Following the news that Amber Rudd’s Call for Whatsapp Messages to be Available to security services. IT security experts from Avast, CipherCloud, DomainTools, AlienVault, Tenable Network Security, Tripwire, Comparitech.com and FireMon commented below. Tony Anscombe, Ambassador and Senior Security Evangelist at Avast: “We understand why governments want to be able to access the content in these messages but, unfortunately, banning encryption in order to get to the communications of a select few opens the door to the communications of many, and renders us all less secure and our lives less private. “If you build a back door, it’s there for everybody to access. And if you store that data…
ISBuzz Team
News is circulating that Uber is temporarily suspending tests of its self-driving cars following a crash Friday evening in Tempe, AZ, that involved one of the company’s autonomous vehicles. The accident occurred when the driver of a second vehicle “failed to yield” to the Uber vehicle, which was in self-driving mode, while making a turn. The vehicles collided, causing the autonomous vehicle to roll onto its side. Mike Ahmadi, global director – critical systems security at Synopsys commented below. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys: “What concerns me deeply about autonomous vehicles is that simply getting them to work,…
The Institute of Directors and Barclays have released a report today about how more than a third of businesses lack a formal strategy on cyber-attacks. In the survey of 845 members of the Institute of Directors, conducted in December 2016, 95 per cent of respondents said they considered cyber security to be quite or very important to their business, although 40 per cent of businesses said they would not know who to report incidents of cyber crime to. IT security experts from Cylance and Synopsys commented below. Dr Anton Grashion, Managing Director-Security Practice at Cylance: “This new report from Barclays and the Institute of Directors clearly…
According to Kaspersky Lab experts, the black market’s offering of DDoS services is quite high, and criminals who want to arrange such an attack find it to be quite profitable. They were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. Sean Newman, Director at Corero Network Security commented below. Sean Newman, Director at Corero Network Security: “Taking the position of just paying an attacker, with the hope they’ll just go away, is a slippery slope – once attackers realise you are just willing to…
The adware would like to be your device administrator if you let it In our ongoing hunt for malicious apps on Google Play Store, we have come across more than a dozen apps that we have confirmed to be aggressive adware strains, with the ability to add themselves as device administrator on a victim’s mobile device. After a primary analysis of these apps, we confirmed that they do not have any features that require critical device administration privileges. A common theme among all these apps is that they do not display any suspicious activity for the first six hours after installation. This may be an attempt to evade…
What to secure first There is a seemingly constant influx of news regarding cloud adoption trends, but what seems to be somewhat missing from industry discussion is the trend towards multi-cloud adoption. Analysts and industry experts including Gartner recommend standardisation on multiple IaaS cloud service providers as a security and availability best practice. For security workloads in public clouds, their top recommendation is a hierarchical list starting with foundational items that fall under operations hygiene (access control, configuration, change management) and then focus on core work-load protection like vulnerability management, log management, network segmentation and whitelisting. Organisations should also be…
Analysis reported on Bleeping Computer that during the past year, Let’s Encrypt has issued a total of 15,270 SSL certificates that contained the word “PayPal” in the domain name or the certificate identity. “Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites, according to an analysis carried out on a small sample of 1,000 domains, by Vincent Lynch, encryption expert for The SSL Store. His findings reveal how phishers gradually tested if they could get, deploy, and keep hold of Let’s Encrypt certificates for malicious websites. Around October and November last year, the floodgates opened, and the number of…
Google has announced that it is downgrading the level of trust that it has in Symantec certificates following an investigation that revealed ‘a continually increasing scope of misissuance’ by Symantec which has exposed users to significant dangers. Up to 30,000 certificates have been found to be problematic since the investigation began. As a result, by early 2018, Chrome 64 will only trust Symantec certificates that have been issued for 279 days or less. Plus, Google has also proposed removing Symantec’s Extended Validation status for at least one year, meaning that all existing valid certificates issued by Symantec would need to…
Public relations and advertising specialists for many years have clung to the myth that there is no such thing as bad publicity. Reality has busted that myth several times in the recent past, no more so than in the world of cybersecurity. Fees, fines, and compensation paid by companies as diverse as Target and Home Depot following thefts of personal data from their network servers have revealed the real cost of a PR nightmare. Yahoo saw its value drop by $350 million in its pending sale to Verizon following disclosure of two massive data breaches in its networks. In addition…
Major Retailers Facing GiftGhostBot Attacks Attempting to Defraud Consumers SAN FRANCISCO. Distil Networks, the global leader in bot detection and mitigation, today announced that its analyst team has uncovered an Advanced Persistent Bot (APB) that targets gift card payments processes on websites. The bot, named GiftGhostBot, is attempting to defraud consumers from the money loaded on gift cards from a variety of retailers around the globe. Any website, from luxury retailers, to supermarkets, to major coffee distributors, with gift card processing capabilities could be a target. Distil has seen this attack on almost 1,000 customer websites. Beginning on Feb 26,…
