Official opening of the Information Security Hub Munich Airport has opened a new chapter in its IT security activities. At a special ceremony today, the airport launched its Information Security Hub (ISH) – a competency center where IT specialists with the airport operating company (FMG) will work together with experts from the European aviation industry to develop strategies for defending against cyberattacks and new approaches to the fight against cybercrime. With the spread of digitalization in recent years, there has been a massive increase in the number of attacks on the IT systems of companies and public authorities in Germany.…
ISBuzz Team
Transduction attacks are a threat to sensors embedded in a variety of devices according to researchers at the University of Michigan and Zhejiang University. A transduction attack would use sound, electromagnetic waves, or electric signals, to trick a sensor into reading incorrect data. Researchers have demonstrated how a cyber criminal could not only cause a denial of service attack, but also control the sensor output itself with malicious analog signals at the same frequency as the sensor. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “Small electronic devices such as these vulnerable sensors are taking cybercrime to…
With recent news that essential services firms will face hefty fines for failing to effectively safeguarding themselves from cyber-attacks, Dr Guy Bunker, SVP of Products at data security company, Clearswift, commented below on why this is a huge step forward for cyber security legislation and what this will mean for UK businesses. Guy is an internationally renowned IT expert with over 20 years’ experience in information security and IT management. He was previously the Global Security Architect for HP. Prior to that he was Chief Scientist for Symantec and CTO of the Application and Service Management Division at Veritas (acquired by Symantec). Dr Guy…
The Israeli national media is reporting on research from Ben-Gurion University which shows that “unpatched” medical devices whose owners and operators don’t download ongoing security updates may be vulnerable to attacks. In their paper “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show the relative ease of exploiting these “unpatched” medical devices. The devices include computed tomography (CT) and magnetic resonance imaging (MRI) machines. Hackers can also block access to medical imaging devices or disable them altogether as part of “ransom attacks.” Adam Brown, Manager – Security Solutions at Synopsys commented below. Adam Brown, Manager – Security Solutions at Synopsys: “Medical…
News broke yesterday that the captain’s of critical UK industries have been warned by the government that they need to be ready for a serious cyber-incident. Sector-specific regulators are being designated in order to ensure that essential services are protected, and to impose steep fines of up to £17 million for non-compliance. Terry Ray, CTO at Imperva commented below. Terry Ray, CTO at Imperva: “Security in infrastructure services in most countries is not generally excellent. Typically their primary fears are state sponsored attacks which aren’t overly common on services like water, sanitation, or even energy, transportation and others. There are good examples of attacks outside the UK on nuclear…
Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), which is arguably one of the most widely-deployed SSL VPNs on the market. Traditional VPNs, like Cisco’s ASA, expose an open port to the Internet which means that any remote user can connect to it. The vulnerability announced yesterday allows an unauthenticated, remote attacker to remotely execute code on the VPN box. This represents an immediate and significant vulnerability for many organisations as, through this, an attacker could gain access to the corporate network. This is why Cisco has classified it as critical – their…
News broke yesterday that the New NTIA (National Telecommunications and Information Administration) chief has pushed back on the planned efforts to scale back Whois information, in order to comply with the incoming EU General Data Protection Regulation (GDPR). Tim Chen, CEO at DomainTools commented below. Tim Chen, CEO at DomainTools: “Whois data has been a critical resource in defending the openness, transparency and security of the internet. The security and protection of individuals, employees, customers, brands, IP and a host of other important assets and constituencies will continue to depend on understanding who owns and controls resources on the internet. At a time when Whois data…
Security experts found that a trove of over millions email credentials, which belongs to employees of Fortune 500 companies, has been leaked to the dark web. Experts analysed data from over a three-year period, which represented the largest ever trove of stolen credentials – amounting to 8 billion. It was found that over 2.7 million of these 8 billion stolen credentials have found their way into the dark web. Experts found that account credentials of every 1 in 10 Fortune 500 staffer has been leaked to the dark web, according to a new report by credential verification service VeriClouds. Experts…
BEC runs rampant as conventional email security fails to detect display name deception; Agari enhances its Enterprise Protect functionality to deliver advanced protection against BEC SAN MATEO, Calif. – Agari, a leading cybersecurity company, today published research revealing that 96 percent of organisations have received business email compromise (BEC) emails during the second half of 2017. The Agari “Business Email Compromise (BEC) Attack Trends Report” analyses more than one billion emails considered safe by conventional email security solutions, including Secure Email Gateways (SEG), Advanced Threat Protection (ATP) and Targeted Attack Protection (TAP). “Business email compromise is a particularly effective attack vector…
The US Secret Service is warning financial institutions that jackpotting attacks – where ATMs fraudulently dispense cash – are now a risk in the US, according to Krebs on Security. Two cybersecurity experts with VASCO Data Security (which serves more than 10,000 customers and helps more than half of the top 100 global banks protect their online, mobile and ATM channels) offer perspective. John Gunn, CMO at VASCO Data Security: “The security that protects ATM transactions has improved significantly over the past several years, including using EMV chip cards and enhanced authentication using consumers’ mobile phones, so criminal are being forced to revert to more brazen physical attacks…
