Managing multiple challenges in a multi-cloud world can undermine organisations’ confidence to withstand a cyber-attack. The explosive proliferation of applications in the cloud has created a vast new playing field for cyber-criminals. Today, the fear of attack is constant. According to F5 Networks’ fourth annual State of Application Delivery (SOAD) report, security confidence tends to fall as moves to the cloud increase. 75% of EMEA respondents in the global customer study revealed they now embrace multi-cloud deployment scenarios. Digital transformation and competitive differentiation are the endgame, but there are plenty of pitfalls on the way. Applying consistent security policies across…
ISBuzz Team
UK’s National Cyber Security Centre’s (NCSC) first annual report shows that the agency has detected and prevented millions of online commodity attacks against the UK. The four Active Cyber Defence (ACD) programmes aim to improve basic cyber security by disrupting cyberattacks that affect UK citizens. The technology, which is free at the point of use, improves defence against threats by blocking fake emails, removing phishing attacks and stopping public sector systems veering onto malicious servers. IT security experts commented below. Eyal Benishti, CEO and Founder at IRONSCALES: “The report from NCSC is very encouraging, especially the initial results from its Active…
In response to the news that a security researcher has discovered that exploits stolen from the NSA last year have been tweaked to potentially impact all versions of Microsoft’s operating system back to Windows 2000, IT security experts commented below. Mark James, Security Specialist at ESET: “One of the problems with digital exploits is the ability to change or adapt them for current or future use. Although the original attack method may not work currently it may only take a small tweak in the code to turn it back into a formidable weapon for reuse. When it comes to protecting…
Nation-state and criminal hackers are targeting the Winter Olympics at a rapidly increasing rate, raising fears of phishing scams, hacks and other disruptive attacks. Already, the US government has warned its citizens to remain vigilant when it comes to cybersecurity risks during the event in Pyeongchang. More recently, security firm McAfee has discovered malware that serves as the second-stage payload in a phishing campaign targeting organisations that are involved with the 2018 Winter Olympics. They released a report on Friday, detailing the discovery and analysis of the attack. IT security experts commented below. Thomas Richards, Associate Principal Consultant at Synopsys: “The Winter Olympics present a significant security challenge with…
A malicious Reddit spoof site (Reddit.co) is convincing users to hand over their usernames and passwords. What’s particularly dangerous about this site is that it actually shows up as secure in your browser (image attached), as it has a valid SSL Certificate. Security experts at Venafi and RSA Security commented below. Azeem Aleem, Director, Advanced Cyber Defence Practice EMEA and APJ at RSA Security: “Make no mistake, this is an effective scam. They’ve put in the time and effort to create a remarkably realistic website that even shows a secure SSL certificate in your browser window. It is well designed, well executed, and…
Cybercriminals have been using a multiplayer option on Grand Theft Auto in order to infect IoT devices with a new botnet which has connections to the Satori botnet. According to a blog post by Radware researcher Pascal Geenens, the botnet uses the vulnerabilities CVE-2014-8361 and CVE-2017-17215, which affect certain Huawei and Realtek routers. Terry Ray, CTO at Imperva commented below. Terry Ray, CTO at Imperva: “At the moment, it appears that the biggest threat from this botnet is its capacity to offer cheap DDoS services to users. The last time it was reviewed DDoS offerings were in the range of 290-310 GBPS, which should be capable to create successful denial…
Final Fantasy XIV was hit with a DDoS attack yesterday according to the website. The technical difficulties experienced by players has since been remedied. Stephanie Weagle, Vice President at Corero commented below. Stephanie Weagle, Vice President at Corero: “Final Fantasy has been caught in the DDoS cross-hairs yet again. Online gaming companies are constantly under the barrage of DDoS attacks – sometimes there are dozens of attacks per day that range in size and scale. Regardless of the motivation, or techniques used to execute the attacks, these cyber events lead to downtime, latency and availability issues. If an attack is…
In a new blog post, researchers from Imperva discuss a zero-day vulnerability in WordPress core that was just disclosed. The vulnerability allows an attacker to perform a denial of service (DoS) attack against a vulnerable application and exists in the modules used to load JS and CSS files. These modules were designed to decrease page-loading time, but have effectively rendered the WordPress core susceptible to DoS attacks. WordPress holds a market share of more than 29 percent of internet websites and 60 percent of content management systems (CMS) worldwide, turning any vulnerability in the WordPress core into a potentially large-scale exploit. Ben…
With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests, IT security experts commented below. Dr Guy Bunker, SVP of Products at Clearswift: “The news that the NHS shared 162,000 pieces of documentation with Capita is unfortunately not an isolated event. In fact, 37% of healthcare respondents in our recent report agreed they had definitely duplicated customer data through email and document forwarding. Due to human error and a lack of technology enforcing processes that would avoid this kind of incident, this happens within businesses all too often. “There is a serious need for…
Offers Consistent Security Across All Major Cloud Providers and Simplifies Deployment and Management in Hybrid and Multi-Cloud Environments Palo Alto Networks® (NYSE: PANW), the next-generation security company, will welcome more than 10,000 attendees to its Epic Cloud Security Event today, where the company will showcase how it is infusing new cloud capabilities into its Next-Generation Security Platform designed to prevent successful cyberattacks in the cloud. The forthcoming advancements, introduced today, will provide customers operating in hybrid and multi-cloud environments with a comprehensive, consistent security offering that integrates directly with cloud infrastructure and workloads. In an upcoming study conducted by ZK Research, 86 percent of…
