At a recent rail industry conference, Pen Test Partners researcher Ken Munro shared the results of his colleagues’ most recent pentesting efforts, that looked at hacking passenger train Wi-Fi. Natan Bandler, CEO and Co-founder at Cy-oT commented below. Natan Bandler, CEO and Co-founder at Cy-oT: “It’s quite easy to jump from a public network to a train and its ticketing systems. Any relatively useful tips that you give train operators in order to keep trains secure are good, but they’re not enough and it’s easy to make mistakes. It’s very hard to keep everything well maintained and segregated. Having a public network on a train is…
ISBuzz Team
2018 research ushers a new era of network attacks EfficientIP, a leading specialist in DNS security to ensure service continuity, user protection and data confidentiality, today announced the results of its 2018 Global DNS Threat Report. It explored the technical causes and behavioral responses towards DNS-based threats and their potential effects on businesses across the world. Over the past year, organizations on average faced seven DNS attacks, which cost some businesses more than $5 million in damages. The major issues highlighted by the study in its third year include the increase in cost of DNS attacks, the evolving popularity of…
News broke this week that following a cyberattack, hackers were able to siphon hundreds of millions of pesos (about $15.4 million) from a number of Mexican banks, including No. 2 Banorte and others that are yet to be named. The criminals created fake orders that wired funds to bogus accounts then immediately withdrew the cash. The incidents are still being investigated. Jeannie Warner, Security Manager at WhiteHat Security commented below. Jeannie Warner, Security Manager at WhiteHat Security: “SMBs, like smaller banks, and emerging markets have immature security processes and insufficient expertise. Outsourcing many security checks and tests makes more sense than trying to…
Following recent news of a US police force being hit by ransomware attacks within the space of just one month, Niall Sheffield, Lead Solutions Engineer at SentinelOne commented below. Niall Sheffield, Lead Solutions Engineer at SentinelOne: “Stories like this are incredibly common, with initial infections often leaving companies with back-door channels that survive the clean-up mechanisms. This incident particularly highlights however the importance of being able to stop these solutions in real-time, as although the backup solution has meant that the amount of data “lost” has been minimal, for most organisations having to input several hours/days records to recover lost…
The ICO has released its latest Data Security Incident Trends revealing data breaches that were reported to it in Q4 (January-March 2018). Simon McCalla, CTO at Nominet commented below. Simon McCalla, CTO at Nominet: “It’s perhaps unsurprising that data security incidents reported to the ICO in the first quarter of 2018 are on the up. As it points out, in the run-up to GDPR a lot of companies will have become more cautious about incidents and reporting them. Interestingly, there are far more incidents caused by human error than there are external cyber threats, suggesting that a lot more work needs…
Cryptocurrency seems to bring out the best effort from cyber criminals. From nation states to traditional attackers, the rise in crypto-related attacks is staggering. The motivation is obvious: it’s financially driven. Despite the recent drop, cryptocurrency values have skyrocketed over the past couple of years incentivising attackers to create malicious code and sophisticated hacking tools to harvest cryptocurrency coins. One quick way to a massive payday is achieved by compromising a digital wallet and stealing the wallet’s private key. When attackers get their hands on a digital wallet, they can take full control of the funds. Retailers have started to…
Thousands of non-designated Internet-of-Things devices are connecting to corporate networks every day according to an Infoblox survey that poses a mounting security risk to businesses. Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below. Bob Noel, Director of Strategic Relationships and Marketing at Plixer: “IoT device proliferation is a very real issue for IT. They range from sanctioned devices, used for business purposes, to consumer devices brought into the network by employees. Having written policies pertaining to security is as useless as speed limit signs. Nobody pays any attention, and without enforcement mechanisms in place mayhem ensues.…
I hesitated before writing this article. So many people have written so much about this “skills shortage” from so many different angles. It’s a complex situation with several different layers, and there have been many initiatives that have aimed to address it. So why write yet another column? So much thought and effort has been poured into this topic, and yet the facts on the ground are only getting worse. For example, only ten percent of cyber-security professionals are women, a massive loss of unrealized potential and an untenable discrepancy. The shortfall over the next couple years is predicted to…
Following the news that a serious flaw was found in secure email tech, PGP, IT security experts commented below. Laurie Mercer, Solutions Engineer at HackerOne: “This vulnerability affects email clients that use the OpenPGP and S/MIME standards, including Apple Mail, iOS Mail and Thunderbird. Direct exfiltration is one of the most severe content injection vulnerabilities. The ability to decrypt old emails will especially appeal to attackers who have access to encrypted emails but are unable to decrypt them. A temporary recommendation is to disable HTML rendering of emails. This workaround is complicated by the fact that all recipients of an email can decrypt, so…
It has been reported that Chili’s Restaurants has suffered a data breach, with payment card details harvested, according to Brinker International, the company behind the restaurant chain. Ryan Wilk, Vice President at NuData Security commented below. Ryan Wilk, Vice President at NuData Security: “Brinker proves to be taking their customer’s online security seriously by reporting the breach incident on the very same day it was discovered so that customers can take action and secure their information right away – by monitoring their credit or freezing it if required. “Stolen data, whether it is from this breach or the myriad of breaches in the last years,…
