It has been reported that Kaspersky Lab security researchers have discovered a new ATM malware that targets only ATMs running on Windows 7 and Windows Vista. Travis Smith, principal security researcher at Tripwire commented below. Travis Smith, Principal Security Researcher at Tripwire: “The ATMii malware is very targeted, not only because it only supports Windows 7, but also because it is targeted to a specific ATM executable (atmapp.exe). According to Kaspersky’s initial report, this is a proprietary application, so it’s unlikely this specific malware variant will have a large impact on the ATM market world wide. Even with minimal impact, it’s…
ISBuzz Team
Hyatt is alerting customers about another credit card breach at some of its hotels – 41 hotels in 11 countries. This is the second major incident with the hospitality chain in as many years. Hyatt said its cybersecurity team discovered signs of unauthorised access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017. IT security experts are commented below. Lisa Baergen, Director at NuData Security: “This event, through the spring and early summer of this year, seems to involve properties in every country in which Hyatt does business. The harvested customer payment card data – including expiration dates and…
ESET researchers have spotted the first-ever ransomware misusing Android accessibility services. On top of encrypting data, the ransomware also locks the device. Detected by ESET products as Android/DoubleLocker, it is based on the foundations of a particular banking Trojan, renowned for misusing accessibility services of the Android operating system. However, DoubleLocker lacks the functions related to harvesting users’ banking credentials and wiping out their accounts. Instead, it has two other powerful tools for extorting money from its victims. DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in it – a…
Today Neustar released its bi-annual Global DDoS Attacks and Cyber Security Insights Report, affirming DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage on brands. Stephanie Weagle, VP at Corero Network Security commented below. Stephanie Weagle, VP at Corero Network Security: “Today’s DDoS attacks are far more sophisticated, deceptive and frequent than those of the past. The impetus of these attacks goes far beyond denying service; they are intended to disrupt and breach security barriers by acting as a smokescreen, hiding more sinister activities – usually data theft and network infiltration. This ‘Dark DDoS’…
It has been reported that security researchers have advised the patching of a critical vulnerability in the DNS client used in Windows. If ignored, the flaw could allow hackers to gain access to a target system. Josh Mayfield, Platform Specialist at FireMon commented below. Josh Mayfield, Platform Specialist at FireMon: “DNS clients are chatty, making more noise than just about any other system on a given network. All this chatter can be scooped up and repurposed for malicious takeovers (e.g. man-in-the-middle). The best way to mitigate this type of attack is by automating policy and risk assessments. Starting with policy, organisations can quickly identify the…
Richard Walters, Chief Security Strategist at CensorNet commented below on the latest developments around Accenture being found guilty of leaving sensitive company data on an unlocked (and unprotected) cloud server. Richard Walters, Chief Security Strategist at CensorNet: “Accenture are the latest company on the growing list of organisations that have been found to be storing sensitive information in Amazon S3 buckets configured for public access. And this is the worrying point – the buckets have been configured to allow public access. The default public permissions when creating a bucket are “Do not grant public read access to this bucket” – helpfully…
Survey data shows hackers are getting higher yields from targeted, determined attacks Neustar, Inc., a trusted, neutral provider of real-time information services, today released its bi-annual Global DDoS Attacks and Cyber Security Insights Report, affirming DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage on organisations. The report highlights that organisations experienced a 27 per cent increase in the number of breaches per DDoS attack, despite suffering similar attack levels in the same period last year. Data from the report shows attackers are achieving higher levels of success against organisations they only hit once: 52 per…
It was reported by The Times this morning that new technical A levels, named T-levels, will be introduced to give a skills boost in post-Brexit Britain. The qualifications will be taught from 2020 and the government has hailed the T-levels as amilestone in transforming technical education. Guita Blake, Senior VP & Head of Europe at Mindtree commented below. Guita Blake, Senior VP & Head of Europe at Mindtree: “The introduction of these new qualifications are a welcome addition to the UK education system and demonstrate a national commitment to the STEM agenda. The future of both the technology industry and the wider UK digital…
The government has today unveiled its Internet Safety Strategy, aiming to make Britain the safest place on the world to be online. Among the measures announced are compulsory school subjects providing online safety education and a new social media code of practice. IT security experts commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “It is positive to see the government considering the introduction of new compulsory school subjects on cyber safety. However, this will not be effective unless there is sufficient training and education available for teachers to deliver this. As we know, they already have to struggle with…
What is it like to be a HuMachine? Now anyone can learn. Kaspersky Lab has created an interactive, action VR movie to show how human intellect, big data and machine learning can be merged into a technological concept that powers world-class cyberthreat protection technologies to help keep people safe from the most sophisticated cyberthreats. Cyberthreats have evolved dramatically over the last 20 years. From primitive, harmless proof of concepts which could be spotted with the naked eye and disarmed by a single command, to powerful, invisible cyberwarfare programs capable of stopping factories and power plants. Protection technologies have evolved accordingly…
