News is emerging of a new Android malware, RedDrop, that can secretly record users’ conversations. Victor Chebyshev, Security Researcher at Kaspersky Lab commented below. Victor Chebyshev, Security Researcher at Kaspersky Lab: “Kaspersky Lab is aware of this threat since September 2017. RedDrop is malware capable of spying on its victims (it can collect data about a victim’s device, including data from a device’s memory card and contacts list) and discreetly make a device buy paid-for subscriptions, which can result in users facing financial risk. We have seen hundreds of unique RedDrop detections across the world, mostly from Chinese users. The malware is…
ISBuzz Team
Research reveals 69 per cent of businesses are lacking in terms of proper data management, casting doubt on their ability to comply with GDPR Keeping data secure remains a top priority for businesses, and as the General Data Protection Regulation (GDPR) comes into force on the 25th May 2018, there is an increased urgency to improve the way data is managed. However, despite this impending deadline and the rapidly evolving threat landscape, new research from managed services provider Claranet has found that many companies are still not managing their data as well as they could. The research, which was conducted by…
News has surfaced that the U.S. Marine Corps has suffered a data leak, impacting 21,426 people. Personal data including bank accounts numbers, social security numbers, credit card information and mailing addresses were all exposed after an unencrypted email with an attachment containing personal confidential information was sent to the wrong email distribution list. Paul Edon, Director at Tripwire commented below. Paul Edon, Director at Tripwire: “With potentially highly confidential data stored on military systems, it is imperative that these systems are performing regular threat assessments. This includes examining the level of admin privileges granted to individuals to avoid accidental data…
In response to the news that new “Spring Break” critical remote code execution (RCE) vulnerability, which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications, Chris Wysopal, CTO at CA Veracode commented below. Chris Wysopal, CTO at CA Veracode: News of “Spring Break” – the critical remote code execution (RCE) vulnerability (CVE-2017-8046) affecting projects in Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications – is another example of the continuous challenge that organisations face in maintaining the security of their applications. The importance of reacting quickly to “Spring Break” cannot be underestimated. A similar RCE…
Dr Johannes Ullrich, Dean of Research at SANS Institute commented below, regarding the recent added censorship WeChat has undergone in mainland China. It addresses how sophisticated censorship and control is possible at scale, as well as the complexities of such censorship in our globally connected environment. Dr Johannes Ullrich, Dean of Research at SANS Institute: “Last week, President Xi of China extended his stay in power, amending the Chinese constitution to allow him to continue in office beyond the customary 10 years. Naturally, this has provoked an increase in negative opinion and dissent online, which in turn has led to…
After multiple reports of massive DDoS attacks using memcached servers were detailed this week by researchers including Imperva and Akamai, a new development involving ransomware demands was also published Thursday by Cybereason. Nick Bilogorskiy, Cybersecurity Strategist at Juniper Network, commented below, and provided a supporting screenshot from the Shodan search engine. , Cybersecurity Strategist at Juniper Network: “It is a pretty clever trick to embed the ransom demand inside the DOS payload. It is also fitting with the times that attackers are asking for Monero rather than Bitcoin because Monero disguises the origin, destination and amount of each transaction, making it more suitable for ransoms.…
A new study by Sonatype reports that one in eight open source components used to create applications contain flaws. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “There is inherent risk associated with using open source code for the development of IoT devices. By definition, an open source platform is influenced and altered by anyone, be they white hat or black hat. Bad actors can use open source repositories to plant software with hidden backdoors allowing them to create botnets. The IoT industry should look to move to a Red Hat type model, where open source…
A report out from Harvard University reveals that there could be a large-scale Internet outage similar to the Dyn outage in 2016. * The report points to the centralization of DNS which could translate into a single point of failure during a Denial-of-Service attack and could result in significant Internet outages for organizations. Sean Newman, Director of Product Management at Corero commented below. Sean Newman, Director of Product Management at Corero: “Ensuring the resiliency of a company’s Internet presence should be top priority for any organization that relies on it to do business and DNS is certainly an important part…
Following the news that the Equifax breach affected millions more consumers than originally reported, bringing the total to almost 147.9 million people – almost half the US population. Matt Dircks, CEO at Bomgar commented below. Matt Dircks, CEO at Bomgar: “The seemingly ever-growing extent of the Equifax breach should serve as a reminder that companies cannot afford to be complacent in the face of cyberthreats. In the majority of breaches, attackers use a stolen or weak password to gain a foothold into the network. It’s critical that all credentials to privileged accounts be secured via multi-factor authentication and strong password management policies,…
2018 Thales Healthcare Data Threat Report reveals pressures to drive digital transformation, while maintaining the security of sensitive information Thales, a leader in critical information systems, cybersecurity and data security, today announces the results of its 2018 Thales Data Threat Report, Healthcare Edition, revealing only 30% of global healthcare organisations have remain untouched by a data breach. Worryingly 39% of these organisations have been breached in the last year alone, while the majority of respondents (70%) reported being breached in the past – a 17% increase from the 2016 report. Issued in conjunction with analyst firm 451 research, the findings also…
