News has broken today that two new forms of malware have emerged (one spyware, the other ransomware) that target Macs specifically and are being offered for free on the dark web by their creators. Pete Turner, Consumer Security Expert at Avast commented below. Pete Turner, Consumer Security Expert at Avast: “The discovery of new ransomware and spyware variants which target Mac OS is hardly surprising, given the increase in open-source ransomware programs and licensed malware development found on hacking forums. “Despite the smaller install base of Mac OS making any malware or ransomware strains less profitable for cybercriminals, it was…
ISBuzz Team
With the news that defibrillator drones are being used to save lives before ambulances arrive, Colin Bull, Principal Consultant Manufacturing and Product Development at SQS, the software quality specialist, discussing the possibility of these devices becoming compromised by cyber criminals. Colin is advocating the introduction of regulation around the use of drones to ensure that these devices which are intended to save lives, don’t become targets for hackers to infiltrate, reroute or even take down, potentially leading to the loss of life. Colin Bull, Principal Consultant Manufacturing and Product Development at SQS: “The news that drones carrying defibrillators could start saving lives…
When you’re in the process of launching a start-up, security is usually at the bottom of the checklist, if not a completely non existent concern. Most entrepreneurs tend to think that small businesses are safer than big companies as they’re less likely to be on the hacking radar, but the 2016 Internet Security Threat Report by Symantec revealed that 43 percent of all phishing attacks were targeted at small businesses in 2015, which is nearly a 10 percent rise from the figures in 2014. In reality, small businesses tend to be an easier target because, unlike big corporations they have…
New Industry-Unique Capability Extends Privileged Identity Management Benefits to Systems Disconnected From the Corporate Network LOS ANGELES and NATIONAL HARBOR, MD – Lieberman Software Corporation today announced its patent-pending Disconnected Account Management capability for cross-platform password management of offline systems. This new capability is included in the company’s privileged identity management product, Lieberman RED – Rapid Enterprise Defense™ Identity Management. Lieberman Software is premiering this technology in booth #615 at the Gartner Security & Risk Management Summit this week in National Harbor, MD. Prior to the release of Lieberman Software’s Disconnected Account Management, privileged identity management products could only manage permanently connected systems. This left…
Imperva, a leading voice in the world of data and application security solutions, has released a new report that researches the inability of access control to adequately limit an attacker’s scope for inflicting damage on an organisation. The new Hacker Intelligence Initiative (HII) report reveals three primary reasons why the traditional approach to file security no longer works: Permissions are granted, but rarely revoked Users do not touch most files to which they have permitted access Enterprise-level file permissions have become increasingly complex The report demonstrates that relying on access control alone broadens the risk surface and is not a sustainable method for securing…
Researchers from Context Information Security have discovered a flaw in Virgin Media wireless home routers, allowing them to gain unauthorised administrative-level access to the devices. After reverse engineering software from the Super Hub 2 and Super Hub 2AC, manufactured by Netgear, Context’s Jan Mitchell and Andy Monaghan discovered vulnerabilities in a feature allowing users to create backups of their custom configurations – such as port forwarding and dynamic DNS settings – which could be restored at a later date. While configuration backups were encrypted, the researchers found that the private encryption key was the same across all hubs in the UK.…
According to this link, SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. An attacker can gain access to the device, access the network behind it and launch further attacks, add devices into a Mirai-like botnet or just simply spy on the user. Andrew Clarke, EMEA Director at One Identity commented below. Andrew Clarke, EMEA Director at One Identity: “Devices such as firewalls and routers and more recently IoT devices are connected to a network with default settings – this includes…
High-Tech Bridge, a leading provider of web and mobile application security testing services and a “ Gartner Cool Vendor 2017” and winner of SC Europe’s Best Emerging Technology category last week, released a summary on application security trends for Q1 – Q2 2017. Statistical data mentioned in the research largely comes from the ImmuniWeb® Application Security Testing Platform and High-Tech Bridge’s free web security services, but also leverages a wealth of data from various open sources. The most interesting or important trends High-Tech Bridge is highlighting include: Bug Bounty fatigue trend is one that will continue The term “Bug Bounty fatigue” was…
Analysis of More Than 120,000 Applications Found that Half of Third-Party Software Components in Use Are Outdated LONDON, UK. Synopsys, Inc. (Nasdaq: SNPS) today released its report, “The State of Software Composition 2017,” which analysed real-world data to investigate the security of the software supply chain one of the most significant challenges the software industry faces today. The report summarises the analysis of 128,782 software applications, which identified 16,868 unique versions of open source and commercial software components containing almost 10,000 unique security vulnerabilities. Synopsys used its software composition analysis product, Protecode™ SC, to analyse applications scanned from January 1, 2016 through December 31,…
The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware, detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack. Whether the same malware was really involved in what cybersecurity experts consider to have been a large-scale test is yet to be confirmed. Regardless, the malware is capable of doing significant harm to electric power systems and could also be refitted to target other types of critical infrastructure. Industroyer is a particularly dangerous threat, since it is capable of…
