Crowd Research Partners today released the 2018 Cloud Security Report which includes the following takeaways: Cloud Security Issues-The top three security control challenges security operations centers (SOCs) are struggling with are visibility into infrastructure security (43%), compliance (38%),and setting consistent security policies across cloud and on-premises environments (35%). Effective cloud security solutions – Encryption of data at rest (64%) and data in motion (54%) tops the list of the most effective cloud security technologies, followed by Security Information and Event Management (SIEM) platforms (52%). Biggest security threats – Misconfiguration of cloud platforms jumped to the number one spot in this year’s survey as the…
ISBuzz Team
In response to the news that Fitness Brand Under Armour has suffered a massive data breach affecting 150 million users, IT security experts commented below. Terry Ray, CTO at Imperva: “Most consumers are becoming a bit desensitized to data breaches, which have become common enough to barely make the news. And if one breach makes news, there are ten that don’t. In this case, it’s good that Under Armour detected the breach at all. Many companies fail this first most important step. Secondly, they at least used bcrypt for the passwords which is considerably more compute intensive than sha-1. Unfortunately,…
In response to reports that Microsoft’s meltdown patch has opened a new set of vulnerabilities, a cybersec expert with Juniper Networks offers perspective. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks commented below. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks: “The rush to quickly close vulnerabilities is often a treacherous path that can cause undesirable side-effects. The urgency is to respond to known issues in a timely manner. It is not unheard of that some new glitches are introduced with fixes. The good news in this case is that Microsoft has quickly fixed this issue and that…
Following the latest news that the private details of over 3,000 users of a bestiality website have been leaked online, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “The news that the private details of over 3,000 users of a bestiality website have been leaked online highlights the need for all companies to enact security measures to prevent cyberattacks and therefore protect their customers’ personal data. Users that are entrusting private information into the care of a website should be safe in the knowledge it is kept in a secure…
It has been reported that the Northern Ireland Assembly has issued warnings to staff following cyber attacks on its IT system. External hackers e attempted to access staff email accounts by brute-forcing passwords. IT security experts commented below. Richard Walters, Cheif Security Strategist at CensorNet: “This attack shows that it doesn’t matter who people are or where they work, basic cyber security practices are still being ignored. For years now, the advice has been: don’t reuse passwords across different sites and regularly change those passwords, yet for some reason, it isn’t sinking in. Even after a similar attack on the UK…
It has been reported today that TalkTalk has been urged to improve its security after a researcher found a “Cross Site Scripting” error allowing him to take control of a convincing looking “talktalk.co.uk” URL, which meant he could potentially trick any of the company’s webmail customers into thinking they were accessing an official TalkTalk website. TalkTalk was apparently told about the flaw in March 2016 through a bug bounty program, however they only fixed it this week. In response to this piece of news, IT security experts commented below. Ondrej Kubovic, Security Awareness Specialist at ESET: “With the growing complexity of IT environments, the number…
IT and security conversations are moving away from the confines of remote IT departments and are finding their way to the top of boardroom agendas. As they do so, CIOs need to carefully consider the way they communicate with other senior executives if critical IT initiatives are to receive that all important buy-in from the Board. In this article, I will offer guidance to CIOs who are required to obtain Board-level approval before implementing strategic IT projects. CIOs are in a unique position within the C-suite. Their expertise and guidance can have a direct impact on the future of an…
It has been reported that cyber-attacks pose the biggest threat to the Swiss financial system with risks from hacking incursions on the rise, watchdog FINMA warned on Tuesday, calling on Switzerland to step up its national defences against the menace. FINMA said on the whole Swiss banks seemed aware of the risks and were well equipped to deal with them, citing banks’ ability to repel around 100 attacks a day from “Retefe” malware attacks on ebanking systems. But as a country Switzerland was lagging behind others with major financial hubs that have set up cybersecurity competence centres or imposed system-wide tests…
It is being reported that the group behind the Sanny malware attacks have made significant changes to the way it delivers their payload. Findings by security researchers has uncovered that the attackers have upgraded their delivery techniques when it comes to planting malware on systems via document attachments sent as part of spam and phishing campaigns. The attackers, believed to be based in Korea, have targeted English and Russian-language diplomatic victims around the world since 2012. According FireEye’s report, written by researchers Sudeep Singh and Yijie Sui, the attacks are using both rigged Cyrillic and English-language Word files. The malicious file contains an embedded…
In response to a recent report from Recorded Future, which revealed that seven of the top 10 vulnerabilities of 2017 exploited by phishing attacks and exploit kits utilised Microsoft products, Bill Lummis, Technical Program Manager at HackerOne commented below. Bill Lummis, Technical Program Manager at HackerOne: “The report shows that you can’t be narrowly focusing on just one exploit or just one attack vector. The best thing security administrators can be doing is improving their patch management processes for the software their users need to have installed, and removing the software they don’t need. The crimeware groups aren’t going to pick up…
