It has been reported that a cyberattack slowed county government to a crawl Wednesday in North Carolina’s most populous metro area as deputies processed jail inmates by hand, the tax office turned away electronic payments and building code inspectors switched to paper records. Data was frozen on dozens of Mecklenburg County servers after one of its employees opened an email attachment carrying malicious software earlier this week. IT security experts commented below. Eyal Benishti, CEO and Founder at IRONSCALES: “While some suggest that Mecklenburg County’s refusal, so far, to meet its attackers demands is heroic, it’s actually very sensible. The reality is that,…
ISBuzz Team
German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user’s computer. While the remote code execution part of Mailsploit is worrisome, the real issue is the email spoofing attack that circumvents all modern anti-spoofing protection mechanisms such as DMARC (DKIM/SPF) or various spam filters. This allows miscreants to send emails with spoofed identities that both users and email servers have a hard time detecting as fakes. This, in turn, makes phishing attacks and…
Gene Stevens, Co-Founder and CTO for ProtectWise, examines how organisations can benefit from having a perfect memory of the security incidents on their networks Imagine your organisation uses a common Java framework such as Apache Struts to build and manage website content. A new exploit has emerged, taking advantage of a bug in the plug-in that could allow intruders to infiltrate your network. This new exploit comes six months after hostile actors took advantage of another security hole in Apache Struts — but you, along with everyone else, are only just hearing about it. You can and will use this…
54% of energy companies need additional digital skills in security to deliver successful IoT projects While the majority of energy companies are turning to the Internet of Things (IoT) to help them meet growing demands for power and operate with greater efficiency, too many lack the security procedures to successfully deploy IoT solutions. This is according to the latest research from Inmarsat (ISAT.L), which found that more than half of global energy businesses do not have the skills and understanding required to combat the security risks associated with IoT. In May 2017 market research specialist Vanson Bourne interviewed senior IT…
Security Risks Drive Growth in Overall Security Spending Gartner, Inc. forecasts worldwide security spending to total $96.3 billion in 2018, an increase of 8 per cent from 2017. Organisations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy. “Overall, a large portion of security spending is driven by an organisation’s reaction toward security breaches as more high profile cyberattacks and data breaches affect organisations worldwide,” said Ruggero Contu, research director at Gartner. “Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect…
Security researchers have discovered a massive collection of personal data belonging to more than 31 million users of the popular virtual keyboard app, AI.type, after the information was accidentally leaked online. It is possible for anyone to download the sensitive data without requiring a password. A misconfigured MongoDB database is thought to have been the reason for the exposure of AI.type’s entire 577 GB database. IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “It is concerning that a keyboard app is collecting excessive data from users which isn’t needed for its operation. Unfortunately, many companies will opt to gather…
There are four major factors in cyber security that change constantly, creating meaningful impact to business and government cybersecurity programs: Business trends and new technology adoption Advances in threats Regulations and compliance Improvements in cybersecurity defensive tools and processes None of these factors change on any predictable schedule, but humans tend to like to look ahead each time we ring in the New Year. John Pescatore, Director of Emerging Security Trends at the SANS Institute, provides his top five predictions for cybersecurity in 2018. Business reliance on cloud will drive increased direct attacks against cloud services.We will continue to see rapid…
It was reported yesterday that the phishing research and defence firm PhishLabs published new analysis showing that phishers have been adopting HTTPS more and more often on their sites. When you get a phishing email or text, the sites they lead to—that try to trick you into entering credentials, personal information, and so on—implement web encryption about 24 percent of the time now, PhishLabs found. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “While the change to encryption doesn’t have a significant impact on the operations of these phishing sites–they’re not likely to be subject to attempted man-in-the-middle…
On 6th December researchers from the University of Birmingham found a security flaw that had 10 million banking app users at risk. The researchers have developed a tool to perform semi-automated security testing of mobile phone apps. After running the tool on a sample of 400 security critical apps, they were able to identify a critical vulnerability in banking apps; including apps from HSBC, NatWest, Co-op and Bank of America Health. This vulnerability allowed an attacker, who is connected to the same network as the victim (e.g., public WiFi or corporate), to perform a so called “Man in the Middle Attack”…
Security policies are as critical to safeguarding your networks as any new cybersecurity product. Joanne Godfrey, director of communications for AlgoSec explains how policies can be better managed Ever since the first firewalls were deployed on business networks in the early 1990s, enterprise security goals haven’t really changed: keep the bad guys out, and ensure that only authorized users and software are allowed to communicate over approved network paths. Sounds simple enough, right? And in those early days, those goals were relatively easy to achieve. Networks were smaller and less complex, with fewer devices, business applications and external connections. So,…
