Following the global cyberattack Microsoft has taken the unusual step of issuing a public patch for the now unsupported Windows XP operating system as well as previous versions Windows 8 and Windows Server 2003. As the global cyber-attack slows, what can organisations do if a ransomware copycat strikes. Adam Meyers, Vice President, Cyber Security Company at CrowdStrike commented below. Adam Meyers, Vice President, Cyber Security Company at CrowdStrike: “WannaCry has caused a ransomware infestation on a blockbuster scale. Many organisations are now reporting that their race to apply the patch (MS17-010) was not quite quick enough. Unfortunately, many organisations were too far down…
ISBuzz Team
New Secunia Research@Flexera Country Report reveals the number of OS vulnerabilities is increasing, while users are losing ground patching them Maidenhead, U.K. As the fallout from the #WannaCry ransomware attack continues to reverberate around the world, a new report by software vulnerability and patch management expert, Flexera, has an ominous warning for companies and individuals: the threat is growing – and people are getting lazier about protecting themselves. Secunia Research@Flexera has just published its Country Report covering the first quarter of 2017. The report reveals an alarming trend: More vulnerabilities are being found in UK PC operating systems, while at the same time, users…
Educational institutions of all sizes routinely handle multiple types of sensitive data, including Social Security numbers, credit card numbers, driver’s license numbers, medical information, and other personally identifiable information (PII) which can potentially be stolen. In addition, due to some institution’s focus on research, these organizations may also have access to confidential government and/or business intelligence data regarding trade, scientific or military secrets. PII requires special handling via encryption to adhere to compliance regulations – but sometimes education providers encounter nebulous compliance verbiage that can be misunderstood and therefore not executed on properly. Organizations that do not encrypt PII data…
An unusual kind of ransomware cyber-attack has taken the world by storm, causing calamities in various parts of the world. Cyber security companies claim that this ransomware worm has infected around 75,000 computer systems in 99 countries this Friday, with Russia, Ukraine, and Taiwan being the top targets. The ones most affected by this ransomware are small and medium sized businesses who have had to pay the ransom amount as they don’t possess the means to obscure themselves against such a massive ransomware cyber-attack. How does it work? The strangest fact about this ransomware is that it did not spread…
According to reports, as a result of the ransomware, hospitals across England were forced to divert emergency patients. In Spain, victims including the telecommunications company Telefónica have been forced the company to tell employees to shut down machines and networks in an effort to stop the spread of the malware. Other victims include Gas Natural and Iberdrola, an electric utility firm. Bob Rudis, Chief Data Scientist at Rapid7 commented below. Bob Rudis, Chief Data Scientist at Rapid7: “Attackers are, once again, preying on organisations that are in the weakest position to defend themselves against ransomware attack vectors. Those involved in…
Following the News that hospitals across England have been hit by a large scale cyber-attack. Hospitals across the country appear to have been simultaneously hit by a bug in their IT systems, leading to many diverting emergency patients, IT security experts from SQS, Synopsys, Recorded Future, Ivanti, Wombat Security, Splunk, Vectra Networks, CFC Underwriting, Thales e-Security, Rubrik, Anomali, Bromium, GCHQ Cyber and Intelligence, Kaspersky Lab, Avast, SailPoint, Lastline, Cyberis, Imperva, Tripwire, Firemon, AlienVault, Tenable Network Security, Comparitech.com, Censornet, Infoblox, Synchronoss, BMC Software, Maintel, Varonis, RES, F5 Networks, CrowdStrike, Lieberman Software and Digital Defense, Inc. provide an insight on the attack below. It is…
Following the rumoured news of the iPhone 8 introducing the world’s first 3D facial-recognition camera, Alvaro Hoyos, CISO at OneLogin commented below how the debate over privacy vs. civil rights must be the main concern when it comes to using biometric technology and that Apple must take responsibility to ensure that this data cannot become compromised or used for any other purpose than originally intended. Alvaro Hoyos, CISO at OneLogin: “iPhone 8’s rumoured addition of facial recognition is just one of many competing biometric technologies that can be used for authenticating identities. In an age of inexpensive high-res cameras, social media plastering…
Businesses around the world are upgrading the way they manage their information, moving from records and information management (RIM) to information governance (IG). More operational or tactical in scope, RIM describes the activities and tasks required to organise, secure, access and ultimately destroy information. IG can be described as the strategy that guides the management of information. It includes all the metrics, structures, policies, controls that establish how the organisation’s information is managed. The move makes sense for business reasons — information governance treats information as a business asset and assures that appropriate and well-curated information is a key business…
The first quarter of 2017 has confirmed the forecasts about the evolution of DDoS attacks made by Kaspersky Lab experts following the 2016 results. It also demonstrates that cybercriminals need a rest too. Despite the growing popularity of complex DDoS attacks continuing into the first quarter, there was a noticeable decline in the number of overall attacks and a change to how they were dispersed by country. In the first quarter of 2017, the Kaspersky DDoS Intelligence system recorded DDoS attacks against resources in 72 countries, which is eight less than in the fourth quarter of 2016. The Netherlands and…
Following the news that HP has now patched the keylogger function installed with its audio drivers, Kyle Lady commented below. Kyle Lady, Sr R&D Engineer at Duo Security: “Any sort of 2FA that is “out of band”—uses a different communication channel than the keyboard—can protect you from a keylogger. This include push-to-mobile-app, U2F security key, or phone call. If your 2FA method requires that you type in a passcode, from an app, a token, or an SMS message, this would still get logged. It wouldn’t be useful to an attacker in the future, but if an attacker could read your…
