The former CIA director Michael Morell has admitted that the leaker involved in the NSA Shadow Brokers leak might still be at work in the agency as, 15 months after the leak first occurred, they are still uncertain of what was stolen and whether there is more to come. Piers Wilson, Head of Product Management at Huntsman Security commented below. Piers Wilson, Head of Product Management at Huntsman Security: “For a former director of the CIA to admit that, 15 months after the initial Shadow Brokers breach, the leaker might still be employed there is a stunning admission. It once again highlights…
ISBuzz Team
Following the news that security flaw has been detected in office collaboration tool Huddle which has led to private documents being exposed to unauthorised parties. Huddle has confirmed instances of a corporate user logging on only to be re-directed to another company’s account. This is particularly concerning given that Huddle software is used by the Home Office, Cabinet Office, Revenue & Customs, and several branches of the NHS to share documents, diaries and messages. Geoff Webb, Vice President, Strategy at Micro Focus commented below. Geoff Webb, Vice President, Strategy at Micro Focus: “What we see here is a symptom of the increasing complexity of…
News broke yesterday that a cybersecurity company based in Singapore has already ‘beaten’ the latest facial recognition feature unveiled by Apple for their latest model, the iPhone X. Bkav says a 3D-printed mask costing just $150 (£115) to make has fooled the Face ID software, which is used to unlock the iPhone X, authorise payments and log in to apps. Terry Ray, CTO at Imperva commented below. Terry Ray, CTO at Imperva: “Nothing is 100% secure. Where there’s a will, there’s a way. The questions are: How much trouble would someone go to, and how much would they spend, to get your data? It’s important to note that the…
Yesterday, Big Brother Watch (BBW) published the ‘Police Access to Digital Evidence’ report which revealed 93% of UK police forces now extract data from seized devices. The report said: “Laws in this field remain murky, and rather than updating the existing laws to adequately address the complexities of new technology and data, the government has merely amended them, creating a patchy and far from technically detailed framework. But it is not just the laws which are complex and unclear. The details about how the police acquire, interrogate and retain data is also opaque.” Richard Stiennon, Chief Strategy Officer at Blancco Technology…
When it comes to expectations around the necessity for securing and protecting customer data, the EU General Data Protection Regulation (GDPR) is very clear. What isn’t quite as clear is exactly how organizations should go about securing their data. We don’t know what to expect when it comes to GDPR enforcement, and some regulations are left up to interpretation as to how organizations should design their strategy. Also, the path to compliance will probably be different for everyone, even though the end result will be the same. We are six months away from the GDPR compliance deadline of May 25, 2018.…
The distributed approach to cybercrime has forever changed the threat landscape. It was erected around a business model of maximising ROI — reusing tried–and–true attack methods rather than organically developing new ones, targeting as many victims as possible and automating the attack workflow. The WannaCry attack of 2017 is the perfect example of this approach in action. It used the NSA–developed EternalBlue exploit, affected businesses and individuals worldwide and spread like wildfire via a worm. However, attacks like NotPetya and the recent Ordinypt wiper targeting German businesses show another a new danger of the distributed approach — attackers using ransomware…
Multi-stage malware sneaks into Google Play Another set of malicious apps has made it into the official Android app store. Detected by ESET security systems as Android/TrojanDropper.Agent.BKY, these apps form a new family of multi-stage Android malware, legitimate-looking and with delayed onset of malicious activity. We have discovered eight apps of this malware family on Google Play and notified Google’s security team about the issue. Google has removed all eight apps from its store; users with Google Play Protect enabled are protected via this mechanism. Figure 1 – Six of the multi-stage downloaders discovered on Google Play None of the apps…
News broke overnight of a new banking trojan, discovered by security experts and christened IcedID. The trojan appears to still be in its development stages, but has been reportedly targeting financial institutions in the United States and Canada, as well as two in the UK. IT security experts are commented below. Andy Norton, Director of Threat Intelligence at Lastline: “IcedID is yet another raising of the bar by criminal groups to produce new and improved malware this time focused on stealing identity and financial data. So far, the security industry has responded with a very generic classification of IceID often labelling it Emotet or…
Businesses face far more than just fines for non-compliance with GDPR Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its research on the EU General Data Protection Regulation (GDPR). The report, based on research by Censuswide and sponsored by Thales, captures the perceptions of consumers and businesses on the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as the new regulation’s business impact. Half of UK consumers don’t believe commercial organisations care about their privacy, and many are prepared to take legal…
According to the Ponemon Institute’s Cost of Cyber Crime report – the overall, the cost of cyber security for companies rose 22.7 per cent last year to an average of $11.7m, mainly due to a rising number of security breaches. The price of a cyber attack varies significantly depending on the kind of breach a company suffers, a company’s size, industry and country, and how well prepared it was for an attack. The number of breaches is up an average 27.4 per cent year on year, The report was based on 2,182 interviews from 254 companies in seven countries. lia Kolochenko,…
