Viacom’s mishandling of its master AWS key has left the digital properties of entertainment companies such as Comedy Central, Paramount and MTV exposed. IT security experts from Prevalent, Inc., leaders in third party risk management and vendor threat intelligence commented below. Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy at Prevalent, Inc.: “Another day, another vendor fails to follow basic operational security measures. It’s become an all-too-frequent theme. Viacom fails to employ basic security protocols on servers that essentially contained the “keys to the kingdoms” of their customers. The fact that there have been no confirmed (at least publicly) instances…
ISBuzz Team
A new Android Trojan named “Red Alert 2.0” has been discovered and has targeted banks and social apps. Although it has some of the same capabilities as most other Android banking Trojans there are other functions that have not been seen in other Android banking Trojans. Josh Mayfield, Platform Specialist at FireMon commented below. Josh Mayfield, Platform Specialist at FireMon: “In the context of enterprise BYOD (bring your own device), many organisations are using containers to control what a personal mobile device can do. This falls in line with the continued evolution of the identity becoming the new perimeter. No…
While 99% of Organizations Look to Align Risk and Performance Indicators to the Cybersecurity Framework, Automation and Staffing Remain a Hindrance Secaucus, NJ – Rsam, a leader in governance, risk and compliance (GRC) enterprise software solutions, today released the results of a recent study it conducted with more than 150 security practitioners, on their adoption plans for the NIST Cybersecurity Framework (CSF). The company surveyed IT security professionals during a recent NIST CSF discussion about a range of factors that contributed to their ability or inability to successfully implement the framework. The findings showed that organizations are paying attention to the…
At the moment hackers use automated software to carry out large-scale attacks. As the artificial intelligence industry is involved in creating next-generation machines it would not be long until AI is used by hackers to deploy ransomware to targets worldwide. AI Development Is Considered a Priority by Governments and the Industry Artificial intelligence has become a highly competitive industry that is expanding rapidly thanks to the investments made by the high-tech corporations and state governments worldwide. The prospects of using the state of the art agents in various fields has benefits both to the financial expenditures and the tasks…
New research from F5 finds only 51% of companies have an established IT security strategy SINGAPORE – Today at Singapore International Cyber Week, F5 Networks (NASDAQ: FFIV) released a comprehensive report on the evolving nature of the CISO role and the IT security approaches organizations around the world are taking in today’s constantly shifting threat landscape. The report finds that as IT security increasingly becomes a priority, CISOs’ influence within companies is growing; however, security strategy in many organizations is still largely reactive and not yet aligned with business functions. Conducted by the Ponemon Institute, the findings are based on interviews with senior-level IT…
Following the news that 3.12tb of data was stolen from music streaming service Vevo late on Friday, Sam Curry, Chief Security Officer at Cybereason commented below. Sam Curry, Chief Security Officer at Cybereason: “While we don’t yet know a lot of the specifics on the Vevo breach, if it is phishing related the best answer to these continued breaches is that we must improve technology. There is no silver bullet to preventing phishing scams, as long as users are involved. The security industry needs to design technology for how users really behave and not some mythical ideal user. Like some 1980’s public service announcement to…
Beckie Neumann, product manager, RiskIQ, a digital threat management leader To state a few universal truths in Digital Threat Management: The Internet is really big and contains a vast number of digital threats. Not all threats pose the same level of risk to an organization—some are minor annoyances while others constitute genuine crises for a business. Despite common knowledge of these facts, practitioners of Digital Threat Management still often find themselves faced with a choice that, in reality, they don’t have to make. A., a comprehensive approach to threat detection at the risk of unleashing a flood of alerts or B.,…
Music video company Vevo has just confirmed it was breached by a phishing attack on LinkedIn, with 3.12TB of data leaked by the OurMine hacker group. Fraser Kyne, EMEA CTO at Bromium highlighting that while users remain the last line of defence, attacks like this will continue to occur. Fraser Kyne, EMEA CTO at Bromium: “Unfortunately this is yet another example of an organisation relying on the weakest link, its users, to protect against cyber threats. Hackers will always manage to hook a user on the line with a phishing attack, especially as these scams are becoming very well targeted and very well…
The University of Edinburgh have released results from a new study that reveals how personal information can be stolen from Fitbit fitness bands. Researchers analysed the Fitbit One and Fitbit Flex wristbands, and discovered a way of intercepting messages transmitted between fitness trackers and cloud servers – where data is sent for analysis. This allowed them to access personal information and create false activity records. Dan Lyon, principal consultant at Synopsys commented below. Dan Lyon, principal consultant at Synopsys: “The recent article on Fitbit highlights a vulnerability that enables someone with physical access to the Fitbit to extract specific data from the device. Currently the attack requires physical…
Following the news about Alaska Voter Data Leak, Zohar Alon, Co-founder and CEO at Dome9 commented below. Zohar Alon, Co-founder and CEO at Dome9: “In this era of pervasive data-driven sales, marketing and operations, data is the raw material for successful businesses and political campaigns. It is more important than ever to define strict controls and practices for the handling of sensitive data, especially when there are multiple vendors touching the data. Attackers are looking for two things: repositories with data of value to organizations and weak security practices. As more data makes its way to the public cloud and security practices around CouchDB become…
