Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey of more than 200 security professionals attending RSA Conference 2017. Conducted at Tripwire’s booth, the survey gauged respondents’ concerns for their own organizations and found there are rising concerns for cybersecurity in general. When asked if they were confident in the U.S. government’s ability to protect itself from cyber-attacks in 2017, only 17 percent of respondents said ‘yes.’ In addition, 80 percent of respondents said they were more concerned about cybersecurity this year than in 2016. Cybersecurity…
ISBuzz Team
Following the news that the personal info of 1.37 billion people has been exposed after spammers failed to password-protect their backups, Matt Walmsley, EMEA director at Vectra Networks commented below. Matt Walmsley, EMEA Director and Vectra Networks: “Although it’s difficult to take pity on spammers, River City Media’s misfortune is a cautionary tale to business. Unsecured servers and databases are an open invitation to attackers who can use them to gain direct access to the company’s most sensitive information and important assets. Worryingly, five per cent of IPMI manageable servers are ‘secured’ by commonly-used default passwords, 30 per cent have easily guessable passwords and only 72…
Kaspersky Lab’s Global Research and Analysis Team has discovered a new sophisticated wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer. StoneDrill also features advanced anti-detection techniques and espionage tools in its arsenal. In addition to targets in the Middle East, one StoneDrill target has also been discovered in Europe, where wipers used in the Middle East have not previously been spotted in the wild. In 2012, the Shamoon (also known as Disttrack) wiper made a lot of noise by taking down around 35,000 computers in an oil and gas company in the Middle East. This devastating attack…
A proof of concept bypass of Google’s reCaptcha V2 verification system, posted online Tuesday, uses Google’s own web-based tools to pull off the skirting of the system. IT security experts from AlienVault and Positive Technologies commented below. Chris Doman, Security Researcher at AlienVault: “This isn’t the first time that researchers have proposed methods for breaking Recaptcha CAPTCHAs. Some have used Google’s own OCR scanning software Tesseract to break them. Others have also tried Google’s own voice recognition system (http://www.debasish.in/2014/04/attacking-audio-recaptcha-using-googles.html). However Google uses other information, such as IP reputation, to reduce the success rate of these attacks to an acceptable rate. The current favoured…
A spamming group called River City Media, led by well known spammers Alvin Slocombe and Matt Ferrisi, has had its database of 1.4 billion records leaked. IT security experts from AlienVault, FireMon and NSFOCUS commented below. Chris Doman, Security Researcher at AlienVault: “This is an extremely rare window into the operations of mass-spam campaigns. RCM’s apparent admission that they ran denial of service attacks against Gmail servers to trick them into accepting spam is very serious. They are talking about risking the stability of some of the internet’s core mail servers for profit. It’s bizarre these admissions are coming from chat logs that RCM…
Following the announcement of the new T-level technical qualifications, ahead of Wednesday’s budget, Peter Carlisle, VP EMEA at Thales e-Security commented below. Peter Carlisle, VP EMEA at Thales e-Security: “With UK businesses being bombarded with increasingly sophisticated cyber assaults, it’s encouraging to see the creation of custom-made, technical qualifications to increase the nation’s digital skillset. Understanding the importance of securely managing data is now the responsibility of every employee at all levels of the organisation and the sooner we start equipping the next generation with specialist skills the better. That’s why it’s vital that the security industry plays its part in supporting organisations like the National…
In the last week, Forcepoint Security Lab’s observation have identified a tax-themed phishing email sent to around 700 recipients in the UK, just one of many medium-sized email campaigns that have appeared since the start of this year. Last month, a warning was issued to Northwich residents in the United Kingdom regarding a HM Revenue & Customs (HMRC) phishing scam, while the Internal Revenue Service (IRS) issued a similar warning to US tax payers. UK recipients have been the most targeted, followed by Australia. Ireland, United States, France and Canada, with particular emphasis in government and education sectors with the…
Security researchers have disclosed a concerning vulnerability in popular chat client Slack that allowed attackers to hijack your account and take control of your entire communication line. The flaw, which was initially spotted and documented by Frans Rosén from cybersecurity firm Detectify, basically allows ill-intended individuals to snatch your Slack token by tricking you into opening a malicious page. IT security experts from AlienVault and ESET commented below. Chris Doman, Security Engineer at AlienVault: “The exploit involves postMessage – a useful javascript function to send data between two pages. Slack weren’t verifying that these messages were originating from pages on domains they control. Through a couple of other clever tricks that meant if…
Following the news that researchers TeamSIK found flaws with all top nine password manager apps that can be downloaded from the Google Play Store, Barry Scott, CTO at EMEA Centrify commented below. Barry Scott, CTO at EMEA Centrify: “This is not the first, or last time, that password managers will face major security issues, but perhaps the biggest security concern is still users themselves – and that means us! The fact remains that anyone using a password as the sole means of authentication to a website, whether at home or at work, is putting himself or herself (and maybe their company)…
Following the news that TorrentLocke, a ransomware variant which has been relatively inactive for almost two years, is back, and this time it’s stealing user credentials from victims in addition to demanding a ransom to unencrypt locked files, Alex Mathews, Lead Security Evangelist at Positive Technologies commented below. Alex Mathews, Lead Security Evangelist at Positive Technologies: “This new version of Cryptolocker shows the old problem of antivirus products: even a small modification of an old trojan code may lead to an epidemy since many well known antiviruses don’t recogize this new malicious code for many days before their signatures are updated. To protect your business from this…
