A recent Ponemon Institute survey found out that the ‘lack of competent in-house staff’ outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Finding talented cybersecurity staff will continue to be a serious dilemma for organizations in 2018 especially with the flood of sophisticated cyberthreats that will increase the pressure on IT/OT staffs. Technology is one way to ease the burden. Latest advancements can automate simple tasks that can take hours and days and reduce them to minutes. New technologies can also provide in-depth visibility…
ISBuzz Team
Security researchers have reported 147 vulnerabilities in 34 mobile applications used in conjunction with Supervisory Control and Data Acquisition (SCADA) systems. These vulnerabilities could enable a hacker to compromise industrial network infrastructure by allowing them to disrupt an industrial process or cause a SCADA operator to unintentionally perform a harmful action on the system. IT security experts commented below. John Kozyrakis, Applied Research Lead at Synopsys: “The identified vulnerabilities (no hardening against reverse engineering, poor network channel security, use of insecure SD card storage and others) are fairly common across all types of mobile applications and not particularly specific to SCADA related applications. The alarming part is that…
Security firm, Symantec, has discovered a counterfeit version of the encrypted messaging app Telegram, with malware built on the open source code. The fake app, Teligram, which was freely available on the Google Play Store, features similar branding and app store listings to trick users to install malware on their device and hijack their data. John Kozyrakis, Applied Research Lead at Synopsys commented below. John Kozyrakis, Applied Research Lead at Synopsys: “The issue here is ‘impostor apps’ uploaded to Google Play; lookalike apps that have some extra, and possibly malicious, functionality added. Whether an application is open source or not has very little relevance. Impostor apps are regularly created…
Mobile app flaws could compromise industrial network infrastructure Seattle, Wash. -IOActive, Inc., the worldwide leader in research-driven security services, and Embedi, a cybersecurity startup company focused on immunizing IoT/embedded/smart end-point devices against 0- and 1-day attacks, today released a white paper outlining 147 cybersecurity vulnerabilities found in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems. The technical details of the research are being released by Alexander Bolshev, Security Consultant for IOActive, and Ivan Yushkevich, Information Security Auditor for Embedi, in a new paper, “SCADA and Mobile Security in the Internet of Things Era.” According to the researchers,…
Thousands of Netflix customers have been targeted by a phishing attack, the scam is aiming to fool customers into handing over their credit card details. Raj Samani, Fellow and Chief Scientist at McAfee commented below. Raj Samani, Fellow and Chief Scientist at McAfee: “It is extremely concerning to hear that thousands of Netflix customers could have been hit by a somewhat sophisticated phishing scam this morning. Yet, sadly it isn’t all surprising. Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems. Taking advantage of trusted, well-known brands attempts to…
News broke overnight that , a new variant of the HC7 Ransomware is in the wild that encrypts a victim’s files and appends the .PLANETARY extension to the filename. What makes this particular ransomware variant unique is that it may be the first one that accepts the Ethereum cryptocurrency as a ransom payment. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “The monopoly of bitcoin as a criminal payment currency is over. Famously the shadow brokers led the way specifying ZCash as their platform, but additionally we have tracked a huge trend towards Monero by cybercriminals as a mining…
Cryptocurrency will emerge as a method of purchase The value of Bitcoin – perhaps the most well-known and widely used of cryptocurrencies – experienced a dramatic surge last year, with its value climbing from less than $1,000 to over $6,000. This will likely grow further still over the course of 2018, meaning retailers who previously dismissed cryptocurrency as a fad must now look into how best to integrate the payment method into their business. Japan has already taken a leading role in this regard, with the country’s government granting cryptocurrencies legal status as a means of payment in April last…
News broke today that Carphone Warehouse has been handed a £400,000 fine after one of the company’s computer systems was compromised as a result of a cyber-attack in 2015, putting millions of people’s data at risk. IT security experts commented below. Itsik Mantin, Director of Security Research at Imperva: “In the modern data era where organizations store and rely more and more on data to run their business, data breaches are becoming part of the organizations’ life. In the race between hackers and cyber defenders, each of the sides has its victories, and thus another phone company getting hacked may not seem to be significant news. What’s concerning with this…
The flaw allows anyone who controls WhatsApp’s servers to effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Jing Xie, Senior Digital Security Researcher at Venafi commented below. Jing Xie, Senior Digital Security Researcher at Venafi: “Governments have targeted WhatsApp encryption in the past, demanding backdoors into their service and data. We exist at a time when governments worldwide are attempting to break down and intrude on the use of encryption, which disregards basic protections to human, and machine, privacy – what has become a basic…
As ever: With Turla, nothing is quite what it seems. ESET researchers have found that Turla, the notorious state-sponsored cyberespionage group, has added a fresh weapon to its arsenal that is being used in new campaigns targeting embassies and consulates in the post-Soviet states. This new tool attempts to dupe victims into installing malware that is ultimately aimed at siphoning off sensitive information from Turla’s targets. The group has long used social engineering to lure unsuspecting targets into executing faux Adobe Flash Player installers. However, it doesn’t rest on its laurels and continues to innovate, as shown by recent ESET research. Not only…
