Analysts Examine Industry Trends at Gartner Security & Risk Management Summit, 12-15 June 2017, National Harbor, MD NATIONAL HARBOR, MD – Gartner, Inc. today highlighted the top technologies for information security and their implications for security organisations in 2017. Analysts presented their findings during the Gartner Security & Risk Management Summit, being held in the US through Thursday. “In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attackers improve their capabilities, organisations must also improve their ability to protect access and protect from attacks,” said Neil MacDonald, vice…
ISBuzz Team
News broke earlier this week that some Mazda cars can be easily hack into, by using a USB flash drive plugged into the dashboard to exploit a series of bugs, which have been known about for a number of years. Art Dahnert, Managing Consultant at Synopsys commented below. Art Dahnert, Managing Consultant at Synopsys: “This kind of story is indicative of the nature of Hot Rodding or in this case Hacking. They are so very similar. Basic curiosity turns into focused reality, where the “hot rodder” or “attacker” is now able to use the vehicle’s technology in a way that it wasn’t designed to be used. The…
Following the breaking news that ESET discovered ‘Industroyer’, a malware that is the biggest threat to critical infastructure since Stuxnet (the malicious worm that was responsible for causing substantial damage to Iran’s nuclear program), IT security experts commented below from cyber security professionals on this latest discovery. Paul Edon, Director at Tripwire: “Historically Industrial networks have used airgap and diode-based architecture to defend against the risks associated with corporate intranet and Internet communications. However, due to economic pressures i.e. increasing costs and decreasing numbers of skilled resources, it has become necessary for many organisations to centralize some of the management and control functions that…
DevOps Processes Provide Meeting Ground for Collaboration and Change BURLINGTON, Mass. Veracode, a leader in securing the world’s software, and acquired by CA Technologies (NASDAQ:CA), today announced the results of a study examining the relationships between application developers and security teams. The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to the research, 58 percent of survey respondents stated their organization is…
It has been reported that Microsoft will be patching Windows XP+. This emergency fix contains previously released patches for Windows bugs exploited by NSA exploits leaked by the Shadowbrokers. In response to this news, Andrew Clarke, EMEA Director at One Identity has offered some insight as to whether this is a good idea, and what implications it may have RE normal people taking accountability for their own system safety. Andrew Clarke, EMEA Director at One Identity: “Recently, Microsoft released patches for operating systems that were heretofore categorized as “out of support.” Is this a smart move by Microsoft? Is it a good…
News broke yesterday that the U.S. government issued an alert on the activities of a hacking group it called “Hidden Cobra,” saying the group was part of the North Korean government. The joint alert from the U.S. Department of Homeland Security and the Federal Bureau of Investigation said that “cyber actors of the North Korean government” had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally. Tim Matthews, Vice President at Imperva commented below. Tim Matthews, Vice President at Imperva: “The research suggests that North Korea has connections with two well-known hacker groups, The Lazarus Group, responsible for…
Following the news about hackers allied with the Russian government have devised a cyberweapon that has the potential to be the most disruptive yet against electric systems. The malware, which researchers have named CrashOverride, is known to have disrupted an energy system in Ukraine last December. Ladislav Zezula, Malware Researcher at Avast commented below. Ladislav Zezula, Malware Researcher at Avast: “CrashOverride, after infiltrating the computer that controls the electric power system, sends a “turn off” command to the power system controller. This results in a blackout. The malware also has the capability to damage the controller PC beyond the point of…
DDoS attacks are gaining speed according to the latest Nexusguard Q1 2017 DDoS Report. The report shows that DDoS attack volumes have increased by 380% since the same time last year, based on 16,600 attacks. Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below. Bob Noel, Director of Strategic Relationships and Marketing at Plixer: “Unless IoT security becomes a point of focus for manufacturers and users, this growth trend of DDoS attacks will not slow down. The rapid expansion in the number of infected IoT devices has established vast botnets, like Mirai, Hajime, and Shishiga. Botnets like…
It was reported today that The Information Commissioner’s Office (ICO) has hit Gloucester City Council with a £100,000 fine after hackers took advantage of the Heartbleed flaw months after it had been patched. The full story can be found here. Paul Farrington, Manager, EMEA Solution Architects at Veracode commented on this news below. Paul Farrington, Manager, EMEA Solution Architects at Veracode: “The latest fine imposed by the ICO, on Gloucester City Council is an unfortunate outcome for this public body. Vendors like Veracode in 2014, were offering free scans, with ‘no strings attached’. Such, was the importance of addressing Heartbleed, which is a…
‘User Risk Report’ finds distinct differences in personal security habits and vulnerabilities among international respondents PITTSBURGH – Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announced the release of its “2017 User Risk Report,” which provides an analysis of admitted personal security behaviors of U.S. and U.K. workers that play a major role in securing information, devices and systems at work and at home. Wombat surveyed more than 2,000 working adults — 1,000 in the U.S. and 1,000 in the U.K. — about cyber security topics and best practices that are fundamental to data and network security, including mobile device habits…
