Verizon 2017 Payment Security Report demonstrates a link between payment card security standard compliance and the ability to defend against cyberattacks Verizon 2017 Payment Security Report (PSR) Highlights: Payment Card Industry Data Security Standard (PCI DSS) helps protect payment systems from breaches and theft of cardholder data Of ALL the payment card data breaches Verizon investigated, no organizations were found to be fully compliant at the time of breach, demonstrating lower compliance with 10 out of the 12 PCI DSS key requirements The total number of organizations Verizon assessed achieving PCI compliance at interim validation has increased to 55.4 percent, up…
ISBuzz Team
Kaspersky Lab researchers provide technical details of Instagram vulnerability exploited by hackers to grab sensitive account info As reported by Instagram yesterday, criminals have been exploiting a bug in Instagram that allowed them to steal the credentials of Instagram users, including celebrities. Kaspersky Lab researchers who noticed the bug notified Instagram on Tuesday, 29 August and have shared a brief technical analysis with the social media network. The researchers discovered that the vulnerability exists in Instagram mobile version 8.5.1, released in 2016 (the current version is 12.0.0). The attack process is relatively simple: using the out-dated application, the attacker selects the reset password option…
Security researchers at Forcepoint have detected a new variant of banking Trojan TrickBot, which is now targeting crypto-currency wallets instead of traditional banking credentials. Cybercriminals have been evolving and enhancing TrickBot since its creation, adding new regional banks to its target list. It’s no surprise that cybercriminals are focussing their efforts on obtaining access to digital currency accounts given the popularity of those and enterprises are continuing to see a barrage of emails containing malicious docs and macro downloaders . The lure within the initial email that would find its way into end-user inboxes matches the theme of the attached MS Word document – that…
The Financial Times reported that Tech companies are already counting the cost of sweeping EU rules on data protection that will not be introduced until next year. A Financial Times survey revealed that the sector is scrambling to hire new staff and redesign products as it faces millions of dollars in higher costs and lost revenues. The FT contacted 20 of the largest social media, software, financial technology and internet companies with EU operations, about the bloc’s new General Data Protection Regulation. It comes into effect next May and will require businesses to adopt stricter standards for dealing with customer data.…
Newly documented Gazer backdoor identified as the latest tool used in espionage campaigns across Europe ESET, the leading global cybersecurity company, revealed the discovery of a new, advanced backdoor used by the notorious hacking group Turla. Dubbed Gazer, ESET researchers are first to document this newly identified backdoor, actively deployed since 2016, targeting consulates and embassies worldwide. Typical Turla traits Targeting European governments and embassies around the world for many years, Turla espionage group is known to run watering hole and spear-phishing campaigns to catch their victims. ESET researchers have seen Gazer, the newly documented backdoor, deployed on several computers around the world,…
The latest Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy, an evolution of the “Jimmy Nukebot” trojan. Experts from Cyphort and FireMon have commented on the malware, including technical aspects and advice for IT organizations. Dr. Mounir Hahad, Senior Director of the Cyphort Labs: “Using checksums for API obfuscation is not by itself something new. It is frequently used by malware to make it harder for static analysis engines (like the vast majority of desktop Anti-Virus products) to determine what the application is up. This modification to NeutrinoPOS makes it more difficult for AV engines…
News broke that second-hand electronics retailer CeX suffered a massive “online security breach” compromising the personal data and passwords of up to two million customers. The UK retailer said customers’ names, physical addresses, email addresses and phone numbers were compromised in the attack that saw “an unauthorised third party” illegally access its computer systems. IT security experts commented below. Bill Evans at One Identity: “As we all know, CeX is a pan-European retailer collecting and storing data on EU citizens as it transacts business across the UK and the European mainland. With GDPR looming, I wonder what this sort of breach would bring…
News broke that a huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer’s large-scale malware operation to bypass spam filters by sending email through legitimate email servers. IT security experts are commented below. Christian Lees, CTO and CSO at InfoArmor: “Several factors come to mind in consideration of this data disclosure.…
FOI requests of UK critical infrastructure providers have revealed that two-fifths have not completed basic cyber security steps recommended by the government. David Emm, Principal Aecurity Researcher at Kaspersky Lab commented below. David Emm, Principal Aecurity Researcher at Kaspersky Lab: “The world isn’t ready for cyber threats against critical infrastructure – but criminals are clearly ready and able to launch attacks on these facilities. We’ve seen attempts on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – and these are cases where organisations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting…
Eight members of the National Infrastructure Advisory Council (NIAC) have resigned just prior to issuing a report on the State of Critical Infrastructure in the US which shows that while there are ways to secure critical infrastructure, the Government is falling short of using existing tools effectively. NIAC was established in 2001 to advise the President on the security and resilience of our critical infrastructure sectors and their functional systems, physical assets and cyber networks. Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below. Bob Noel, Director of Strategic Relationships and Marketing at Plixer: “The departure of 8…
