News broke yesterday that the Shadow Brokers hacking group, widely believed to have stolen NSA hacking tools including the now infamous WannaCry ransomware, have announced details of a monthly dump service. This new monthly dump service is yet another attempt from the Shadow Brokers to commercialize and sell their exploits. IT security experts from Lastline and Avast commented below. John Cloonan, Director of Product at Lastline: “Shadow Brokers dump service reinforces the professional nature of cybercrime. The industry has known for a long time about underground websites where personal data and lists of stolen credit card data is for sale. But the degree to…
ISBuzz Team
As WannaCry shows, cyber criminals are always looking for a new angle for the next big attack. An angle that’s making a big comeback lately is an attack sent via email asking for the user to enable macros. Barracuda’s researchers have located what appears to be the source of this threat as coming from St Petersburg, Russia. This phishing attack uses a few different techniques: Send an intimidating email to the recipient from what looks like an authoritative department, containing a Microsoft Office document. If the attached file is opened, and if macros are not enabled, the recipient may get…
Rapid7 disclosed a found vulnerability in Yopify, an ecommerce notification plugin utilised by a number of websites including Shopify, that indirectly leaks the first name, last initial, city and purchase data of recent online shoppers – all without user authorisation. The various plugin sites show over 300 reviews of Yopify, which suggests that the number of exploitable sites is at least in the hundreds, and perhaps thousands. While seemingly harmless at first glance, this personal shopper data can be used by hackers to infer parts of customers’ identities making them vulnerable to personal information breaches, blackmail and even violence. You can…
Bleeping Computer is among news outlets reporting The Shadow Brokers Announce Details About Upcoming Monthly Dump Service – its data-and-exploits-as-a-service forfor which the subscription price is 100 Zcash cryptocurrency (approximately $28,000 US) per month. When the Shadow Brokers recently teased the upcoming service, it indicated that among the service’s offerings would be web browser exploits, router exploits, mobile handset exploits and tools, items from newer Ops Disks, exploits for Windows 10, compromised network data from more SWIFT providers and central banks, and compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs. IT security experts from Balabit, Cyphort Labs and STEALTHbits Technologies commented below. Csaba Krasznay,…
The Register is reporting today on a new survey of 2000 businesses by YouGov and UK solicitors Irwin Mitchell, which exposes an underlying absence of awareness and urgency about complying with the EU’s General Data Protection Regulation (GDPR), which takes effect May 25, 2018. Findings show that just threein every ten organizations surveyed (29 percent) have started preparing for the new data governance rules. GDPR places data privacy and protection responsibilities directly on businesses and their data ecosystem partners, and affects organizations worldwide transacting with EU-based users. IT security experts commented below. Michael Osterman, President at Osterman Research: “Achieving GDPR compliance is not something the IT department can do alone. Failure to adequately prepare will push firms into a compliance…
Arms Organizations to Win Against WannaCry Ransomware HAWTHORNE, NJ – (Marketwired) – STEALTHbits Technologies Inc., a leading cybersecurity software company focused on protecting an organization’s credentials and data, announced today the release of a free utility to identify unpatched systems. This utility performs a vulnerability assessment relative to the Shadow Brokers exploits, including those leveraged by the WannaCry ransomware. As has been widely reported in the media, the WannaCry ransomware and associated variants that affected nearly 300,000 machines in more than 150 countries took advantage of a known SMBv1 vulnerability within Microsoft Windows, for which critical patch MS-17-010 was issued on March…
Following the news of the emergence of the Google Chrome bug which allows websites to record audio and visuals without the users permission or knowledge, which could be potentially weaponised to spy on targets. IT security experts from The Media Trust and Comparitech.com commented below. Chris Olson, CEO at The Media Trust: “While Google may not consider this a blatant security violation, it most certainly should concern website operators and consumers alike. Not only does this flaw expose the lack of control website operators have over their digital properties, but it also violates consumer privacy expectations. In an environment with increasing attention…
Following the news that over 36 million Android devices may have been affected by the so-called “Judy” malware, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: With news that 36.5 million devices could be affected by a new Android app called “Judy”, it is more crucial than ever that we protect ourselves from unwanted apps. Apps offer consumers entertainment, communication and convenience however they are also putting user data and devices at risk due to their everyday functionality. Technical findings and analysis from the Kaspersky Security Network (KSN) and an experiment into…
– DataRaze: Revolutionising how businesses dispose of critical data assets – London: On June 06, 2017 at InfoSec 2017, DataRaze (www.dataraze.co.uk) will unveil its data asset destruction machine. The DataRaze unit is the UKs only machine that provides on-premise, fully auditable, physical destruction of critical data assets and will be performing live data destruction at Stand A20. The introduction of DataRaze into the market is set to change end of life data asset destruction forever – providing organisations a full ‘cradle to grave’ audit trail of their IT assets that store confidential data – on-premise. Businesses which deal with highly sensitive data no longer have…
Virtual Private Networks, aka VPNs, are growing in popularity day by day. Thanks to geo-restrictions and censorship, the rising threat of cyberattacks, and increased spying from government agencies, more people are now relying on VPNs than ever before. No one likes to see their data or information getting comprised or spied upon, and this is where VPN’s come to the rescue. Not only do they make your internet traffic appear from different locations, but also encrypt the transferred data to minimize the risk of data breach. It’s no different with WordPress users either. WordPress security is always questioned and there…
