With reports of the New Android Marcher Variant Posing as Adobe Flash Player Update and stealing users’ financial information such as online banking credentials and credit card details, IT security experts commented below. Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort: “Masquerading as Adobe Flash Player Update is a classic malware technique. We have seen this recently in February 2017 with OSX/MacDownloader, which was a Mac Trojan built to steal passwords from the macOS keychain. It was posing as a fake Flash Player update, was found on the Mac of a human rights advocate and believed to originate from Iran. “Famous Russian APT Snake,…
ISBuzz Team
Professor Avishai Wool, CTO at AlgoSec, looks at how organizations can ensure all of their firewalls work together consistently and cohesively across large heterogenous networks The first commercial firewall, the DEC SEAL, shipped in 1992. 25 years later the firewall is still the core building block of organizations’ security infrastructures. Of course, it has evolved dramatically since those early days, with each stage of evolution adding ever more sophisticated security features. We’ve evolved from the stateful firewall which filters bi-directional traffic streams as whole, requiring users to write policies only for outgoing traffic, to the next-generation firewall (NGFW), which supports…
News broke earlier today that Britain’s parliament was hit by a “sustained and determined” cyber attack designed to identify weak email passwords. The House of Commons said it was working with the National Cyber Security Centre to defend parliament’s network and was confident it had protected all accounts and systems. IT security experts commented below. Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies: . “The UK National Cyber Security Centre are quantifying the extent of the breach at this stage and taking precautionary measures to limit any further impact to parliament computer systems. This should serve as a red light to all organisations,…
Earlier today, The Times reported that hackers are trading email addresses and passwords belonging to thousands of British politicians, ambassadors and other top officials online. The newspaper conducted an investigation, which found two massive lists of stolen credentials were put up for sale or traded on Russian-speaking hacking sites, which included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials. IT security experts commented below. Ryan Wilk, Vice President at NuData Security: “Data in the wrong hands can have a huge impact. Email addresses and password information, combined with other data on the consumer from other…
New research reveals global organisations gamble their business future on poorly designed network security solutions London, UK, EfficientIP, a leading provider of network services, today announced the results of its 2017 Global DNS Threat Survey Report. It explored the technical and behavioural causes for the rise in DNS threats and their potential effects to businesses across the world. Major issues highlighted by the study in its third year, include a lack of awareness as to the variety of attacks, a failure to adapt security solutions to protect DNS and poor responses to vulnerability notifications. These concerns will not only be subject…
European eID schemes provide 69% of ID information needed to digitally apply for financial services 3 European eID schemes provide all the necessary information Digital Identity Service Providers (DISP) are the key to bridging the gap Oslo, Norway, New research launched today by Signicat, the world’s first and largest identity assurance provider, shows that through electronic identity (eID) schemes in Europe, consumers are closer to being able to apply for financial services 100% digitally, although gaps still exist. The report, “The Rise of Digital Identities”, is based on exclusive Innopay research and looks at how eIDs are currently used to…
Following the news that the operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, IT security experts from Positive Technologies, AlienVault and Avast commented below. Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies: “The UK. gov’s Cyber Essentials scheme suffered a breach that allowed an attacker to access the contact details of companies within the scheme. Whilst this information is low value, this recent incident raises some important questions around the use of third party applications and how best to secure them. If you left the key to your front door with a neighbour how…
It is being reported that, beginning June 16 and continuing through today, players of Final Fantasy X1V have noticed that the game isn’t performing as expected. The publisher has announced that an influx of players is not the issue and, in fact, they have been experiencing DDoS attacks from “an anonymous third party”. Robert Hamilton, Director at Imperva Incapsula commented below. Robert Hamilton, Director at Imperva Incapsula: “DDoS attacks target all websites and networks. Attacks on gaming networks, which are more susceptible to latency and outage, are growing in frequency and severity. One of the reasons why gaming networks are attacked is that the players…
Following on from the story of a US judge losing $1m in an email fraud scam, John Wilson, Field Chief Technology Officer at Agari commented below. John Wilson, Field Chief Technology Officer at Agari: “This attack is so much worse than business email compromise because it targeted an individual, who instantly lost years of her savings. Unlike a consumer phishing scheme, where banks typically reimburse the customer’s losses, there’s no recourse for the victim. From the bank’s point of view, she instructed them to wire the money, and they simply carried out her instructions. This attack should serve as a…
Following the news that the Mirai IoT worm could be adapted to survive device robots, enabling hackers to build bigger and more disruptive botnets, Cesare Garlati, chief security strategist at prpl Foundation commented below. Cesare Garlati, Chief Security Strategist at prpl Foundation: “The Mirai worm that could be adapted to survive device reboots is a very harrowing example of why creating device hardware with a built in root of trust is so vital to the security of IoT. In essence, there is no device security if there is no signed/secure boot and this requires a resilient root of trust forged in the hardware…
