Following the news that the UK government has announced new cybersecurity and compliance measures to protect IoT/smart devices around the UK, IT Security Experts commented below. Ian Parker, Professional Services Consultant at Axians: “Hopefully this is the first step to implementing industry-wide security standards for connected devices – something that is sorely needed as they begin to be part of the fabric of our daily lives. In addition, it may be the catalyst, along with incoming GDPR regulations, for manufacturers to have security at the front of their minds from the beginning of the process, not simply as an afterthought when something goes…
ISBuzz Team
Following the news that UK’s cloud industry ranks fourth in the world ratings, Nigel Hawthorn, Data Privacy Expert at Skyhigh Networks, McAfee’s Cloud Business Unit commented below. Nigel Hawthorn, Data Privacy Expert at McAfee: “Businesses often view the cloud with apprehension due to security concerns. While this is no surprise given the number of cloud-based data breaches which hit the headlines, this fear is misplaced. Cloud services offer flexibility, scalability, improved productivity and – when correctly managed – greater security. As this study shows, the trend towards cloud shows no signs of slowing down in the UK but it’s important for businesses to recognise…
First-of-its-kind, automated offering stops vulnerable open source at DevOps front door Sonatype, the leader in open source governance and DevSecOps automation, today announced that Nexus Firewall is now available to support the more than 10 million developers currently using the open source version of Nexus Repository. Previously only available to commercial users of Nexus Repository Pro, the newest version of Nexus Firewall gives all Nexus Repo users the ability to automatically stop vulnerable open source components from entering a DevOps pipeline. New research, released today, from Sonatype reveals that one in eight open source components downloaded to repository managers by…
Opportunistic Ransomware is generally on the decline Ransomware worked well for so long because bad guys made money, and made money quickly from ransomware campaigns. Starting in 2017 and continuing to 2018 there has a been a steady decline in ransomware campaigns. The reasons for that are twofold, but interconnected: Exploit Kits (EK) have virtually disappeared. The EK market has always been volatile, but as one EK faded away there was generally another one to take its place. That has not been the case. As the big EKs of 2016/2017, Sundown, Neutrino, and RIG, have fallen off, no new EKs have…
Reports are surfacing on “Spring Break” – a new critical remote code execution (RCE) vulnerability which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications. Steve Giguere, EMEA Engineer at Synopsys’ Software Integrity Group, commented below, “This is another good example of where free and open source software (FOSS) management is essential. Steve Giguere, EMEA Engineer at Synopsys’ Software Integrity Group: “Not only would a FOSS analysis tool have found this vulnerability months before this official announcement (the CVE for this is dated January 4th 2018 – https://nvd.nist.gov/vuln/detail/CVE-2017-8046), but those using such a tool would have been alerted of the…
In response to the Krebs on Security new report Powerful New DDoS Method Adds Extortion, some perspective and data from Corero Network Security, providers of DDoS protection and mitigation against a wide range of DDoS attacks for hosting and internet service providers, and for enterprises. Sean Newman, Director Product Management at Corero Network Security commented below. Sean Newman, Director Product Management at Corero Network Security: “Cyber criminals will always find new devices and services on the Internet which they can exploit for DDoS attacks. The recent popularity in leveraging openly accessible memcached servers has quickly come out of obscurity, to cause some…
Following the news NIS America hacked: Customer payment card data stolen, $5 off next purchase offered as apology gift, perspective from VASCO Data Security. IT security experts commented below. John Gunn, CMO at VASCO: “It’s sad to think about it, but breaches could become an effective 21st century marketing tool. Consumers seem to be very forgiving of companies that suffer breaches – from Target, to Uber, to Equifax. And with the new approach of using a breach as a coupon or free-trial distribution system, companies can actually profit from the breach, especially since it’s the card holders or issues that suffer the…
The most interesting trend to surface in Q4 of RiskIQ’s phishing report was a 100 percent increase in phishing campaigns leveraging social media platforms, accounting for 20 percent of the top 10 most phished brands. Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Understanding the latest phishing techniques and threat actor tendencies can help organizations to stay one step ahead of phishing threats targeting them. For the uninitiated, phishing is a form of fraud where the malicious actor impersonates or compromises the account of a…
Malware has been found on Applebee’s point of sale sytems that infected more than 160 restaurants in Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Pennsylvania, Texas and Wyoming. The malware was designed to secure names, credit or debit card numbers, expiration dates, and card verification codes. Lisa Baergen, Director of Marketing at NuData Security commented below. Lisa Baergen, Director of Marketing at NuData Security: “Cybercriminals are being increasingly successful at finding weaknesses in Point-of-Sale (PoS) systems. In this case, 160 restaurants were hit by bad actors trying to steal credit card information. Restaurants and other hospitality…
32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017 Ransomware variants, however, increased 101.2 percent Average organization will see almost 900 file-based attacks per year hidden by SSL/TLS encryption SonicWall, the trusted security partner protecting more than 1 million networks worldwide, announces research and intelligence from its 2018 Cyber Threat Report. In sum, the company recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year. “The cyber arms race affects every government,…
