in terms of global attack traffic. It’s no secret Russia has been launching a steady barrage of coordinated cyber-attacks against the US as many sanctions have been issued against Russian officials and businesses since the 2016 Presidential election. Beyond official sanctions, the US-Cert issued an alert in April…
Reports have surfaced regarding attack vectors that use vulnerabilities in Cortana for various nefarious purposes, such as retrieving confidential information, logging into a locked device and even code execution from the lock screen. Although initially submitted to Microsoft a couple of months ago, CVE-2018-8140 was only fixed during this Patch Tuesday. Please see below for comments from several cybersecurity experts. Larry Trowell, Associate Principal Consultant at Synopsys: “We’re seeing yet another reminder of the potential security and privacy risks of our technology-driven and always-connected world. This instance reminds me of the previous Siri hack allowing attackers to unlock an iPhone by activating a task on the device. In the…
HealthEquity, a custodian of more than 3.4 million health savings accounts, has had a data breach after one employee’s email account was accessed by an unauthorized person. There were 23,000 individuals impacted by this incident across all of the accounts HealthEquity serves. Compromised protected health information in the email included employee names, HealthEquity member IDs, employer names, HealthEquity employer IDs, various types of healthcare accounts, deduction amounts and Social Security numbers for some Michigan-based employees. IT security experts commented below. Tim Erlin, VP at Tripwire: “The healthcare industry is a growing target for cyber attacks because of the highly valuable information stored within…
The World Cup draws upon us again this summer, a sporting event that will no doubt delight football fans across the globe. With the squads confirmed and the kick off date set for this week fans globally are gearing up for the festivities, ready to tune into the first match. However, behind the sporting glory and the celebrations, there will be a firm spotlight on the resilience not just shown by the teams, but also the wider infrastructure in place to make it all happen. As with any global sporting event, attention always turns to the host city and their readiness to host…
News is breaking that a Mexican campaign site was hit with a DDoS attack during the final presidential debate–just weeks ahead of the July 1 election. The affected site, run by the National Action Party (PAN), targets front-runner Andres Manuel Lopez Obrador, but his party denies any involvement with the outage. The majority of traffic that caused the outage supposedly came from Russia and China, which may or may not correlate with the origin of the attack. There are currently no clear signs of foreign hacking in Mexican campaigns, but tensions and nerves are high following the U.S. probe into Russia’s 2016…
