The Shadow Brokers—the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency’s weaponized software exploits—just published its most significant release yet. Friday’s dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. IT security experts from ESET and AlienVault commented below. Anton Cherepanov, Malware Researcher at ESET: “There are exploits in this dump that work against most versions of Windows. However, the vulnerabilities used in these exploits were patched on March 2017…
ISBuzz Team
The Government has released a survey detailing business action on cyber security and the costs and impacts of cyber breaches and attacks. This comes hot on the heels of yesterday’s report on cyber attacks from the British Chamber of Commerce. IT security experts from Cylance, Imperva, FireMon, Synack, Lastline, Corero Network Security, Tripwire, NuData Security, Digital Guardian and Bitglass commented below. Anton Grashion, Managing Director-Security Practice at Cylance: “This is probably an underestimate if anything. Two reasons for this, firstly, this assumes they even know they have been hit, secondly people are more likely to under-report. Evidence of our testing when we run a POC with prospective customers…
Following the new that DDoS reflection technique in the wild that uses CLDAP to perform attacks. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS: “In the quest to find new means of launching DDoS attacks, hackers have once again found open devices on the Internet running weak protocols that can be exploited for their personal gain. However, like any other reflective DDoS attack campaign, the number of available reflectors is of critical importance. In addition, the amplification factor those reflectors afford is the second stipulation. “In this case, the number of open devices…
Lieberman Software Survey Reveals Concern Among IT Professionals about the Security of Their IoT Devices LOS ANGELES, The overwhelming majority (80.1%) of IT professionals worry about the potential for attacks originating through their Internet of Things (IoT) devices, according to a recent survey by Lieberman Software Corporation. The survey also showed that most IT pros (63.1%) are not confident that their organizations can track and manage all the IoT devices on their networks. The survey was conducted among nearly 160 attendees of RSA Conference 2017. It’s estimated that the Internet of Things now consists of more than 23 billion devices.1 That figure…
Following the news, that Georgia state officials are investigating the theft last week of equipment from a Cobb County precinct manager’s car that could make every Georgia voter’s personal information vulnerable to theft. While the stolen machine, an ExpressPoll unit, cannot be used to fraudulently vote in today’s Georgia House special election, the device does contain a copy of the statewide voter file, which includes voter drivers’ license numbers, addresses and other data. Ermis Sfakiyanudis, CEO at Trivalent commented below. Ermis Sfakiyanudis, CEO at Trivalent: “The Cobb County voter data breach highlights the critical importance of data protection on mobile devices and “smart” technology,…
Graham Cluely is among those reporting: BankBot Android banking malware targets hundreds of apps on Google Play; The trojan’s deobfuscated data reveals its true intentions. “The app appeared legitimate other than the fact that someone had infected it with the trojan probably around 8 April 2017, which was the last time it had received an update. A closer look revealed that as many as 5,000 users had installed the compromised app onto their devices.” IT security experts from NuData Security and VASCO Data Security commented below. Robert Capps, VP of Business Development at NuData Security: “Consumers have been repeatedly told that only reputable online stores should…
It’s not a SIEM. But it does address SIEM user dissatisfaction with a software platform that combines advanced threat detection with correlated security analytics, auto mitigation capabilities – and a lot less. Santa Clara, CA – Cyphort Inc., Today unveiled a powerful security analytics platform that empowers enterprise security teams with the prioritized, actionable intelligence required for fast, interactive threat investigation and response to advanced threats. Dubbed the Anti-SIEM, the software solution builds on Cyphort’s expertise in advanced threat detection, then adds a sophisticated, scalable analytics engine that ingests, analyzes, and correlates data from Cyphort collectors and other security tools deployed…
Intended Audience: CISO / CIO / Security Directors Threat Intelligence Analysts Technical Content: Low Summary On March 4, 2017, a member of the underground forum Exploit with the username “Dereck1” mentioned a new ransomware variant called “Karmen.” Further investigation revealed that “DevBitox,” a Russian-speaking cyber criminal, was the seller behind the Karmen malware on underground forums in March 2017. However, the first cases of infections with Karmen were reported as early as December of 2016 by victims in Germany and the United States. Source: https://app.recordedfuture.com/live/sc/2lbNf7AT41J4 Above are results from a query for mentions of “Karmen” by DevBitox or Dereck1 on Dark…
Basically, you need to reverse engineer an app or a feature when you do not have source code, but still need to know how it works. If it sounds a bit suspicious to you, here are some all-legal business situations when reversing comes at hand: Researching and fixing complicated software issues Improvement of the interaction between a software system and the platform Advanced software system compatibility with third-party solutions Research of various types of malware. Thus, being a rather complicated practice, iOS reverse engineering is very interesting and useful for a broad range of tasks. A large set of tools…
One of the biggest challenges facing businesses, political institutions and individuals is cyber security. For example, a recent report found that hacking attacks on UK businesses has cost investors £42bn, and a severe breach leads to a company’s share price falling, on average, by 1.8 per cent. As well as protecting data and preventing hacks, one of the major issues surrounding cyber security is the much publicised skills gap. A recent report from cyber security professionals association (ISC)2 identified that by 2021 the shortage of skilled workers in the cyber security sector will reach 1.8 million globally. Individuals, companies and the state will be left…
