Researchers at VPN Mentor have found two vulnerabilities in GPON home routers that, when combined, could allow attackers complete control of the device and therefore the network. Ashley Stephenson, CEO at Corero Network Security commented below. Ashley Stephenson, CEO at Corero Network Security: “If verified, these home gateways join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks. This class of routers typically are directly connected to high speed broadband Internet connections. Once compromised the devices could be covertly “herded” by a bot master to form a botnet large enough to…
ISBuzz Team
Following the news that Australia’s Commonwealth Bank may have lost the data of 20 million accounts in 2016 when it failed to confirm that magnetic tapes had been destroyed by a subcontractor, IT security experts commented below. Tony Pepper, CEO and Co-founder at Egress Software Technologies: “The potential loss of 15 years of banking data is a serious breach of customer trust. Whether the data has been compromised or not, the principle remains that customers trust organisations like banks with highly sensitive information, and they therefore have a responsibility to those customers to guarantee that the data they hold is protected for however long…
Security Researchers have this week identified a new hacking group that has been targeting global healthcare organisations with a malware that is remotely accessing medical equipment such as X-Rays and MRI machines. The group has been active since January 2015, and works by accessing IT systems using a trojan known as Kwampirs – this then installs a custom backdoor on the systems that it targets before collecting information on its host. As well as accessing medical equipment, the attack also appears to be observing machines that patients use to complete consent firms – basically, they are reaping healthcare records and patient data.…
In response to news this afternoon that Twitter is telling all 336 Million users to reset their passwords due to a software glitch, four security experts point out the irony that, May 3, 2018 is actually World Password Day! They offer perspective on passwords as an increasingly ineffective and obsolete security mechanism. Ryan Wilk, Vice President of Customer Success at NuData Security, a Mastercard Company: “It’s World Password Day – a time to help organizations move beyond the vulnerabilities of the least-reliable of all the security measures they can take, and adopt a layered defense approach incorporating highly trusted forms of authentication. Passwords are static information that can…
In response to news of the discovery of Spectre NG, with 8 new variations on the Spectre vulnerability, IT security experts commented below. Craig Dods, Chief Security Architect at Juniper Networks: “Assuming they prove to be legitimate, the group of vulnerabilities coined as “Spectre-NG” may pose significantly higher risks to cloud operators and multi-tenant environments than the original variants of Spectre. The information provided to the German technology site Heise seems to imply that a few of the eight new vulnerabilities facilitate VM-escape mechanisms, allowing a threat actor to compromise the hypervisor and/or other tenants from their own VM, apparently with little-to-no…
Security researchers have caught a Bitcoin-hijacking Chrome extension that only managed to grab one BitCoin transaction before being exposed. Researchers said the malicious extensions used an attack technique that first emerged last year, dubbed FacexWorm, and added that they noticed re-emerging activity earlier this month. FacexWorm propagates in malicious Facebook Messenger messages and only attacks Chrome. Security experts commented below. Allan Liska, Senior Solutions Architect at Recorded Future: “The new FacexWorm campaign is an example of attackers building upon successful previous campaigns and adding new features. This is at least the third campaign this same attacker has launched using this…
Chinese government officials have accidentally admitted over the weekend that they can access deleted WeChat messages, a Chinese news site has reported. The admission came over the weekend from an anti-graft commission from the Chinese province of Anhui investigating reports of corruption among government officials. Lee Munson, Security Researcher at Comparitech.com commented below. Lee Munson, Security Researcher at Comparitech.com: “The fact that a government, especially the one in China, has both the will and the means to access previously deleted messages on a device is hardly surprising. The fact that it made that knowledge public, however, most certainly is. While it…
New findings show that 50% of businesses do not check outsourced providers data security processes Global cyber and information security experts, ThinkMarble, have today revealed new findings that show that almost three-quarters (73%) of UK businesses remain unaware of the lawful basis for processing data and a quarter (25%) still do not know or are unsure of where the personal data that they are responsible for is currently held. The results highlight the extent to which UK business continue to remain unprepared for the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018. The data, sourced from more than…
The City of London Police is launching a drive to make the Square Mile more resilient to cyber attacks, as the financial services sector sharpens its focus on defending against online criminals. The Cyber Griffin initiative is being launched at the Investment Association’s first cyber security conference for the asset management industry — the sector the lobby group represents — in London on Tuesday. IT security experts commented below. James Hadley, CEO & Founder at Immersive Labs: “It’s encouraging to see the City of London take a proactive stance toward cyber security. A resilient cyber strategy is fundamental for the Square…
Following recent news of TSB warning of phishing attacks targeting customers, Stephen Burke, Founder & CEO at Cyber Risk Aware commented below. Stephen Burke, Founder & CEO at Cyber Risk Aware: “It was only a matter of time until this started to happen. The sheer number of the TSB customers who have been impacted by the outage makes it a no-brainer for hackers to begin targeting those affected. It would not be surprising if fake SMS messages (smishing) also start appearing which pretend to be two factor authentication messages thereby giving hackers real codes they can use to login to…
