News has broken that up to 400,000 customers were at risk of critical flaw that could have given an attacker control over their home Wi-Fi network. IT security experts commented below. Christopher Littlejohns, EMEA Engineer at Synopsys: “What is not revealed in most of the reporting of this issue is that the vulnerability detected is one of the most common and easily exploited issues in many internet devices; i.e. hard coded credentials for privileged accounts. “In this particular case, root access – hence the ability to take over the device and use it for many nefarious purposes. These types of issues arise out of poor…
ISBuzz Team
Today, cybersecurity firm Positive Technologies released its yearly report into vulnerabilities in financial applications. According to the report, the number of vulnerabilities the Positive Technologies teams discovered has fallen, which means banking apps and websites are getting safer. However, two thirds of online banking systems still contain at least one critical vulnerability. Don Duncan, Director at NuData Security, a Mastercard Company commented below. Don Duncan, Director at NuData Security, a Mastercard Company: “Thanks to the omnichannel experience, users can jump to and from web and mobile applications. But fraudsters can do the same, looking for the path of least resistance to commit fraud, which is why…
Amazon has announced its “Key In-Car” service, delivering packages directly to people’s connected cars. IT security experts commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “Amazon’s latest service – a continuation of their Amazon Key deliveries to the home – feels like another huge test of consumer trust, especially given the flaws that the Key system presented. I suspect that the public may not be comfortable sharing access to their vehicles with a third-party and they should be wary of this new development. The window for delivery access proposed by Amazon is short, but could feasibly be compromised by hackers.…
Survey Reveals Only Half of CI/CD Workflows Include Application Security Testing Elements Synopsys, Inc. (Nasdaq: SNPS) today released new data that highlights the opportunities and challenges of DevSecOps, an emerging paradigm in which DevOps teams incorporate application security into their continuous integration and continuous delivery (CI/CD) workflows. The 451 Research report commissioned by Synopsys, DevSecOps Realities and Opportunities, analyses survey results from 350 enterprise decision-makers at large enterprises across a variety of industries. The study found that only half of CI/CD workflows include application security testing elements despite respondents citing awareness of the importance and advantages of doing so. “While some DevOps…
This year’s DCMS cyber breaches survey has just been released. It highlights the continued pressure that businesses are under from cyber-attacks as well as what they are – or are not – doing to defend themselves against threats. Key findings include: Training has not increased, with only a fifth (20%) of businesses having had staff attend any form of cyber security training in the last 12 months, with non-specialist staff being particularly unlikely to have attended. 43% of UK businesses reported breaches or attacks in the last 12 months (compared to 46% last year), but large businesses are under siege with…
Researchers at Check Point, a leading provider of cyber-security solutions globally, and cyber intelligence company CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor is able to launch a phishing campaign, that collects the personal and financial information of unsuspecting consumers, very quickly. Unlike previous kits which are primarily composed of…
In a world where high-profile data breaches have become the norm, cyber security has quickly become a top priority for organisations of all sizes, in all industries. Barely a week seems to go by without news of another cyber attack hitting the headlines, prompting businesses to invest heavily in next-generation technologies in an attempt to protect their infrastructure and keep their confidential data secure. One such technology that plays a key role in securing the organisation are network security policies. These rules ensure that only the right people have the right access to the right information, putting the organisation in…
The manufacturing industry is among the most advanced in the world for its adoption of digital platforms. Robotic and connected sensor technology are now mainstream throughout most factories, allowing manufacturers to gather insights in real time. The use of digital technology in manufacturing is nothing new, it has been embedded within processes for decades, and routine disruption has become the norm given the industry’s reliance on technology. However, increasing automation, data-rich production cycles and complex global supply chains make this industry particularly vulnerable to cyber attacks. It’s predicted that there will be 1.3 million robots in factories worldwide by the end of…
New study reveals that $1.5 trillion is the total generated by cybercriminals, with headline figures as follows. Illicit, illegal online markets = $860 billion Trade secret, IP theft = $500 billion Data trading** = $160 billion Crimeware/CaaS (Cybercrime-as-a-Service) = $1.6 billion Ransomware*** = $1 billion Total Generated by Cybercrime = $1.5 trillion *totals are approximate **Revenues derived from trading in stolen data, such as: credit and debit card information banking login details, loyalty schemes and so on ***Revenues derived from extortions based on encrypting data and demanding payments Download report here: https://blogs.bromium.com/free-report-complex-cybercrime-economy/ Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at…
Professor Shujun Li, Director of Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) and Professor of Cyber Security at the School of Computing, University of Kent commented below on the chaos faced by 1.9 million customers of the TSB. Professor Shujun Li, Director at the University of Kent: ‘there have been data breaches that should have never happened with any modern e-banking systems.’ ‘The ongoing IT system failure of TSB surprised me not because of the failure itself. Today’s IT systems are too complicated and dynamic to be totally bug-free, so what is more important is how risks related to such failures are…
