LG has recently patched two severe flaws in its default keyboard on all LG smartphones that could be used for remote code execution with elevated privileges. Lee Munson, Security Researcher at Comparitech.com commented below. Lee Munson, Security Researcher at Comparitech.com: “Anyone who owns an LG smartphone that is susceptible to a recently discovered remote code execution flaw, related to the device’s keyboard, should immediately patch their device. “Failing to do so could leave them open to attacks designed to hijack browsing sessions or, worse, steal their personal information. “Owners of other Android devices should also be aware of a second keyboard flaw that could allow…
ISBuzz Team
With just two weeks until GDPR comes into force, IT security experts commented below. Importance of long-term compliance Rob Price, Pre-sales Consultant at Snow Software: “At this stage, and with the deadline for compliance just a matter of weeks away, varying states of readiness remain at-large across the business community. Some organisations are already years into their compliance journey, whilst others are only now realising the scale of the task that lies before them in order to meet the deadline. In recent months, the overwhelming sentiment of the media furore around the General Data Protection Regulation (GDPR) has been focused on…
Yesterday, Capgemini released research which looks at how cybersecurity is being utilised in the retail space. The results showed that consumers are willing to spend more online with retailers who demonstrate strong cybersecurity and data privacy. According to the research, 79% of consumers rank cybersecurity as top criteria when selecting retailers, and 65% of consumers would stop or reduce transactions from retailers as a result of a data breach. The full report can be seen here. Ryan Wilk commented below. Ryan Wilk, Vice President of Customer Success at NuData Security: “It’s refreshing to see UK consumers including online security as an important factor when choosing a company to…
It has been revealed that the Hide and Seek Botnet has resurfaced, bringing with it stronger defences to help it remain on infected devices. Security researchers found that it can now survive device reboots, which would normally remove IoT malware. IT security experts commented below. Martin Jartelius, CSO at Outpost24: An early warning flag is the exposure of telnet services. To prevent exploitation of such devices, start by identifying connected devices and exposed services. Get these services off the network especially when they are accessible by clients or from the internet. These kinds of audits are rather cheap and straight-forward to…
Taxpayers are being warned about fraudsters who are taking advantage of HMRC as it currently processes tax refunds The Revenue said that fraudsters are using email and text messages to trick people into thinking they have received a tax rebate, causing them to hand over their personal and account details. Treasury minister Mel Stride said, “HMRC only informs you about tax refunds through the post or through your pay via your employer. All emails, text messages, or voicemail messages saying you have a tax refund are a scam. Do not click on any links in these messages and forward them…
It has been reported that Uber plans to resume tests with self-driving cars, just a few months after a fatal crash in Arizona. IT security experts commented below. Evgeny Chereshnev, CEO and Founder at Biolink.Tech: “At the moment, the autonomous vehicles we have already – such as airport trains and the Docklands Light Railway in the UK – thankfully work hazard free because the journeys are very simple and predictable. Statistically, there is very little risk of anything going wrong because they’re programmed to only go from A to B. Even with other forms of partly automated transport, such as planes and ships, there…
Spring is typically a busy period for government organisations to request details on tax related issues. Unfortunately, cybercriminals know this and are ready to pounce on an obvious weak link – our distracted, emotive human nature. The UK’s HM Revenue and Customs (HMRC) is one of the most forged domain properties in the world. In October 2017, it averted over a million visits to deceptive websites. It also requested the removal of 200,000 malicious websites in the last 12 months. While organisations like HMRC proactively warn the public against the proliferation of scams, it is often hard to keep pace…
In May’s Patch Tuesday, 68 Windows vulnerabilities have been patched, including two where exploitation had been detected. A vulnerability discovered in VBScript could allow attackers to execute code in the context of the logged in user. This vulnerability could be exploited via certain web browsers or Microsoft Office documents. The second flaw is a privilege escalation vulnerability affecting Win32k which could allow an attacker to execute code in kernel mode. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th. Tyler Reguly, Manager at Tripwire: Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates.…
In response to the findings of a recent study from Outpost24 which revealed that 42 percent of IT professionals have ignored critical security issues because they couldn’t fix them, IT security experts commented below. Marten Mickos, CEO at HackerOne: “We see over and over the impact of known vulnerabilities that go unpatched with exceptional cases like the Equifax breach, and it is fantastic news that 58% of IT professionals do not ignore these critical security issues. It can take around 22 days to create an exploit for a known vulnerability so we must make it easier for organizations to prioritize fixes to…
News broke today that the number of people who reported ransomware infections to US authorities has gone down last year, according to a yearly FBI Internet crime report. During 2017, the FBI says it received only 1,783 complaints regarding ransomware infections, a number far smaller than the 2,673 complaints it received in 2016, and the 2,453 complaints received in 2015. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “Other cyber threats are now not only more common but also more severe than ransomware . Data theft , business email compromise and data breach are the threats…
