Last week, Radware highlighted a new form of malware called BrickerBot that corrupts a device’s storage capability and reconfiguring kernel parameters. Cesare Garlati, Chief Security Strategist at prpl foundation commented below. Cesare Garlati, Chief Security Strategist at prpl foundation: “This is another case where – if properly implemented – security through separation using the prplSecurity framework could isolate core device functionality from these types of malicious attacks. In a nutshell: the Linux software exposed to Internet attack (telnet/busybox) would have no access whatsoever to the prplHypervisor resources responsible for remote patch and updates – i.e. it would make the device “un-brickable” from the Internet…
ISBuzz Team
ESET Ireland warns Irish WhatsApp users not to click on an email that claims it’s from WhatsApp, but in reality, spreads a trojan infection. A dangerous email spam message is dropping into Irish mailboxes, pretending to come from WhatsApp. Its subject says “Missed voicemail” and the content of the mail just says “New voicemessage” and has a link called “Play”. But don’t let curiosity get the better of you, because clicking on the link will begin the download of a trojan that ESET detects as “JS/Kryptik.BBC”, a variant of malware first detected in August 2016. JS/Kryptik is a generic detection…
Today, hacker-powered cybersecurity pioneer Synack is announcing that it raised $21.25 million in a Series C round of funding led by Microsoft Ventures. The Series C financing also included investments from new investors Hewlett Packard Enterprise and Singtel Innov8. These technology giants are backing Synack to flip how organisations approach security — going from defence to offence — as they expand in the European market. Whilst working at the NSA, Synack co-founders Jay Kaplan and Mark Kuhr quickly realised that software can’t stop hackers, only humans can — inspiring Synack’s global army of hackers and part-man/part-machine technology platform (used by F500s, the…
Following the news that a new zero-day vulnerability that affects all supported versions of Microsoft Word has been uncovered and is already being used to launched attacks, Paul Farrington, Manager, EMEA Solution Architects at Veracode commented below. Paul Farrington, Manager, EMEA Solution Architects at Veracode: “Clearly the fact that the RTF file is able download the malicious HTML that enables local execution of malware points a lack of control in interpreting untrusted input from the outside world. The Microsoft engineers will not only need to devise a patch for this vulnerability, but also to remodel their threat assessment of this type of file interaction.…
Following the News that GameStop are looking into a potentially serious credit card breach. GameStop has confirmed that it’s looking into a possible data breach that compromised credit card info between September 2016 and February 2017. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys commented below. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys: “This is yet another example of a basic misunderstanding of the scalability of an attack resulting from an inherent vulnerability. Payment systems that rely on the archaic use of numbers and passwords are prone to breeches of the systems and capture of the information needed to mount an…
Research conducted in light of Senate Joint Resolution 34 being passed into law by President Donald Trump Comparitech.com, a leading security and privacy advice and comparison website, has found that the vast majority (92%) of Americans disagree with the passing of the Senate Joint Resolution 34 bill, which repeals privacy rules that bar internet service providers from selling users’ web browsing data to third parties without permission. Main findings: 92 percent of Americans believe their internet provider should not be allowed to monitor their activity online and sell the data to third parties without their consent Four out of five…
The significant threat cyber attacks represent to commerce and infrastructure is intensifying calls for government to “encourage” companies and agencies to act more responsibly. Pending actions, which include a presidential executive order, bills in the U.S. Congress, and legislation in 35 state governments, call for standardized cyber risk reporting and management based on a de facto standard, namely the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF). What is driving all this activity? The recent revelation of two massive Yahoo breaches raised the bar for the scale and awareness of devastating cyber attacks. The $350 million drop in…
As a business owner, you’re responsible for the safety of your employees and patrons. Ask yourself: Do your customers and workers feel physically secure when they’re in your store? Do your patrons feel confident using their credit cards? To run a successful business, you need to be able to answer “yes” to these questions without hesitation. If you think your store could use some help in these areas, consider implementing the ideas below. Store Appearance In an interview with PYMNTS.com, architectural expert Andrew McQuilken explains that people change their shopping habits based on their state of mind and if they feel…
Following the news that Wonga, the payday lender has experienced a data breach that may affect up to ‘245,000 UK customers’, IT security experts from SailPoint, McAfee, ViaSat Europe, Tenable Network Security, ESET, Micro Focus, Netskope and F5 Networks commented below. Kevin Cunningham, President & Co-Founder at SailPoint: “This data breach from Wonga shows that incidents are an everyday occurrence that businesses must counteract or risk a significant impact to their bottom-line as well as customer loyalty. “Businesses house more and more sensitive data, therefore everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect sensitive customer information…
Banking as we know it is finished, affirms the boss of one of the world’s largest independent financial advisory organisations, as his firm today enters the fintech sector. The announcement follows pushes ever further into the banking sector for deVere. In the last two months, it has launched its own private bank and has received an investment banking licence. Nigel Green, Founder and CEO at deVere Group, come as he launches deVere Vault, a global e-money app commented below. Nigel Green, Founder and CEO at deVere Group: “The launch of our challenger bank, deVere Vault, is the latest move to provide expat clients a comprehensive,…
