Following the news that Chipotle Mexican Grill’s payment processing system have reportedly been hacked, IT security specialists from Tripwire, AlienVault, McAfee and Balabit commented below. Tim Erlin, VP at Tripwire: “While we may have become numb to these breaches, criminals continue to target point of sale terminals. As long as compromised credit card data continues to be a valuable commodity on the black market, any company collecting or processing valid credit card information will continue to be a high value target. Organizations from fast food chains to clothing stores should pay attention to the lessons learned, not just from how criminals are getting…
ISBuzz Team
A new botnet is slowly building critical mass by exploiting unsecured webcams and IP cameras and conducting mass scans for vulnerable devices. The scans come a month after a vulnerability was disclosed affecting over 1,250 camera models. Cesare Garlati, Chief Security Strategist at prpl Foundation commented below. Cesare Garlati, Chief Security Strategist at prpl Foundation: “The fact that a new botnet has been uncovered one month after the last vulnerability was discovered in not surprising and should, if anything, be evidence for developers and manufacturers to take an open approach to security. Regulators should enforce ISPs to temporarily block IP addresses known from being part of active…
52% of UK small and medium-sized enterprises (SMEs) in the IT sector admit to having no clear plan in place to ensure their business does not suffer when a key employee leaves; However, over a fifth (22%) of SMEs in the IT sector believe the biggest threat to their business is the departure of a senior executive and a further fifth (21%) would face difficulties if a whole team left. The Aldermore Future Attitudes report has found that that over half (52%) of small and medium-sized enterprises (SMEs) in the IT sector have no clear plan in place to ensure…
Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications. Kyle Wilhoit, Senior Security Researcher at DomainTools commented below. Kyle Wilhoit, Senior Security Researcher at DomainTools: “This vulnerability is primarily an issue for Skype versions running on Windows. While other operating systems may be affected, any publicly accessible (Library, hotel business center, etc.) Windows machines running Skype version 7.31.0.104 and older are vulnerable. The vulnerability targets local access to the Skype login page and must allow for Facebook login, therefore somewhat reducing the attack surface. Taking into account…
The UK’s National Crime Agency has published details of its report detailing why it believes young-offenders are turning to cyber crime, Gavin Millard, EMEA Technical Director at Tenable Network Security commented below. Gavin Millard, EMEA Technical Director at Tenable Network Security: “While I agree that mentorship and positive opportunities can go a long way toward encouraging the next generation of security professionals, I’m alarmed at the conclusion that curiosity and a talent for computers is a gateway drug to a life of cyber crime. Many security professionals have access to some of the most advanced hacking tools and, aside from the odd speeding ticket,…
Following the news from Channel News Asia that Nearly 9,000 malware-laden servers, compromised websites found in Singapore-based Interpol operation. IT security expert from Balabit and STEALTHbits Technologies commented below. Sándor Bálint, Security Lead for Applied Data Science at Balabit: “When most people think of the fight against malware, the first thing that comes to mind is installing anti-malware software on end-user computers. However, as this story points out, it is just as important to protect publicly available servers so they cannot be easily turned into command-and-control (C2) servers by cyber criminals, and used in subsequent attacks on other victims. “Before this thought is…
“A recent New York Times article about Uber shared some damaging revelations about how Uber leveraged data from an app called Unroll.me: “Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice Intelligence. Using an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to Uber. Uber used the data as a proxy for the health of Lyft’s business.” Unroll.me is a third party app that helps you unsubscribe from email subscriptions in order to reduce the size of your inbox. Sounds like a useful…
Following the news that the Russian hacking group known as Fancy Bear, which breached the Clinton campaign last year, has targeted the campaign of French presidential candidate Emmanuel Macron with advanced email attacks. Ravi Khatod, CEO at Email Security Specialist Agar commented below. Ravi Khatod, CEO at Agari: “With the volume and sophistication of social engineering attacks now taking place, it will not be a surprise if we see another major breach to rival that of last year’s attack on Clinton campaign aide John Podesta within the year. If the same group is indeed responsible, they have a proven track record…
Ransomware has become one of the most – if not the most prevalent, effective and successful forms of cybercrime. According to the DOJ, an average of 4,000 ransomware attacks occurred per day in 2016 in the U.S., a 4x increase over 2015. The FBI reports more than $1 Billion in ransoms were paid in 2016, up from 240M in 2015 – another 4x increase. The spikes are extreme, but for those familiar with ransomware, they come as no surprise. Ransomware is simple to create and distribute and offers cybercriminals an extremely low-risk, high-reward business model for monetizing malware. Combine that most…
Following the news that a new malware has been discovered called Milkydoor that can turn an Android phone into a hacking tool to gain entrance to corporate networks. Michael Patterson, CEO at Plixer International commented below. Michael Patterson, CEO at Plixer International: “Every company that supports a Bring Your Own Device (BYOD) policy should be concerned by Milkydoor. As a first step, they should maintain an ongoing inventory of connected Android devices, and map that list to IP addresses. In many cases this can be done automatically with Network Access Control technologies. They should also review their access policy for…
