It has been reported that popular streaming service YouTube has been hacked. More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo. Despacito has been removed, but its cover image had shown a group of people wearing masks and pointing guns. The hackers, calling themselves Prosox and Kuroi’sh, had written “Free Palestine” underneath the videos. Several of the clips remain live at time of writing. IT security experts commented below. Mark James, Security Specialist at ESET: “The details currently are sparse so trying to figure…
ISBuzz Team
Cybercriminals are hacking into remote desktop services with two new matrix ransomware variants that encrypt computer files and one can even debug messages and can use a cipher to wipe free space. These new pieces of ransomware were discovered by the MalwareHunterTeam. Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below. Bob Noel, Director of Strategic Relationships and Marketing at Plixer: “Remote desktop services are a useful tool often used by the helpdesk to remotely access a PC for the purposes of troubleshooting problems. It should only be used for internal sessions, or across VPN tunnels for…
News is breaking that hacked social media accounts are being sold online, sometimes to promote hate speech, for menial sums. One site is selling UK-based Facebook accounts “with real Sim cards, birthday and location information included”, according to The Sunday Telegraph. On another, a single UK account is on sale for $1.50 (£1.07), discounted from $5. Ryan Wilk, Vice President at NuData Security, a Mastercard Company commented below. Ryan Wilk, Vice President at NuData Security: “Among all the personally identifiable information available on the web, the most valuable one is your complete online identity, as it includes data to access all your online accounts. It’s not surprising that…
Cisco has revealed in its blog that they are aware of specific advanced attackers targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Sean Newman, Director of Product Management at Corero Network Security commented below. Sean Newman, Director of Product Management at Corero Network Security: “Recent reports from Cisco’s Talos team* of a vulnerability enabling attackers to potentially gain remote control of switch devices for nefarious purposes, is just another example of how many IT system features there are exposed to the Internet which were originally developed to make IT team’s lives easier but,…
When it comes to cybersecurity, it’s no secret that the human aspect of any organisation is its weakest link. From bad password sharing practices to falling victim to phishing emails, these challenges are any CISO’s nightmare. After all, the holes in network security that are created by the people on the front line of an enterprise can’t be plugged with a simple software patch. And despite efforts to train staff, employees are still the easiest route for a hacker to exploit. Particularly when it comes to USB-based security. Shut the back door In 2016, Researchers from the University of Illinois…
News broke today that despite the North Korean cyber-threat to the UK remaining below that of Russia and China, a new parliamentary Defence Committee report has claimed that in the future this may not be the case. It reiterated the view that the WannaCry ransomware attack which decimated large parts of the NHS was carried out by the Kim Jong-Un regime, but that the UK was not its intended target. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “It’s encouraging to see the UK Government acknowledge the need for ever-improving cyber defences as cyberspace becomes increasingly critical to the…
Best Buy has now been added to the list of companies like Delta, Sears and Kmart who have been hit by a payment card breach. Hackers were able to get to Best Buy’s customers Payment data through an attack on their online services provider [24]7.ai. Best Buy used [24]7.ai for online chat/support services. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “This latest breach is a classic example of the challenges in securing today’s digital environment. More than 70% of the Best Buy website is provided by third parties, a typical composition for…
Following the news that vulnerabilities have been found in Natus Medical devices, Leon Lerman, Co-Founder and CEO at Cynerio commented below. Leon Lerman, Co-Founder and CEO at Cynerio: “Healthcare organizations need to be aware that connected medical devices are probably the most vulnerable entities on a hospital’s network, as they were not built with security in mind and it’s extremely challenging to regularly keep them up to date. Health providers cannot rely on device manufacturers to protect their patients’ data and safety. Providers first need to make sure they have complete visibility to the medical device ecosystem, understanding the right medical context of…
Even given the recent Facebook/Cambridge Analytica scandal, Mark Zuckerberg just announced that the social media platform won’t apply the stringent new European data privacy law regulations globally — for now, at least. Francis Dinha, CEO and Co-Founder at OpenVPN commented below. Francis Dinha, CEO and Co-Founder at OpenVPN: “As a CEO, I understand Zuckerberg’s hesitation to immediately accept the GDPR. At this point, no one knows how the regulation will impact their business. For a company like Facebook, the regulation will likely impact revenue as advertising may be more limited due to personal data restrictions. However, looking at it from the consumer perspective, the GPR…
According to an audit by serverless security company PureSec, more than one in five serverless applications have critical security vulnerabilities. An evaluation of 1,000 open-source serverless projects found that 21 percent of them contain one or more critical vulnerabilities or misconfigurations, which could allow attackers to manipulate the application and perform malicious actions. Tim Mackey, Technical Evangelist for Black Duck by Synopsys commented below. Tim Mackey, Technical Evangelist for Black Duck: “What was disclosed PureSec have defined an equivalent of the “OWASP Top 10” and are targeting it at the Functions as a Service (FaaS) market – also known as “serverless” To vet their definition, they’ve collected…
