News broke earlier this week that hacking group Carbanak has added a new JavaScript backdoor called Bateleur to its toolkit used to target restaurant chains across the US. Marta Janus, Senior Threat Researcher at Cylance commented below. Marta Janus, Senior Threat Researcher at Cylance: “Carbanak is one of the most sophisticated financial cybercrime groups of recent times. While carefully choosing potentially lucrative victims, they combine complex techniques used in targeted attacks with the effectiveness of wide-spread malware. They maintain high profitability by constantly improving and updating their toolkit to evade security solutions. “The most recent addition to the Carbanak crimeware set, a…
ISBuzz Team
Following news that the television network HBO has been hacked in which TV titles like Game of Thrones and Ballers have been published online, SailPoint, the identity company commented below. Kevin Cunningham, President and Co-Founder at SailPoint: “The cyberattack that targeted HBO, which included a remarkable 1.5 terabytes of data stolen, also involved email correspondence that could be leaked. “While HBO took a very proactive approach to notify employees before news of the hack broke, this breach is another example of how unstructured data stored in files, creates significant risks for organisations as it relates to exposing sensitive data. Even though that…
Reports are coming in that “more than $140,000 (£105,000) worth of bitcoins paid by victims of the WannaCry ransomware outbreak have been removed from their online wallets. It has been nearly three months since infections struck organisations worldwide, including the NHS, which faced days of disruption as a result. The bitcoin activity was noticed by a Twitter bot set up by Quartz journalist Keith Collins.” Ilia Kolochenko, CEO of web security company, High-Tech Bridge, comments around bitcoin laundering. Ilia Kolochenko, CEO at High-Tech Bridge: “Professional cybercriminals have well-established contacts with organized crime, financial institutions and even law enforcement agencies. It’s a not a…
One Hour Translation, the world’s largest online translation agency, surveyed around 71,000 translation projects about cyber-security during 2016 and 2017 The survey showed that governments and companies all over the world are equipping themselves with the best insights available in the English-speaking world to prepare themselves for a rise in cyber-security threats Lehi, Utah, August 1, 2017 – The growing wave of cyber-attacks that is shaking countries all around the world caused a surge in demand for translations in the cyber-security field in 2017. The target languages of cyber-security practitioners include surprising languages such as Danish. One Hour Translation, the world’s…
A new bill has been introduced in Congress which aims to prohibit the production of IoT devices if they can’t be patched or have their password changed. The bill also calls for federal agencies to have the freedom to purchase non-compliant IoT devices should this legislation pass, if they get approval from the US Office of Management and Budget. Travis Smith, Principal Security Engineer at Tripwire commented below. Travis Smith, Principal Security Engineer at Tripwire: “As it stands now, the S in IoT stands for security. This bill will help to resolve some of the known issues plaguing so many IoT devices being…
There are reports of a security flaw that made 175,000 IoT cameras vulnerable to becoming spy cams for hackers and could allow malicious activity. Ryan Lester, Director of IoT Strategy at Xively by LogMeIn commented below. Ryan Lester, Director of IoT Strategy at Xively by LogMeIn: “The importance of rigorous security assessment at the outset of any Internet of Things project cannot be overstated. Cutting corners and using security shortcuts, such as generic authentication, might speed up the development phase but can be quite risky and negatively affect consumer confidence in the long term. The Internet of Things comes with a whole new set…
According to the latest SANs survey, 40% of responding organizations felt that insider threats were the most damaging threats facing their companies and almost half were formulating an incident response plan to address this specific threat. The threat insider report can be found here. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “No-one wants to believe that an employee would act maliciously but trust isn’t a strong enough security defense. Mistakes can happen too and when it comes to ICS and critical infrastructure, security measures must not be built on blind faith.Technological advances now…
According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector. Following this news, Edgard Capdevielle, CEO at Nozomi Networks, shared his thoughts on the role of insider threats in securing industrial control systems. Edgard Capdevielle, CEO at Nozomi Networks: “No-one wants to believe that an employee would act maliciously but…
It has been reported this morning that British Home Secretary Amber Rudd is urging messaging apps like WhatsApp to ditch end to end encryption as ‘real people do not need it’; the home Secretary is arguing that the feature is only aiding terrorists. Her statement has been met with widespread criticism. Below is some comments on this news, from Cybersecurity Experts in the industry. Lee Munson, Security Researcher at Comparitech.com: “If normal people do not need end to end encryption, I’d love the Home Secretary to explain who such people are. From family conversations to the exchange of authentication information, lovers’ secret words…
Recently, a senior threat intelligence analyst for Mandiant, a security company acquired by FireEye in 2014, recently became the victim of a security breach wherein the contents of his inbox were posted online with the “Operation #LeakTheAnalyst” hashtag and social media accounts were infiltrated and modified. Andrew Clarke, an EMEA Director at One Identity commented below. Andrew Clarke, an EMEA Director at One Identity: “This is a wakeup call to the entire security market. “Even the most aware security users get caught out – that only goes to show that companies cannot do enough to protect their users. For years,…
