Safer internet day 2018- admirable goal, but impossible to achieve without considering IoT Security “Safer internet day 2018” was celebrated on February 6th. It was an opportunity to stop and think about all the things that make our connected world great and how to ensure it remains so. In recent years, the awareness of the risks involved in the use of internet, social media platform, mobile devices and wearables has risen to a point where almost everyone knows the basics of cyber hygiene. We are taught to choose complex password, not to share intimate details online and to buy online…
ISBuzz Team
Derek Weeks, VP and DevOps Advocate at open source software security firm Sonatype commented below on the news that France is planning to put manufacturer liability on the security of their products for their entire lifecycle. Derek believes that this is a step in the right direction for security and for software assembly in general. Derek Weeks, VP and DevOps Advocate at Sonatype: “The French government plans to impose legislation that would make manufacturers liable for the security of their products that are software based. Today, 80 – 90% of applications are composed from reusable software parts called open source components. While these parts…
Experts from Rubicon Labs and SiO4 commented below on a newly discovered variant of Mirai botnet malware forces infected devices to act as proxy servers capable of protecting the anonymity of cybercriminals engaging in illegal activities. Rod Schultz, Chief Product Officer at Rubicon Labs: “There is a huge financial incentive for attackers to mutate what initially appears to be a relatively harmless pice of malware (Mirai in this case) into something much more malicious. The building blocks and knowledge needed to transform malware into the equivalent of the digital Spanish Flu exist today, and until connected devices can be updated and patched with resistant code it will…
Commenting on this week’s updated guidance from the SEC on how public companies should disclose cyber security risks and breaches, IT security experts commented below. Willy Leichter, VP of Marketing at Virsec: “The new SEC guidance on cybersecurity is a step in the right direction but is pretty lacking in specifics. Requiring disclosure of cyber security gaps that may not yet have been exploited is important, as it barring insider trading on non-public knowledge of a breach. However, recommending “timely” notification of breaches is far too vague. Was Equifax’s months-long gap in public disclosure timely? It’s also surprising that the word “privacy”…
The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. The agency’s IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before reintroducing PCs into its network. In a rare sign of transparency, officials revealed the name of the ransomware —SamSam. This is the same ransomware strain that infected hospitals, city councils, and ICS firms in January. The hackers made over $300,000 from those attacks. One of the victims, an Indiana hospital agreed to pay a $55,000 ransom demand despite…
In response to reports by the FortiGuard Labs team on the emergence of the OMG botnet, a new Mirai variant that seeks to turn IoT devices into proxy servers – two cybersecurity experts commented below. Sean Newman, Director Product Management at Corero Network Security: “We’re used to seeing Mirai variants being used to commandeer IoT devices across the Internet and then focus a DDoS attack from them on a specific target somewhere else on the Internet. “By contrast, this OMG variant seems to look for vulnerable IoT devices within a target organisation and then plant a proxy on them, so that the IoT device can be…
Following the news that L.A. Times website was injected with Monero cryptocurrency mining script, IT security experts commented below. Carl Wright, Chief Revenue Officer at AttackIQ: “Once again, hackers took advantage of a misconfiguration to inject mining script – this time the attackers went after the L.A. Times website. Like other organizations, the fallout from this attack could seriously damaging the site’s reputation, credibility and revenue streams. It’s another all too common tale for organizations– and it could have been avoided. The attack surface has significantly expanded for many enterprises – without any guarantee of uniform security controls and processes. Consequently, it’s…
It’s being reported that a new campaign involving suspected Lebanese hackers has been uncovered, which involves cybercriminals creating fake Facebook profiles and using social engineering to lure potential victims into downloading an Android spyware. According to security researchers at Avast, who uncovered the new attacks, the hackers spread the spyware, dubbed Tempting Cedar, via fake Facebook profiles that engaged with potential victims. The targets were persuaded by the hackers operating the fake profiles to download the spyware, which was disguised as the Kik Messenger app. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “It is interesting that two…
In light of Interpol’s warning that IoT devices are at particular risk of cyber-attacks, Christian Vezina, CISO at VASCO Data Security commented below. Christian Vezina, CISO at VASCO Data Security: “The Internet of Things is set to change the way we live and work but all of that could be easily sabotaged by the lack of adequate security. As things stand, the tools needed for a cyber-attack are easy to find and use. Anyone can go onto the dark web and start using available malware code, not to mention the hacking, malware- and ransomware-as-a-service that can all be hired for next to nothing. …
New Kaspersky Labs research notes that the financial impact of a Distributed Denial of Service (DDoS) attack continues to rise, and is now more than $120K for SMBs and more than $2M for enterprise organizations. A Corero Network Security executive notes that these costs can climb far higher, based on recent research and given upcoming regulatory changes such as GDPR. Andrew Lloyd, President at Corero Network Security commented below. Andrew Lloyd, President at Corero Network Security: “Rather than focusing solely on average loss/cost values of a DDoS attack, it’s helpful to think about what a DDoS attack might cost an organisation for every minute that it goes unmitigated. Especially…
