In response to the news that researchers have found that cybercriminals have distributed malware to hundreds of thousands of Android users by hiding it inside a series of apparently harmless apps on Google Play, Ondrej Kubovic, Security Awareness Specialist at ESET commented below. Ondrej Kubovic, Security Awareness Specialist at ESET: “The relatively large number of installs could be caused with the promised functionality, as QR scanners are popular and frequently used apps. The delayed activation of malicious activity could have also contributed to attackers’ ability to sneak their “product” into the official Google Play store. What to do? First, users…
ISBuzz Team
Security experts have discovered a new strain of malware that targets vulnerable Linux-based systems and tries its best to avoid infecting devices on government and military networks. The name of this new strain is GoScanSSH, and its name is a tell-tale sign of its main features and capabilities — coded in Go, use of infected hosts to scan for new ones, and the SSH port as the point of entry. Dan Matthews, Director of Engineering at Lastline commented below. Dan Matthews, Director of Engineering at Lastline: “It is difficult to fully get inside the head of attackers, but one theory could be that the attackers know…
News is breaking regarding the results of the Cofense Phishing Response Trends Report, which suggests that over half of European companies are unprepared for email-based cyberattacks, despite 78 percent of IT professionals having dealt with a security incident originating from a deceptive email. This was significantly lower than the 66 percent in the US that had dealt with a similar incident. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “These findings from Cofense are worrying but not surprising. Phishing attacks, despite being among the most well-known cybersecurity attack vectors, are still consistently fooling companies…
A cyber attack can be as simple as an email that looks like it comes from your bank and includes an urgent link for you to click. When you take a close look at the email though you’ll see it isn’t real. Then if you hover your mouse over the link you’ll see that the web address looks fake, contains gibberish, or has names in it that aren’t associated with your bank. You may even find typos in the email or it could even look like it was written by someone whose second language is English. How Cyber Attacks Occur…
In response to the news that the attacker behind the Titanium Stresser tool, which was used to carry out more than 1.7 million DDoS attacks on websites and gaming servers, will face a two-year jail sentence unless he repays £69,000, Terry Ray, CTO at Imperva commented below. Terry Ray, CTO at Imperva: “I see that criminal judgements seem to apply more reformative value to incarceration duration than they do to monetary reparations. Of course, victim companies can certainly follow the criminal trial with a civil lawsuit where monetary reparations are the primary result. Regardless, I think the real pain Mr.…
Macro-less Word Document Attacks on the Rise and Zero Day Malware Variants Jump 167 Percent WatchGuard Launches Threat Landscape visualisation tool to better understand security threats Total malware attacks are up by 33 percent and cyber criminals are increasingly leveraging Microsoft Office documents to trick victims and deliver malicious payloads, according to the latest Internet Security Report from WatchGuard Technologies, based on global threat intelligence data from nearly 40,000 Firebox appliances.WatchGuard has also launched a new Threat Landscape data visualisation tool, giving public access to daily updates about the most prevalent computer and network security threats affecting SMBs and distributed enterprises. Dynamic Data Exchange (DDE) attacks topped WatchGuard’s top-ten malware list as hackers increasingly exploited issues within the Microsoft Office standard to execute code. Also called ‘macro-less malware’, these malicious…
No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims Over a quarter of businesses that have been hit by a Distributed Denial of Service (DDoS) attack don’t think they were the intended target, highlighting that businesses can’t afford to be complacent when it comes to today’s threat landscape. According to research from Kaspersky Lab, 27 per cent of respondents said being an innocent bystander was the most likely reason for DDoS attacks on their organisation, suggesting that all businesses are in the firing line, even when they are not on the hit list. The continued threat of…
In response to the news story that thousands of etcd installs are leaking secret server keys online, Zohar Alon, the Co-Founder and CEO at Dome9 commented below. Zohar Alon, Co-Founder and CEO at Dome9: “The case of the etcd database leak is particularly ironic, as it is a service used to store sensitive information like passwords and configuration settings, and its default configuration allows the data to be accessed without authentication. This is yet another unfortunate example of organizations not placing appropriate emphasis on the security of valuable assets. There were two levels of security failure here — one, no password protection for…
In response to reports that U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran, a cyber security expert with Juniper Networks commented below. Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks: “The recent US government action – to name Iranian state intelligence responsible for cyber attacks against US targets – continues the trend of state-sponsored cyber attack attribution. By applying sanctions quickly against the Iranian hacker network involved in this incident, the United States is signaling that any cyber attack against the country will have consequences. It is another recent example of the US both calling out malicious state-sponsored cyber behavior…
In response to the news that the leader of the ring behind the infamous Carbanak malware, which caused ATMs to spit out cash and caused more than 1 billion euros of losses, has been arrested in Spain, IT security experts commented below. Mark James, Security Specialist at ESET: “Without specifics it’s hard to say how the actual investigations work, but often in these cases it could be that the individual concerned either made an error or was lured into a scenario that enabled law enforcement to track his or her whereabouts. Internet anonymity is not as easy as it’s made…
