Many organizations are increasingly outsourcing software development and acquiring open source software products. In an effort to reduce costs for production or manufacturing requirements for information technology systems, networks and software, companies are disregarding the complexity of a supply chain cybersecurity. Supply chains that contain IT systems such as software or hardware components are often a target of cyber attacks, malware, advanced persistent threats (APT) and cyber terrorism. This can lead to one or more components being compromised somewhere during the lifecycle of the supply chain, varying from development process to deployment. In order to avoid such security breaches, thorough…
ISBuzz Team
Kaspersky Lab has announced the global availability of Kaspersky Industrial CyberSecurity for Energy, a vertical advanced package for energy enterprises, based on Kaspersky Lab’s suite for protection of industrial infrastructure. Modern electrical power grids are complex networks, with integrated automation and control functions. However, because they communicate through open protocols, theydo not have sufficient built-in cybersecurity functions to combat the increasingly sophisticated range of security threats they face. Kaspersky Lab’s recent report on industrial cybersecurity found that 92 per cent of externally available industrial control system (ICS) devices use open and insecure Internet connection protocols. Since 2010 the number of ICS-component vulnerabilities has also…
Several news outlets have reported over the last few days on a new Point of Sale malware targeting North America – MajikPoS. IT security experts from Lastline and NuData Security commented below. Brian Laing, VP of Business Development and Products at Lastline: “Many of the techniques — such as the use of evasion and command & control — used by POS malware authors are common across classes of malware. MajikPOS appears to target workstations at corporate locations that are processing POS data. Security systems that conduct deep behavioral analysis on malware to understand all of the behaviors it is designed to carry…
97% of CFOs kept awake at night due to reporting process London, U.K. New research by the FSN Modern Finance Forum entitled “The Future of Financial Reporting Survey 2017” released today suggests that the financial reporting process is teetering under the strain of new information demands, a spreadsheet-spiral™, a fragile reporting ecosystem and consequent problems in boardroom. ClusterSeven, the leading global supplier of strategic spreadsheet and end-user computing (EUC) management software, has partnered with FSN on this report. 97% of CFOs are kept awake at night by at least two aspects of the reporting process and by far the most pressing concern (62%) for finance…
A new strain of ransomware was discovered by a security researcher at Avast. The Kirk Ransomware is written in Python and may be the first ransomware to utilize Monero as the ransom payment of choice. Engin Kirda, Co-Founder at Lastline commented below. Engin Kirda, Co-Founder at Lastline: “Ransomware, such as the Kirk malware, by its very nature, tips its hand with characteristics that make it predictable and recognizable. The most obvious is that all ransomware has, and will always have, a ransom note—and therein lies its Achilles’ heel. Unlike other forms of malware, ransomware always contains this one very distinguishable and easily detectable component.…
Attackers target default or easily-guessed usernames and passwords to breach enterprise defences; increasing complexity and attack surface expansion compounded by cloud, IoT, and network segmentation also a problem Ixia, a leading provider of network testing, visibility and security solutions, has announced the release of the first Ixia Security Report, a summation of 2016’s biggest security events including findings from Ixia’s Application and Threat Intelligence (ATI) Research Center, which uses a global network of honeypots and web crawlers to actively identify known and unknown malware, attack vectors and application exposures. While increases in malware are clearly a major threat to both enterprises…
Security researchers have discovered a serious security flaw in Linux kernel that would appear to have existed since 2009. The vulnerability, CVE-2017-2636, rated ‘high’ on the National Vulnerability Database (NVD) could allow local users to gain privileges or cause a denial of service. According to The Hacker News, it affects a large number of Linux distributors, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. Users are advised to install the latest security updates right away. The discovery was made by Alex Popov of Positive Technologies. Patrick Carey, is a director at Black Duck Software commented below. Patrick Carey, Director at Black Duck Software: “This vulnerability disclosure has…
Following the news of a cyber-attack on the website of ABTA, the travel trade body, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: The cyber-attack on the website of ABTA, the travel trade body, is the latest targeting high profile organisations that could possess personal information of thousands, millions or even billions of members (as was the case with the Yahoo hack). In the case of ABTA, hackers may have gained access to members’ e-mail addresses and passwords. ABTA has indicated that the passwords were encrypted, so hopefully the attackers will not be…
Following a new report , released from Financial Fraud UK, the overall scale of financial fraud in 2016 was £768.8million, up from the £755million lost in 2015. Consumers lost the money through payment card and cheque fraud, as well as remote banking fraud, which covers internet banking, telephone banking and mobile banking. The data, from the banking industry body Financial Fraud Action UK, shows that banks and financial firms are still failing to combat the growing threat of fraud in Britain. It means almost three quarters of people (74 per cent) are worried about falling victim to financial fraud, while more than six in ten (68 per…
New research has found a major vulnerability in one automakers vehicle’s connectivity meaning previous owners can still gain access to their cars through IoT. With owners having the ability to heat their cars from the touch of their phones using a mobile app, it has been found that previous owners can still have the same type of access. Art Swift, President at the prpl Foundation commented below. Art Swift, President at prpl Foundation: “Provisioning and revoking services with connected devices has the potential to become a much bigger problem as consumers look to sell their old IoT devices in favour of newer ones. …
