Following the new Wi-Fi standards unveiled earlier this month by the Wi-Fi Alliance at CES in Las Vegas. A first official draft of the WPA3 Wi-Fi authentication protocol is forthcoming, anddevices supporting the new protocols should be available later this year, including features like improved protection when users choose weak passwords, individualized encryption and improved security setup on devices with limited or no interface screens. There will also be a new security suite using 192-bit encryption. Christian Lees, CISO at InfoArmor commented below. Christian Lees, CISO at InfoArmor: “WPA2’s life expectancy has far exceeded its expectations in my book, and WPA3’s new security controls will be…
ISBuzz Team
Three cybersecurity experts from Juniper Networks and STEALTHbits Technologies offer perspective on remarks by David Bennett, CIO/Director of Operations for the Defense Information Systems Agency (DISA, a DoD combat support agency) and outgoing DISA Director Lt. Gen. Alan Lynn (NextGov story link), which disclosed that: 36 million malicious emails attempting to access US military systems are blocked each day by the DoD; the Pentagon has thwarted DDoS attacks up to 600 gps; and the Pentagon is preparing for one TBPS attacks. IT security experts commented below. Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies: “36 Million is undoubtedly a lot of emails to vet for threats. When placed alongside the total number of emails sent daily…
A hacker hijacked BlackWallet to steal nearly £300K from Bitcoin rival Stellar Lumen; an incident that Ilia Kolochenko, CEO of web security company High Tech Bridge commented below. Ilia Kolochenko, CEO at High Tech Bridge: “Unfortunately, startups in digital currencies and other blockchain technologies often ignore or underestimate information security and privacy fundamentals. They operate on a very competitive and extremely fluctuative market, and just don’t have enough resources and time to take care of cybersecurity. Changes and updates go into production every hour, without the necessary security validation and testing of new code. Competition is always behind, price of currencies…
It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility. Chris Wysopal, CTO and Co-Founder at CA Veracode commented below. Chris Wysopal, CTO and Co-Founder at CA Veracode: “Unfortunately, breaches like this are becoming common place and part of the reason is businesses have viewed security as a detached from the development process. This results in a high prevalence of vulnerabilities, which in turn are used by hackers to exploit companies and steal data. Fixing this problem will require…
Trend Micro has reported that business email compromise (BEC) attacks are projected to exceed $9 billion in 2018. This is quite an increase when you consider that, less than a year ago, the FBI reported BEC attacks had become a $5.3 billion industry. Eyal Benishti, CEO and Founder at IRONSCALES commented below. Eyal Benishti, CEO and Founder at IRONSCALES: “Organisations must realise that employees are being targeted and falling victim to a BEC (business email compromise) attacks as cybercriminals are employing increasingly sophisticated methods to spoof senders and trick employees into performing the criminals bidding. However, many businesses are still…
News broke earlier today that hackers have launched a new spam campaign, targeting the telecommunications, insurance and financial services industries. The campaign involves hackers using new Microsoft Office vulnerabilities to spread a potent backdoor malware called Zyklon, which can steal passwords, allow hackers to launch DDoS attacks and mine cryptocurrency, among other things. Sean Newman, Director of Product Management at Corero Network Security: “There’s no getting away from the levels of sophistication that cyber criminals are now using to underpin their nefarious activities. This latest report of vulnerabilities in Microsoft Office products being leveraged to install malware, which can be remotely controlled to deliver…
ESET Ireland picks malware-carrying spam as Gaeilge and a Bitcoin-related pyramid scheme as the threats of the week to Irish computer users The cybersecurity company ESET Ireland comes across many cyberthreats each week, but some of them stick out due to their particularities. This week the first that stood out was a long spam email written in Irish, coming from a Telecom Italy email address and claiming it’s from a Belarussian woman, called Anna, looking for a relationship, with “her picture” attached. The attached file contained a script based downloader, such as the ones that download the notorious Nemucod malware, which…
It’s being reported that a hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press. The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website. IT security experts commented below. Gary Cox, Director of Western Europe at Infoblox: “Following last year’s WannaCry attack on the NHS, and the recent incident in which ransomware forced a US hospital to shut down its computer systems, this latest breach illustrates the…
It’s being reported that Chinese phone maker OnePlus is investigating reports of customers’ credit card details being stolen after they made a purchase on its official website. According to a poll and discussion on OnePlus forums, at least 68 people are reporting incidences of credit card fraud they have experienced after OnePlus transactions running from very recent to more than four months ago. Robert Capps, Vice President at NuData Security commented below. Robert Capps, Vice President at NuData Security: “OnePlus explained that they share data over encrypted connections. However, a gap where malicious protocol can steal information before it’s encrypted was found. It is crucial for companies to review their systems and look…
The Triton/Trisis malware was inadvertently shared by Schneider Electric on VirusTotal. The malware targets industrial control systems and was used to attack a facility in the Middle East at the end of 2017. IT security experts commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Triton is a serious threat to critical infrastructure systems on par with the likes of Stuxnet and Industroyer because it specifically targets industrial control systems with the capability to cause physical damage or shutdown operations. The fact that malware’s code has leaked online for anyone to download, should make it even bigger concern for security teams.…
