Following the news about the healthcare hack at Georgia-based Emory clinic, which is the largest reported to-date in 2017, exposed 80,000 patient files. IT security experts from Proficio and Tufin commented below. Ken Adamson at Proficio: “Cybercriminals will always be drawn to where the easy money is. The ROI for stolen patient records has dropped significantly, as nearly a third of Americans’ health information can be found on the black market. So, hackers have turned to more profitable attack methods like ransomware, which allows them to block access to key systems or data until the victim pays. Healthcare organizations are quick to pay, given…
ISBuzz Team
Unit 42, Palo Alto Networks threat intelligence research arm, has recently observed attacks against multiple Middle Eastern government organizations using a previously unseen ransomware family – based on embedded strings within the malware, Unit 42 has named this malware ‘RanRan’. Rather than being purely financially motivated, the ransom note specifically attempts to extort a political statement by forcing the victims to create a public sub-domain with a name that would appear to advocate and incite violence against a Middle Eastern political leader. Due to the targeted nature of the ransom message delivered by the malware, and the small sample set of this…
Summary: Small businesses are generally not well secured due to being labeled as small businesses, but their security threats are not necessarily small. On any given day, they can fell to the hacking, malware, ransomware and data breaches due to their cheap and dated protection. But with the few steps, you can avoid such cyber security risks. If you think that your small business is not vulnerable to cybercrimes like big corporations, you need to think again. 43 % of cyber-attacks target the small businesses! This is because cybercriminals are aware that small businesses have cheap and out dated security…
ESET researchers have observed an increased number of apps on Google Play using social engineering techniques to boost their ratings, ranging from legitimate apps, through adware to malware. Among these falsely high-ranking apps, an aggressive ad-displaying trojan was spotted, installed by up to 5000 users as a tool to download content from YouTube. The app, detected by ESET as Android/Hiddad.BZ, uses several deceptive methods to trick users into installing its intrusive ad-displaying component and at the same time secure a good rating in the store. Similar deceptive techniques have recently been used in a number of ad-displaying apps on Google Play with a…
The Data and Analytics Directorate sits within the Department for Work and Pensions (DWP), providing a range of services to customers across government: from analytical data sets to inform Spending Reviews and policy research, to fraud/error reporting within the benefits arena, to data matching for the verification and validation of claims eligibility, National Insurance numbers, electoral registration etc. The Directorate is a highly complex Big Data environment, housing over 200TB of data, handling over 200 data feeds and supporting 600 users across the Directorate, the DWP and various central government organisations. When the DWP determined that the on-premises hosting of…
Following the Chancellors announcement in the Spring Budget, regarding investment in technology and cyber security, Dr Jamie Graves, CEO at Cyber-Security Firm ZoneFox commented below. Jamie believes that the investment in technology falls well short and more must be done and is also a believer that an increased investment must be made in the country’s cyber security, as a whole. Dr Jamie Graves, CEO at ZoneFox: “The Spring Budget, made some good steps in terms of investment into the tech sector, but I still believe there is a lack of detail about how it will be spent. I also feel the…
Independent researchers have uncovered a major vulnerability in many Dahua products, allowing remote unauthorised admin access via the web. The researchers say that a number of the Dahua HDCVI and IP cameras and recorders are impacted. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “We need to change the mindset of industry and government to realise that there is no such thing as a “secure backdoor”. Hackers have already used backdoors to illegally access networks (as seen in the Deutsche Telekom attack last year) and they will continue doing…
Brian Krebs reported that credit and debit card payments giant Verifone is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. IT security experts from Varonis, Imperva, VASCO, Balabit and CipherCloud commented below. Brian Vecci, Technical Evangelist at Varonis: “Unlike Target where a contractor’s credentials were used to compromise POS system, in this case the POS provider itself was compromised. With the prevalence of SaaS providers of all types replacing many in-house systems, organisations have…
4th Annual Kingdom Cyber Security Meeting to address the Kingdom’s Strategy Riyadh. Cyber-Crime is not a new phenomenon, but it’s hitting the headlines as never before, with organization across GCC suffering high profile and damaging reaches. The growing frequency and sophistication of these cyber-threats have exposed the companies to new risks and devastating consequences thereby threatening the very existence of the business. No longer considered an IT issue, but rather one of strategic business risk, cyber security is now a core component of governance. The 4th edition of Kingdom Cyber Security Meeting aims to address these issues that continue to…
WikiLeaks has published a huge trove of what appear to be CIA spying secrets. The files are the most comprehensive release of US spying files ever made public, according to Julian Assange. In all, there are 8,761 documents that account for “the entire hacking capacity of the CIA”, Mr Assange claimed in a release, and the trove is just the first of a series of “Vault 7” leaks. Already, the files include far more pages than the Snowden files that exposed the vast hacking power of the NSA and other agencies. IT security experts from Synopsys and High-Tech Bridge commented below.…
