Following the discovery of a fundamental design flaw in Intel’s processor chips which has now been revealed to affect Apple devices, IT security experts commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “Historically, cybercriminals have focused their attack efforts on devices running Windows, as they’re more commonly used and therefore provide a bigger pool of potential victims. As a result, Apple products have (wrongly) long been considered to be ‘hack-proof’, resulting in people being complacent about cyber-security protection for their Apple devices. However, this latest news shows that it’s not just Windows devices that are at risk – and…
ISBuzz Team
It has been reported this morning that the Winter Olympics has been targeted by hackers. Peter Carlisle, VP EMEA at Thales eSecurity commented below. Peter Carlisle, VP EMEA at Thales eSecurity: “Global gatherings such as the Olympics that see world leaders, businesses and governmental organisations converge on one location are a naturally attractive target for digital criminal activity. Notably, it is becoming increasingly likely that multiple attempts will be made to obtain sensitive information like passwords. Even when the stakes are high in situations like this, the international community must ensure that the necessary measures are in place and sufficiently fortified to prevent any…
Recently it was discovered that a Department of Homeland Security (DHS) / Office of the Inspector General (OIG) employee was in possession of a file that contained nearly a quarter of a million – that’s right, 250,000 records of people employed by DHS as well as subjects, witnesses and complainants associated with ongoing investigations from 2002 – 2014. The data included social security numbers, dates of birth, positions, grades and duty stations. Daniel Conrad, Identity and Access Management Specialist at One Identity commented below. Daniel Conrad, Identity and Access Management Specialist at One Identity: “If this isn’t a case of poorly…
If you’re thinking of downloading a handy flashlight app for your phone, beware: Check Point researchers have detected a new type of adware roaming Google Play, the official app store of Google, hidden in 22 different flashlight and utility apps. Dubbed ‘LightsOut’, the adware code reached a spread of between 1.5 million and 7.5 million downloads. Its purpose was to generate illegal ad revenue for its perpetrators at the expense of unsuspecting users. It overrides the user’s decision to disable ads showing outside of a legitimate context, and then, in many of the apps, hides its icon to hinder efforts…
Digital Defense, Inc., a leading security technology and services provider today announced that its Vulnerability Research Team (VRT) uncovered three previously undisclosed vulnerabilities within Dell EMC Data Protection Suite Family products. Combining the three identified vulnerabilities, full compromise of the affected system is possible by modifying the configuration file. What You Can Do Dell EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance contain a common component, Avamar Installation Manager (AVI), which is vulnerable to the disclosed vulnerabilities. Dell EMC has released security fixes to address these vulnerabilities. The security fixes can be obtained through security advisory ESA-2018-001(requires Dell…
Executive Summary Two vulnerabilities, potentially dating back to as far as 1995 and affecting almost all processors, have been disclosed by security researchers. The vulnerabilities, dubbed Meltdown and Spectre, are information disclosure vulnerabilities that allow an attacker to use a malicious program to potentially see any information any other program is storing in memory. There are three CVEs associated with these vulnerabilities: CVE-2017-5753 (Spectre Variant 1), CVE-2017-5715 (Spectre Variant 2), and CVE-2017-5754 (Meltdown). Vendors have started releasing patches for these vulnerabilities and security researchers have released POC exploit code. Background Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715 and CVE-2017-5753) were discovered and…
Sources: – https://meltdownattack.com/ – https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/?mbid=email_onsiteshare Two vulnerabilities: – Meltdown o Description: Normally Intel x86 processors enforce memory separation between the Operating System (OS) kernel and user applications Meltdown allows malware to read arbitrary kernel memory, hence memory used by kernel and other applications Affects desktops, laptops, cloud servers, smartphones o Risk: Large impact: malware can read sensitive data used by other applications, such as: Passwords Encryption keys Banking information (e.g. credit card details) Documents Probability of occurrence For end-users: o Malware needs to be present on device of user o Retrieval of useful data not straightforward, hence unlikely to be used to address large number of users For…
Crypto malware miners are being slipped into ad networks according to Israeli adtech firm Spotad. Spotad’s AI system detected anomalies in the code of legitimate ads that was a crypto miner for Monero. Alex Calic, Chief Strategist and Revenue Officer at The Media Trust commented below. Alex Calic, Chief Strategist and Revenue Officer at The Media Trust: “Leveraging the power and broad reach of the digital advertising ecosystem to distribute malware or unwanted code is an ongoing issue. While cryptocurrency mining scripts are not new, their prevalence in the digital environment is definitely on the uptick. Due to the internet’s…
If column inches on an issue equated to how seriously organisations took it, then cyber security would undoubtedly be the number one concern for CEOs and the rest of the board in companies all over the world. However, I am not entirely sure if this is the case. Most organisations talk about cyber security and how robust their defences are against cyber attack, but how many organisations could honestly say they are as well-protected as they say they are? The volume and severity of cyber attacks increase year-on-year, yet according to research from security firm Barkly, 52% of organisations that…
In a recent survey, it has been found that 61% of consumers surveyed claimed that they are more worried about cybersecurity today than they were five years ago. Recent McAfee research reveals that 33% of consumers rank protecting their identity as their number one cybersecurity priority ahead of protecting privacy, connected devices, data, and connected home devices. With this in mind, it has been reported today that Security researchers have unearthed 36 malicious Android apps parading as security tools on the Google Play Store that actually harvest user data, track their location and more. According to Trend Micro, these apps offered users a…
