I’m sitting in a conference room at the Mirage Hotel in Vegas and contemplating all the different vulnerabilities that have been discovered recently. Last week there were two pretty significant security threats: the Intel vPro vulnerability and the Google Docs phishing scam. The Intel vulnerability is a particularly nasty vulnerability. The vulnerability has existed for the past nine to 10 years and could allow a remote attacker to exploit a machine that uses the Intel vPro chipset and has the AMT features enabled. In this case, a remote attacker could silently tamper with the system, because the AMT features allow…
ISBuzz Team
It recently transpired that Windows Defender had a critical vulnerability which allowed hackers to turn its scanner function into a malware installer.Hackers could create files booby-trapped with malicious code, and this code is executed inadvertently and automatically by the scanner while inspecting messages, downloads and other files. Although the fault has now been fixed, it raises questions around the reliability of in-built OS security systems, something that Microsoft has been touting recently. Ondrej Vlcek, Chief Technology Officer, GM and EVP Consumer Business at Avast commented below. Ondrej Vlcek, Chief Technology Officer, GM and EVP Consumer Business at Avast: “Although the…
Cifas, the UK’s leading fraud prevention service released a new report detailing the fraud trends from over 325,000 fraud cases recorded in 2016. The data, from 387 organisations, including many major UK brands, is one of the most comprehensive pictures of fraud and fraudulent attempts made in the UK. Robert Capps, VP of Business Development at fraud mitigation specialists, NuData Security commented below. Robert Capps, VP of Business Development at NuData Security: “This rise in recorded fraud figures is astounding, and bad news for consumers who often bear the brunt of many direct costs, especially in account takeover and new account fraud. The increasing volume of attacks globally has also been…
Following the News that Donald Trump has signed an executive order on cybersecurity, that makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the Internet, IT security experts from Lastline, CA-based Cyphort Labs, Los Angeles-based Lieberman Software, Portland, OR-based Tripwire, Plixer, Nozomi Networks, Cyxtera Technologies, Tenable Network Security, FireMon, Alert Logic, Splunk, Venafi and Axio commented below. Brian Laing, Senior Vice President at Lastline: “A key to success, nationally or within an enterprise, is executive buy-in. This Order is a much-needed executive step that will focus efforts and increase resources deployed…
A DDos attack on Portland-based company Cedexis, which helps in speed delivery of content, knocked out several major French news websites including Le Monde and Le Figaro. The attack comes days after French President Emmanuel Macron said his campaign was hacked. IT security experts from ESET’s, Corero and Infoblox commented below. Mark James, IT security specialist at ESET: “Nowadays Distributed Denial of Service (DDoS) attacks are launched for a variety of reasons. They may be used as a voice to air one’s displeasure on your products, services or views on a certain subject or as a ransom demand in modern day extortion,…
It was around this time last year that SWIFT members started making major headlines regarding security breaches. The $81 million heist in Bangladesh. $12 million in fraudulent transfers from Banco del Austro (BDA). An attempted attack on Vietnam’s Tien Phong Commercial Joint Stock Bank. It’s a long and serious list that prompted SWIFT’s own chief executive of the America’s and UK, Javier Perez-Tasso, to issue a warning that the financial services industry was facing a defining moment in the fight for cyber security. In fairness, SWIFT itself was never the direct victim of an attack. Insufficient security controls employed by…
ESET Ireland warns that the nasty Nemucod malware is back as the malicious payload of a fake BT bill. At ESET Ireland we’ve been informing the public about Nemucod for a while. About a year ago it was one of the prevalent malware infections in Ireland with a 50,42% detection rate, while the global average was only 15,82%. It all starts with an email, appearing to come from BT with the subject “New BT Online Bill”, equipped with all the correct logos and graphics. The content of the email says: “Your bill amount is: 376.03 GBP. This doesn’t include any amounts brought forward from…
Following President Trump’s firing of FBI Director Comey, Leo Taddeo, CISO of Cyxtera Technologies provides an insight on the effects this will have on two key FBI cyber issues – cybercrime and encryption. Leo Taddeo, FBI Director Comey, CISO at Cyxtera Technologies: Cyber crime: “I don’t believe Director Comey ever supported a full-throttle effort to build an effective approach to countering the cyber threat. Some of this was due to higher priority threats taking up staffing and budget resources, making them unavailable to the cyber program. While the next Director will face the same difficult choices, at least he or she will…
Over 100,000 internet-connected cameras may be falling prey to a new IoT malware that’s spreading through recently disclosed vulnerabilities in the products. The malware, called Persirai, has been found infecting Chinese-made wireless cameras since last month, security firm Trend Micro said on Tuesday. Sean Newman, Director at Corero Network Security commented below. Sean Newman, Director at Corero Network Security: “Reports of the Persirai botnet reinforce recent indications that hackers are reverting to more traditional malware techniques to launch DDoS attacks, as conventional methods, such as reflection and amplification, become harder to leverage, at a scale which delivers the required impact. “With…
Insider and Third-Party access have been found to be the top cyber threats for global organizations according to Bomgar’s 2017 Secure Access Threat Report. The report also finds that many organizations still allow a variety of internal and external parties unsecured privileged access to critical systems and data. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “The risks of third-party vendors in the enterprise IT environment cannot be overemphasized, especially when talking about the website. In fact, more than 75% of executing code on enterprise websites is provided by third-party vendors which…
