Russian daily Kommersant reports that the Bank of Russia detected malware that hides inside ATM’s operating memory which “forces” them to dispense cash to anyone who enters certain code on its keyboard. The paper cites the deputy head of information security Artem Sychev, and adds that cash machines made by NCR were among the ATMs mostly attacked. Dmitry Kuznetsov, Methodology and Standardization Director, Positive Technologies commented below. Dmitry Kuznetsov, Methodology and Standardization Director at Positive Technologies: “I have encountered disembodied malware for the first time in 2001, and it is still there. Moreover ATMs are now even more vulnerable than PCs, because they keep…
ISBuzz Team
Malicious email attacks have dominated the security headlines in recent months, with 2017 already seeing large campaigns targeting Netflix and Amazon customers. Despite the number of incident however, many individuals and businesses alike don’t actually know what kind of attacks they are being hit by. In order for a business to defend against malicious email attacks it is essential that they are able to identify whether they have been hit with a phishing, BEC or ransomware attack. According to the FBI, BEC scams have resulted in losses of £2.4 billion ($3.1 billion) as of May 2016. The effect of a…
Following the news that Malware authors in China are using fake base transceiver stations (BTSs), which is equipment usually installed on cellular telephone towers, to send spoofed SMS messages that contain links to Android malware. Michael Downs, Director of Telecoms Security at Positive Technologies commented below. Michael Downs, Director of Telecoms Security at Positive Technologies: “The use of fake cellular telephone towers is not new, nor is it restricted to China, but detecting them is difficult so anecdotal evidence is limited. “The issue is that the equipment to create a fake tower is legitimately available and relatively inexpensive to purchase. For those lacking…
Hackers have threatened to remotely wipe 300 Million iPhones unless Apple pays a ransom of $75,000 in crypto-currency or $100,000 worth of iTunes gift cards. IT security experts from FireMon, AlienVault, DomainTools, Tripwire, Comparitech.com and ESET commented below. Paul Calatayud, Chief Technology Officer at FireMon: “I believe these claims are accurate, but also most likely not caused by Apple. If you do not add two factor strong authentication to any account, there is a chance that the password has been exposed, harvested, or guessed. For example, if my e-mail account happens to be from yahoo, and that account is affected by the breach that just occurred, then…
FlexProtect, SIEM dashboard and scalable WAF deployments help customers dynamically protect their applications in the cloud and on-premises London, UK. Imperva, Inc. (NASDAQ: IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced Imperva FlexProtect to give customers access to both Imperva SecureSphere and Imperva Incapsula within a single subscription agreement. By providing the flexibility to deploy Imperva web application firewall (WAF) solutions based on need, the subscription helps organizations simplify the protection of enterprise applications as they migrate their portfolios from on-premises data centers to the cloud. The cloud market will accelerate in 2017 as enterprises…
At the end of last century, political scientist Francis Fukuyama, surveying the latter events of the 20th century—the fall of the Soviet Union, the end of the Cold War, and the United States emerging as the world’s sole superpower— surmised that we were watching “the end of history.” To Fukuyama, it seemed that after the greatest wars were fought and the dust had settled, the world had settled into an equilibrium of Western liberal democracy and its global expansion. Wars would be fought on diminishing scales, and the United States would reign supreme over an international order that gradually accepted…
The government’s acknowledgement that the escalating threat of ransomware attacks are a question of “when, not if” for UK organisations was not accompanied by sufficient advice on recovery, in its new report ‘The cyber threats to UK businesses’. This is according to Peter Groucutt, managing director of disaster recovery service provider Databarracks. Last week, The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) launched its first joint report into ‘The cyber threat to UK businesses.’ The document outlined what it expects to be the major trends seen across the cyber security industry over the coming months, highlighting the “significant and growing” threat…
Following the news about the secret service laptop theft, Rick Bueno, Co-Founder and CSO at Trivalent commented below. Rick Bueno, Co-Founder & CSO at Trivalent: “With the recent theft of a Secret Service agent’s laptop, which may have contained highly-sensitive data including floorplans for Trump Tower and information about the investigation into Hillary Clinton’s private email server, the importance of data protection on mobile devices and “smart” technology has been brought into national focus. For any industry using devices in the field to process sensitive, proprietary intellectual property (IP) or critical information such as personal identifiable information (PII), schematics, trade secrets, etc., traditional…
Officials in ten states including Vermont, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine and Oklahoma have all reported a security breach which has accessed the information of the states’ job seekers. The third party vendor, America’s Joblink Alliance, which operates the Joblink nationwide database has notified the states that the job seeker service had been compromised by malicious software. While the full scope of the breach is not yet known, the AP says it’s unknown whether social security numbers were breached, and that officials advise all system users to review bank, credit and debit accounts. IT security experts from Prevalent, VASCO Data Security and NuData Security commented below. Jeff…
Following the news that Rapid7 announced an extension for Metasploit’s hardware bridge for radio frequency testing, giving security teams the ability to perform broader assessment of a company’s true security posture. Craig Smith, Transportation Research Lead at Rapid7 commented below. Craig Smith, Transportation Research Lead at Rapid7: “With the latest addition to Metasploit – the RFTransceiver – teams can test physical security controls to better understand foreign IoT devices. The importance of RF testing will continue to escalate as the IoT ecosystem further expands. As IoT devices continue to permeate our lives, it is becoming inevitable that they are finding their way…
