Unreliable VPNs highlight the dangers of remote working A study by OneLogin, the identity management provider bringing speed and security to the modern enterprise, has found that UK businesses who provide their employees with the benefit of remote working are struggling to find a balance between productivity and security. In fact, over half of remote workers spend up to one day per week connected to unsecured networks, thereby leaving organisations open to a host of cyber threats. With three-quarters (74%) of those surveyed now offering remote access to fulfil employee demand, many companies have responded to this need by introducing…
ISBuzz Team
To quote Warren Buffet, it takes 20 years to build a reputation and five minutes to ruin it. Years later, in our “always on” world, I would wager it can take less than five minutes to incur damage to your image. We are unable to open the newspapers or turn on the television without bearing witness to the latest victim of a cyber-attack, most recently with American TV giant HBO experiencing Game of Thrones being leaked around the world. The threat is certainly growing: a recent report revealed that cyber-attacks rose by a quarter in Q2 2017. In a world overwhelmed by social media,…
It has been reported that new research from Kaspersky Lab, released today, has highlighted vulnerabilities in smart home hubs across millions of UK homes. Researchers discovered that the hub sends user data when it communicates with a server, including the login credentials needed to sign in into the web interface of the smart hub. Remote attackers can then download the archive with this information by sending a legitimate request to the server that also includes the device’s serial number. Christopher Littlejohns, EMEA Manager at Synopsys commented below. Christopher Littlejohns, EMEA Manager at Synopsys: “Vulnerabilities in smart hubs are entirely predictable symptoms of an immature organisation without a…
Corero executives offer perspective on recent reports of the Avzhan botnet resurfacing, targeting Chinese websites. Malwarebytes Labs researchers noted that while the bizarre patterns of this particular drive-by download were not especially advanced, they did involve the use of several different exploits to distribute malware. IT security experts commented below. Sean Newman, Director of Product Management at Corero Network Security: “Recent reports of a possible resurgence of the old Avzhan botnet, from 2010, just go to show how many old, unpatched, systems you can still find if you go digging on the Internet! It’s just another example showing that however much cyber criminals are innovating,…
The TRITON malware attack reinforces the need for OT cyber security to begin well beyond the core control system network. The recent TRITON malware attack against a critical infrastructure organization sought to modify and manipulate industrial safety systems with the intention of causing potentially catastrophic physical damage. ICS systems create an interface between physical and digital environments, meaning that the repercussions of an unhandled failure can be fatal. The TRITON campaign can be divided into two conceptual phases. First, the attackers managed to gain remote access to an engineering workstation attached to the SIS (Safety Instrumented System) network, after which…
Following today’s release of CrowdStrike’s new report on levelling the playing field in the world of cybersecurity, specifically the levelling off between nation states and cyber crime groups. I’d like to offer you further insights from Ross Rustici, senior director, intelligence services, Cybereason. The report also dives into sophisticated threats and new attack vectors being used by hackers to gain access to proprietary information, identities and critical infrastructure. This is something which Cybereason has been at the forefront of since 2015. Ross Rustici, Senior Director, Intelligence Services at Cybereason commented below. Ross Rustici, Senior Director, Intelligence Services at Cybereason: “CrowdStrike’s…
Following news reports over the last day or so, that hackers have broken into four UK schools CCTV systems and streamed live footage of pupils online. The UK’s Information Commissioner’s Office has now launched an investigation into this. Raj Samani, Chief Scientist and McAfee commented below. Raj Samani, Chief Scientist and McAfee: “Today’s news that security cameras in at least four British schools are being streamed online is absolutely horrific, but sadly not surprising. We live in a world where everything is connected, yet still we are seeing vulnerabilities in even the most basic technology and that is what we’ve seen today in…
An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team. This malicious advertising network has also found an efficient trick at avoiding users with ad blockers, a trick it use to make sure both its ads and the cryptojacker reach all intended targets. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “It’s not unexpected to see cryptojacking payloads use all the tools, techniques and procedures used by…
According to a new report to be released on Monday by CrowdStrike, there is a leveling of the playing field between nation-states and cyber-criminal groups with wide-scope targeting. The report also brings to light key metrics defining the state of cybersecurity today across industries, including trends in tactics, techniques and procedures (TTPs) as well as new attack vectors. IT security experts commented below. Mark James, Security Specialist at ESET: “Detecting malware is only a small segment of protecting your networks and any data contained within- a good digital security solution should involve not only software but policies, procedures, education and network logging.…
The Federation of Small Businesses (FSB) has revealed that up to 90% of small businesses are not ready for the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. With 85 days left before the regulation comes into force it seems just eight percent of small businesses have completed their preparations. Paul Edon, Director at Tripwire commented below. Paul Edon, Director at Tripwire: “Time is fast running out for all businesses to be GDPR compliant and this could drive organisations to invest in straight to the point solutions. These tend to be marketed heavily at addressing the more…
