Breaking news has revealed that due to another cloud storage misconfiguration, over 120 million Americans across billions of data points are said to have been affected. The issue is said to have occurred after an Amazon Web Services S3 cloud storage bucket was left exposed and open to the public internet. IT security experts are commented below. Tim Erlin, VP of Product Management and Strategy at Tripwire: “If you’re using Amazon S3 storage, or any cloud storage, you need to be monitoring its configuration. There’s no excuse for failing to keep tabs on this particular misconfiguration. The rash of AWS…
ISBuzz Team
The Daily Mail reported yesterday afternoon that a Google researcher discovered a huge security flaw in Windows 10 that could have allowed hackers to steal the passwords of thousands of users. For around eight days this month, some versions of the operating system shipped with a password manager with a massive security flaw. The bug meant cybercriminals could easily take the passwords stored in the third-party app and use them to break into people’s online accounts. Steven, Senior Director of Software Security at Synopsys commented below. John Steven, Senior Director of Software Security at Synopsys: “Rather than defeating the underlying encryption that protects users’ credentials,…
It’s being reported that hackers have been using credit card stealing malware to infect popular retailers such as Zara just as the Christmas shopping craze begins. Cybersecurity firms have confirmed that hackers have recently been using the notorious Zeus Panda Trojan to target UK-based shoppers getting ready for the festive season. Once hackers inject the Zeus Panda Trojan or any of its variants into its target, the hackers can steal a retailer’s customer credit card information. IT security experts are commented below. Tim Helming, Director of Product Management at DomainTools: “As with so many scams, this one typically originates with a phishing lure. The…
With the ever-expanding influx of Internet Embedded Technology (IET) within businesses, such as printers, conferencing solutions, building security technology, heating, ventilation and air conditioning, automated lighting and other various consumer-based Internet of Things technologies, I would not be surprised if we see these technologies take centre stage in a major breach in 2018. Currently no large breaches have been centred directly around IET. However, there are two ways these technologies could play a role in a breach. One way is indirect, where a business has been previously compromised and the IET is then compromised as a secondary phase and used…
News broke yesterday that security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim’s systems and networks. They said that the campaign was a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits. IT security experts commented below. Nadav Avital, Security Research Team Leader at Imperva: “In order to defend against this attack, organisations should make sure their applications and any third party code they use are not vulnerable to remote code execution attacks. In addition they should separate their corporate network from any external/ public facing applications in order to minimize…
Kaspersky Lab researchers have identified a new intriguing malware with multiple modules, which allows for an almost endless number of malicious features – from crypto currency mining to DDos attacks. Due to its modular architecture, even more functions can be added to it. This unusual and powerful malicious software is called Loapi. Loapi stands out from the crowd of various single-functional Android malware, including banking Trojans, crypto mining Trojans, etc., because it has a complex modular architecture that allows it to perform almost limitless actions on a compromised device. The Loapi Trojan is being spread through advertising campaigns under the guise…
Criminals will always find ways to gain access to PCs without the owner’s permission. They will then use the hacked computers to their favor. One recent case was a Trojan virus that infected multiple computers then used them to mine Bitcoins, without the PC owners knowing what is really happening. Bitcoin is a digital currency that can be traded in the digital market. Its value may vary from time to time so traders invest heavily on it, then selling them once the values go up. Bitcoins, being a digital currency, can be used to purchase practically anything online. Bitcoin mining…
For large multinational corporations, a few million dollars per year in stolen revenue or inventory shrink is expected, average, and altogether a blip on the radar. For startups and small businesses, theft can be a catastrophic event. It is difficult enough to grow in this competitive marketplace already, even worse when you are faced with security threats that could cost you everything. Small businesses countrywide lose between $25,000 and $30,000 every minute to shoplifters. What’s worse, it’s not only burglars and thieves that steal. In fact, according to the U.S. Department of Commerce, roughly 75% of employees steal (yes, those…
It has been found that Starbucks’ free WiFi has been hijacking customers’ laptops to mine Cryptocurrency in one of their branches in Argentina. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “It appears as if the Starbucks store wasn’t intentionally running the cryptocurrency mining software, rather the internet service provider was either compromised or running it intentionally. It goes to highlight once again the threats that lurk in the supply chain. It also illustrates the lengths criminals will go to in order to gain access to a few seconds of computing power to mine cryptocurrency.…
Following the news that hackers are suspected of stealing nearly $10m (£7.5m) from 20 companies in Russia, the UK and US through targeted ATM attacks, Adam Maskatiya, UK General Manager at Kaspersky Lab commented below. Adam Maskatiya, UK General Manager at Kaspersky Lab: “It’s imperative that banks regularly assess security policies and procedures, including outlying areas of their infrastructure such as ATMs, and look at how to protect the sensitive data within. Banks should consider applying cybersecurity solutions to minimise unauthorised access to such information. To do this, they should put themselves in the place of the attacker, determine the…
