In today’s cyber world, it is much easier for files containing sensitive, regulated or confidential data to be accidentally exposed or purposefully exfiltrated. There are a lot more ways for authorized personnel to use and share files, for network share resources to be unintentionally exposed, for files to be readily emailed, and for hackers and malware to potentially obtain files. These factors have culminated to create a new data leakage frontier. No matter the industry, file security data leakage risks are becoming all too prevelant. The last two years brought an onslaught of successful phishing attacks targeting W-2 documents with…
ISBuzz Team
Date: 14-15 November 2017 Location: Istanbul – Turkey Event Website: www.ifinsec.com Email: [email protected] IFINSEC Financial Sector IT Security Conference and Exhibition (www.ifinsec.com) will be held on 14-15 November 2017 in Istanbul, Turkey. IFINSEC is a global, niche and dedicated conference focusing on IT Security technologies and solutions for financial industry. Sponsorship and delegate registrations are open. There’s an early bird sponsorship pricing which is valid until 09 June 2017. IFINSEC is one of the most important conferences in EMEA region on IT Security technologies and solutions for financial sector. IT Security, Information Security, Network Security, Big Data Security, Application…
Virtualisation security is focusing on integration When it comes to security solutions for VDI and virtualised servers, I predict that enterprises will pay more attention to the smooth integration between various systems instead of simply examining product features under a microscope. Security solutions that can be integrated into the virtualisation infrastructure at a sufficient level to detect cyber-attacks in their early stages, as well as those that deliver malicious activity information to the components of the corporate environment to make quick decisions that isolate and analyse the threat, will be those that businesses opt for in 2017. Through the integration between…
In the aftermath of WannaCry, many developers have taken the opportunity to promote apps that promise to protect Android Devices. While some apps provide advice, guidelines some claim to “protect” Android devices against his Windows-only threat. Is this an issue Google should taking a closer look at? Javvad Malik, security advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “We see criminals try to take advantage of many popular news stories, disasters, or even celebrity deaths in an attempt to spread malware or gain access to personal details via phishing or malicious apps. Research showed that the apps contained no malware,…
The latest news story has revealed that Kodi, Popcorn Time and VLC are vulnerable to a widespread subtitle hack with over 200 million users potentially at risk. Lee Munson has commended the the developers who have acted fast to ensure the massive pool of users have updates available. Lee Munson, Security Researcher at Comparitech.com commented below. Lee Munson, Security Researcher at Comparitech.com: “This subtitle hack is yet more proof that bad actors (surely only the cynical will suggest this has anything to do with rights holders?) will do anything to gain access to a device to drop malware, steal information or sign up a…
German hackers, known as the Chaos Computer Club, have posted a video (via the Guardian) of them tricking the Samsung S8’s iris scanner using a picture of the owner’s eye with a contact lens placed on top of it, to mimic the curvature of a physical eyeball. This raises concerns that biometric authentication isn’t as secure as we’ve been led to believe. Don Duncan, security engineer at NuData Security commented below. Don Duncan, Security Engineer at NuData Security: “Many authentication technologies relying just on physical biometrics prove that impersonation is a risk. This is a challenge many technologies face in trying to balance the needs of security…
News broke yesterday that researchers from Core Security had discovered multiple vulnerabilities in the web-based management console of Trend Micro ServerProtect. Vulnerabilities were found in the ServerProtect for Linux update mechanism, allowing remote code execution as root. Andrew Clarke, EMEA Director at One Identity commented below. Andrew Clarke, EMEA Director at One Identity: “News that critical vulnerabilities that could potentially allow a remote attacker to execute arbitrary code via multiple vectors have surfaced in Trend Micro ServerProtect for Linux 3.0 was quickly addressed by the vendor by a critical patch. This high-lights that it is not just operating systems that need to be continuously monitored and patched but…
According to a report issued this week from Trend Micro, the average time between disclosing a bug to a SCADA vendor to releasing a patch reaches up to 150 days. On the one hand, that’s better than the average time it takes leading enterprise software companies to plug holes, the report says. On the other, it’s an average of 30 days longer than it usually takes Microsoft or Adobe to release a patch. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “While some experts have suggested that air gapping protects SCADA systems, maintaining this type of isolation has proven problematic. …
Following the news about Samba Vulnerability Bob Rudis, Chief Data Scientist at Rapid7 commented below. Bob Rudis, Chief Data Scientist at Rapid7: “We strongly recommend that security and IT teams take immediate action to protect themselves from this vulnerability (Samba CVE-2017-7494). If there is a vulnerable version of Samba running on a device, and a malicious actor has access to upload files to that machine, exploitation is trivial. In a Sonar scan run today, Rapid7 Labs discovered more than 104,000 endpoints (devices) exposed on the internet that appear to be running vulnerable versions of Samba (3.5 or later). Of those…
Survey of Medical Device Manufacturers and Healthcare Delivery Organisations Reveals Industry’s Lack of Confidence and Alignment in Securing Medical Devices LONDON, UK. Synopsys, Inc. (Nasdaq: SNPS) today released the results of the study “Medical Device Security: An Industry Under Attack and Unprepared to Defend,” which found that 67 percent of medical device manufacturers and 56 percent of healthcare delivery organisations (HDOs) believe an attack on a medical device built or in use by their organisations is likely to occur over the next 12 months. The survey also found that roughly one third of device makers and HDOs are aware of potential adverse effects to patients due to…
