Overview Since the beginning of 2017, ESET researchers have been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Standing out because of its prevalence and its sophistication, Stantinko turned out to be quite a puzzle to solve. Slowly putting the pieces together, the global picture began to take shape, exposing a massive adware campaign affecting approximately half a million users. Making heavy use of code encryption and rapidly adapting so as to avoid detection by anti-malware, Stantinko’s operators managed to stay under the radar for at least the last five years, attracting very little attention to…
ISBuzz Team
News broke yesterday that Ninebot, the company behind Segway hoverboards, has issued new firmware to fix various security flaws that allow an attacker to connect to and take over users’ devices.The flaws were discovered last year by Thomas Kilbride, a security researcher for IOActive, who contacted the company in private and disclosed his findings. Chris Schmidt, Senior Security Research Manager at Synopsys commented below. Chris Schmidt, Senior Security Research Manager at Synopsys: “This is exemplary of what a real-world attack would look like; those responsible for implementing each of the involved components very likely have little-to-no interaction with each other during crucial phases of design, resulting in a…
Business Email Compromise (BEC) netted cybercriminals $5.3 billion over the last 3 years as compared to $1-billion dollars for ransomware according to Cisco’s 2017 Midyear Cybersecurity Report. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “Business Email Compromise (BEC) attacks are a new twist on an old scam – getting hustled. BEC often goes unreported publicly. BEC attacks do not damage systems, but rather can trick an employee into transferring money at what seems to be the request of an executive. Since no personal data is compromised in such an attack, there is no legal responsibility…
Cisco is predicting that there will be more cyber attacks designed to destroy systems. Cisco’s 2017 Midyear Cybersecurity Report cited the latest NotPetya attack which is designed to wipe a computer system, as the first of many attacks that will be even larger to come. Edgard Capdevielle, CEO at Nozomi Networks and Corero Network Security commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Destruction or disruption of service” (DeOS) has long been the number one concern of critical infrastructure operators when it comes to cybersecurity risk. Now is the time for company boards to take proactive steps to review their security…
According to recent news reports, millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, named Devil’s Ivy, was identified by researchers who singled out high-end security cameras manufactured by Axis Communications. The researchers at Senrio said that 249 models of 251 Axis cameras are vulnerable to Devil’s Ivy. IT security experts from Synopsys commented below. Chris Schmidt, Senior Manager – Research at Synopsys: “Pervasive vulnerabilities in third-party libraries are a well understood problem and highlights something that we, as a community…
Why quality and earned consumer trust will be key to entering the household More and more connected devices are released onto the market every day, making the futuristic utopia of the sixties cartoon series The Jetsons, now seem an imminent reality. Hanna-Barbera’s futuristic imagination brought robots, holograms and flying cars to our TV screens. Over 50 years later, robots are entering our homes, holograms are taking the place of live performances and flying cars are being tested. The connected home is no longer a futuristic concept, it’s a reality. The most successful connected devices are those that make our lives…
In light of the news that thieves have found ways to hack into and steal Teslas, Alexander Moiseev, Chief Sales Officer at Kaspersky Lab commented below. Alexander Moiseev, Chief Sales Office at Kaspersky Lab: “Today’s cars are becoming more and more like computers on wheels – with every generation, they adopt more sophisticated digital technologies in order to increase fuel efficiency, safety and comfort levels. While new technology offers great advantages to drivers, it also brings risks. As with other areas of online life, something as a simple as poor password protection could, quite literally, leave the door open to criminals.…
Asher Benbenisty, Director of Product Marketing at AlgoSec examines current cloud adoption trends and how organizations can select the most suitable locations for their applications With cloud infrastructures expected to outstrip on-premise networks by 2020, many have anticipated that the move to the cloud would become a standardized, linear journey for enterprises. Organizations would start by migrating specific business applications to the cloud, such as their email, before moving increasing amounts of their network infrastructure into virtualised environments and thus using a hybrid of on-premise and cloud networks. Eventually, it was envisaged, their entire IT infrastructure would be run in the…
News broke earlier today that in an effort to keep Android users safe from malware on their phones, Google is rolling out its Play Protect security features to all devices running Google Mobile Services 11 and up. Google says it’ll automatically scan apps from the Play store that are installed on your phone to ensure there’s no funny business; apps that don’t play nice will be blocked or removed from your device. Giovanni Vigna, CTO and Co-Founder at Lastline commented below. Giovanni Vigna, CTO and Co-Founder at Lastline: “Continuous monitoring of Android applications by Google is going to improve the security of the Android ecosystem. Having…
ESET, a global leader in cybersecurity, has investigated and identified a complex threat posed by a new strain of malware that has so far affected half a million users. Dubbed as Stantinko, ESET’s latest white paper analyzes this highly inconspicuous malware which tricks victims into downloading pirated software from fake torrent sites, and that has continually morphed to avoid detection for the last five years. Targeting mainly Russian speakers, Stantinko is a network of bots which is monetized by installing browser extensions that inject fake ads while surfing the web. Once installed on a machine it can perform massive Google…
