It has emerged that a software bug was at fault for accidently losing $300 million in cryptocurrency. This follows a previous bug that led to the theft of $32m in July. Ethereum, arguably the second most important cryptocurrency, after Bitcoin, is currently looking in to ways of rectifying the situation, but should have it been allowed to happen in the first place? Richard Lowe, Head of UK BFSI (Banking, Financial Services and Insurance) at SQS, believes that for cryptocurrency to be more widely accepted by the public, providers must earn their trust by doing everything in their power to avoid software bugs.…
ISBuzz Team
In response to the news that University of East Anglia leaked confidential health details to hundreds of students in a mass email, Matt Lock, Director of Sales Engineers at Varonis provides an insight below. Matt Lock, Director of Sales Engineers at Varonis: “The leakage of personal information is becoming commonplace: Academic institutions are prime targets for cyber criminals: A large university often has sensitive personal identifiable information (PII) and protected health information (PHI) on tens of thousands of students. It’s important for universities to secure their data, educate their employees and contractors to ensure they have good cyber hygiene and…
In its predictions 2018 report, Forrester analysts predict that hackers will be mounting more ransomware and data stealing attacks at IoT systems. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “With ransomware attacks on the rise and the prevalence of IoT device vulnerabilities, IT teams must place an increased emphasis on people, process and technology in the name of incident response. Network traffic analytics (NTA) technologies will play a key role in reducing risk. IoT devices are purpose-built, with a narrow set of normal communication patterns. Security teams can easily use Networking Traffic Analysis (NTA) to…
It is being reported today that a Netflix phishing scam which has been circulating for some time has managed to dupe even sophisticated Internet users into providing personal information, and successfully bypassing security software. Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools commented below. Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools: “Part of what makes this scam appear so legitimate is the attackers re-purposing once valid Internet real-estate. Attackers are starting to realize squatting on old, once legitimate domains buys them time to setup and iron out any inconsistencies with their attack infrastructure. This in essence allows the attacker to ‘fly under the radar’ for a period…
Edgard Capdevielle, CEO at Nozomi Networks: “The views expressed at the Senate hearing yesterday highlight just how challenging the evolving threatscape is for organisations – whether its data or critical infrastructure they’re trying to protect. Governments and private industry need to expand collaboration and intelligence sharing to defend from such attacks and organizations need to deploy the most advanced defences to rapidly identify and mitigate cybersecurity threats whatever form they take, and whoever is behind them. One example is the International Electrotechnical Commission’s working group (IEC’s WG15) that brings together ICS operators, SCADA engineers, security and networking experts representing 90…
During her testimony at a Senate hearing on Wednesday, former Yahoo CEO – Marissa Mayer said that “Even robust defenses and prosecutors aren’t sufficient to protect against the state-sponsored attack, especially when they’re extremely sophisticated and persistent.” IT security experts commented below. Jason Garbis, Vice President, Products at Cyxtera: “Former Yahoo CEO Marissa Mayer’s testimony during the US Senate hearing raises an important issue that requires more consideration and debate. Mayer contended that robust defenses aren’t enough to protect against advanced persistent threats (APT). Certainly, APTs present an enormous cybersecurity challenge. They are particularly dangerous because attackers lay-low and go slow,…
News broke yesterday of a new ransomware discovered by security researchers from G Data Security, which is targeting German users, and intentionally destroying files, with the initial email and ransom note also written in German. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “Ordinypt, is a mysterious case. The method of infection has been documented for at least 6 months, it is essentially a fake email HR job application using the same photo but changing the female applicants name and updating the payload to reflect this. In this case the name used was Viktoria Henshel, but previous versions of this…
YouTube has announced measures designed to restrict children’s access to disturbing content – particularly videos showing children’s characters in violent or sexual scenes. David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “With technology being such an everyday commodity, kids are becoming more and more tech savvy about the internet and exploring its contents. Video content sites such as YouTube are deliberately intuitive which makes their content easily accessible, but does not always display content suitable for children’s eyes. Music videos featuring violence, guns and nudity, clips of post watershed television programmes…
It has been revealed that security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. This in turn can allow a hacker global access to metadata in the developers Twilio accounts, including messages, call metadata and recordings. Josh Mayfield, Director at FireMon commented below. Josh Mayfield, Director at FireMon: The Eavesdropper vulnerability brings a new flavor to the mobile threats organisations face. By hardening code credentials, the attackers can exploit the details of a user across any Twilio enabled apps. This means that only one malicious app can begin to…
A salary survey conducted by Hays has revealed that the demand for cybersecurity skills is pushing up pay rates for the profession by more than 10%. The results have been drawn from the pay increases won by cybersecurity workers. The trend is also driven by the skills shortage in the sector, as well as the pressure on organisations to deal with rising cybercrime. Notably, non-cybersecurity IT security experts commented below. Greg Day, VP &CSO, EMEA at Palo Alto Networks: “The Hays survey findings on security professionals’ pay rises confirms how valuable cybersecurity talent is to British business and the digital…
