Microsoft has just released their patches for the month of November and Greg Wiseman, Rapid7’s Senior Security Researcher has provided his thoughts below. Greg Wiseman, Senior Security Researcher at Rapid7: “Web browser issues account for two-thirds of this month’s patched vulnerabilities, with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these are classified as Critical (allowing code execution without user interaction). This is no surprise, as browser bugs are typically well represented on Patch Tuesdays. On top of this are five Adobe Flash Player vulnerabilities, all of which are classified as Critical Remote Code Execution (RCE) bugs. In…
ISBuzz Team
With an increase in online donations, charities are no less vulnerable than any other organisation when it comes to cyberattacks, and with the costs of being unprepared so high, this is something charities can ill afford. David Emm, Principal Researcher at Kaspersky Lab commented below. David Emm, Principal Researcher at Kaspersky Lab: “The threat of cyber-attacks is very real, and no business or individual is immune from online crime. Any organisation in today’s digital world is vulnerable and charities face the same risks as any other sector. Every charity with some form of online presence can be attacked – through…
Facebook has asked for users to send the company their nude photos in an effort to tackle revenge porn. As part of a project being trialled in Australia, where, if you fear someone might use an image for “revenge porn”, you submit it to be “hashed”, which will stop anyone else uploading the a copy of the image. Would you trust Facebook with your pictures? Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “The only safe nude photos, are the ones that aren’t taken. Unfortunately, the issue of revenge porn, or unwanted distribution of compromising photo’s…
New human-centric security features bring together cloud access, data protection and network security capabilities to identify, adapt and respond to risk Global cybersecurity leader Forcepoint today introduced new features across its human-centric security portfolio that deliver critical visibility, efficacy and enforcement capabilities to enterprises and government agencies. Forcepoint is releasing more than 40 new software and hardware features across its Forcepoint Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Next-Generation Firewall (NGFW) and User and Entity Behavior Analytics (UEBA) products that enhance the understanding of user behavior and data flow throughout an enterprise or government organization to rapidly identify and eliminate risk. These capabilities work together as an intelligent ‘Human…
Security researchers have discovered an exploit within an Antivirus software that takes advantage of the “restore from quarantine” function and allows a user to move a piece of malware from the quarantined folder to somewhere else on the victim’s computer, allowing the malware to be executed. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “This is not the first time we’ve seen evidence of attackers targeting security software directly in order to push malware or compromise clients. It is a reminder that IT security vendors need to pay as much attention to their own security as…
Private Browsing (referred to as InPrivate in Internet Explorer, Private Browsing in Mozilla Firefox, and Incognito mode in Google Chrome) is a unique privacy mode where the browser doesn’t save browsing history, cookies and site data. Privacy mode can offer you some protection from prying eyes. By using a secret browsing session, you can keep your search history and browsing data somewhat secret. Not only this! You can also minimize your personal search history, protect yourself when you’re not on your computer, block websites from collecting your personal information, sign into multiple accounts and search something private. But the Internet…
It’s being reported today that Fancy Bears hacking group have changed the tactics of a phishing campaign which uses a Microsoft exploit to install malware to focus on the US instead of Europe. They have done this by encouraging users to click on ‘US-centric’ topics exploiting fears around the recent terrorist attack in New York. IT security experts commented below. Dan Matthews, Director of Engineering at Lastline: “It is not surprising that even advanced threat actors are learning about and using publicly disclosed attack techniques via Twitter feeds, blog posts and other social media outlets. The internet was designed to be an information equalizer, allowing distant research institutions to collaborate.…
TrendMicro’s latest research suggested that unsecured and dated Windows operating systems are the weak link when it comes to cyber attacks on critical infrastructure systems. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “There is a number of opinions as to what poses the biggest risk to critical infrastructure – be it old Windows systems, unsecure and legacy industrial devices, targeted malware, operator error, etc. However, what isn’t debated is the damage that can be inflicted. As illustration, cyber criminals exploited existing Windows XP vulnerabilities and targeted aging infrastructure with the weaponised WannaCry malware, successfully compromising systems connected…
News broke today that the University of East Anglia in Norwich accidentally leaked an employee’s confidential and sensitive health information in a mass email sent to hundreds of postgraduate research students. The email was sent on Sunday (5 November) afternoon to about 300 students in the social science faculty which included the personal health information of a member of staff. Andrew Clarke, EMEA Director at One Identity commented below. Andrew Clarke, EMEA Director at One Identity: “Throughout 2017, we have seen a dramatic increase in the number of data breaches – either malicious or through accidental actions. When personal information is released it…
A new Kaspersky report has found that 78% of young women in Europe would never consider a career in cybersecurity or IT. The report found they have made this decision by the age of 16. Just 11% of the cybersecurity industry is currently female, and with the ongoing, worsening IT skills shortage, these findings paint a worrying picture. Trish Burridge, Director of Consulting Services EMEA at Skillsoft commented below. Trish Burridge, Director of Consulting Services EMEA at Skillsoft: “Not only are these worrying statistics for the industry, but the corporate landscape as a whole. Every industry in some way has been disrupted…
