News broke that in the wake of the massive hack of Equifax, U.S. banks are leveling up their anti-fraud game in response to the fact that 143 million Americans have now had their official data stolen. That is about half of the population of the U.S. — and the vast majority of the adult population. Lisa Baergen, Director at NuData Security commented below. Lisa Baergen, Director at NuData Security: “With the amount of personal information that has been stolen this year, it is almost impossible for banks to come up with additional screening questions that can’t be answered by hackers. The dynamically and rapidly evolving authentication landscape…
ISBuzz Team
Are you sharing the same IP address as a criminal? Law enforcement call for the end of carrier grade nat (cgn) to increase accountability online. Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “Unfortunately, CGN is not the only challenge when enforcing enacted laws and prosecuting cybercrime. A great wealth of currently available VPN service providers that you can purchase for bitcoins open up new opportunities to all kinds of digital offenders and predators. Public wireless networks are also a very serious problem, because in most public places video control is either unavailable or…
One of the latest high profile phishing attacks affecting the UK has seen a new social engineering scam impersonating HM’s Revenue & Customs (HMRC) to trick victims into downloading malware. This time, the phishing attack is disguised as an HMRC VAT return document which contains links to JRAT malware. The email was even sent using a HMRC-like domain hmirc-gov.co.uk In response to this, Amy Baker, VP at Wombat Security Technologies suggests that relying on cyber-security technology could be one of the reasons that people keep on falling for these kinds of attacks. Amy Baker, VP at Wombat Security Technologies commented below.…
Organizations are not managing Secure Shell (SSH) in their IT environments, exposing critical systems and data to cyberattacks, according to new research from Venafi. Justin Jett, Director of Audit and Compliance at Plixer commented below. Justin Jett, Director of Audit and Compliance at Plixer: “The risk of poorly managed SSH keys is that anyone with one of these keys has access as long as they have a way to connect to the end system. This could be either a server with a public facing IP or an employee that has the key on the local network. Network traffic analytics plays…
In response to the news about teen-centric social media site “I Heart It’s” reported breach and exposure of emails and passwords, PII, NuData offers commentary on the importanc of data security for kids’ and teen’s data. Kids are covered by COPPA, but only until they’re 13. Lisa Baergen, APR, MCC, Marketing Director at NuData Security Inc. commented below. Lisa Baergen, APR, MCC, Marketing Director at NuData Security Inc.: “This is the sort of mass email theft with login credentials that raises giant concerns about fraudsters targeting teens. They’re an especially vulnerable population for many reasons, including the fact that they’re on the cusp of…
In light of the recent news of Microsoft’s ‘secret’ internal database breach, Dmitri Alperovitch, CTO & Co-founder at CrowdStrike commented below how this is a serious threat with multi-dimensional consequences for anyone using Microsoft products. Dmitri Alperovitch, CTO & Co-founder at CrowdStrike: “The compromise of Microsoft’s database highlights that everyone is vulnerable to sophisticated intrusions. From the adversary perspective, having access to critical and unfixed vulnerabilities is the “holy grail.” We may be seeing the ripple effects of this hack for some time and many businesses may end up suffering stealthy compromises. The key question to answer is how long they may…
News broke yesterday evening that Pizza Hut customers are reporting fraudulent activity on their cards, after the pizza giant reported a card breach. The company have suggested only a few accounts were breached, but users are suggested they were not informed until two weeks after. IT security experts commented below. Marco Cova, Senior Security Researcher at Lastline: “While Pizza Hut are suggesting this breach wasn’t particularly serious in terms of the volume of customers affected, there are certainly some best practices that were not implemented around this breach. Waiting two weeks to inform the users affected means that the individuals were unable to block…
It was reported yesterday that millions of high-security crypto keys could have been crippled by a newly discovered flaw. A crippling flaw in a widely used code library, developed by German chipmaker Infineon has fatally undermined the security of millions of encryption keys. Jon Geater, CTO, Thales eSecurity provides an insight on this news below. Jon Geater, CTO at Thales eSecurity: “While the effects of this latest flaw are concerning, it’s interesting to note that this is far from the first time it’s happened. Generating high quality signing keys from high quality entropy and key generation processes is absolutely fundamental,…
This Saturday marks a year since the DDoS attack on Dyn which disrupted internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, and Spotify. Dr. Malcolm Murphy, Chief of Staff EMEA at Infoblox commented below. Dr. Malcolm Murphy, Chief of Staff EMEA at Infoblox: “Last year’s DDoS attack on Dyn underscored the fact that the domain name server, or DNS, remains extremely vulnerable. DNS is the one of the most critical services in organisation’s infrastructure and without it almost all business applications and services are unreachable, bringing a business to a grinding halt and impacting revenue, brand, reputation and customer satisfaction. “Last…
Asher Benbenisty, Director of Product Marketing, looks at why it is essential for enterprises to take an application- centric approach to firewall rule recertification, and shows how to simplify and automate this challenging process We’re all familiar with the use-by dates on food packaging. They tell us when foods, especially those with fresh or perishable ingredients, could pose a health risk if we eat them after the use-by date has expired. But when was the last time you checked the use-by dates on the firewall rules that are in use across your network? Outdated and obsolete rules pose a significant…
