DomainTools are announcing a partnership between themselves and Farsight security bringing both of their DNS-based cyber threat intelligence together so that cybersecurity professionals can search the market’s leading Whois and DNS data sets in one integrated SaaS product. Q: Why is DNS data important in threat investigation? A: Government, law enforcement and enterprises use DNS data to investigate the organization behind a domain and map the online networks of criminal organizations in order to stop future attacks. Actors borrow IP addresses but register domains, which means that domain names inherently reveal intent and are an important tool in cyber forensics. For…
ISBuzz Team
Yahoo Inc, which disclosed two massive data breaches last year, said on Wednesday that about 32 million user accounts were accessed by intruders in the last two years using forged cookies. Yahoo CEO Marissa Mayer has asked that her bonus worth $2m be cut over the data breaches. IT security experts from AlienVault, Imperva, Tripwire, FireMon, STEALTHbits Technologies, Inc., Lastline and Balabit commented below. Chris Doman, Security Engineer at AlienVault: “We have to be careful to avoid victim blaming – all large tech companies have been victims of sophisticated attacks. (Eg; https://arstechnica.co.uk/security/2015/07/meet-the-hackers-who-break-into-microsoft-and-apple-to-steal-insider-info/ & https://en.wikipedia.org/wiki/Operation_Aurora ). What is different here is that Yahoo’s response has been criticised heavily – both by…
Kirsten Bay, CEO and President of Cyber adAPT outlines the limitations of AI in cyber security and why the human brain remains our greatest asset in the battle against attacks Let’s start by stating the obvious, shall we? Cyber security is a huge issue. According to official statistics, 90 per cent of all large organisations have reported suffering a security breach[i]. In fact, it is no longer a matter of “if” you suffer a breach, but “when”. There’s been a 144 per cent increase in successful cyber-attacks on businesses[ii] and a 267 per cent charted increase of ransomware attacks in 2016[iii]. And the…
As part of our expert panel question series, we have the following question for the month of Feb 2017 to our expert panel members. Feb 2017 Question: As Cyber Security insurance industry evolves, we might see different types of cyber security coverages and not just the blanket cover as extension to existing risks. How will cyber security insurance shape the cyber security market in coming years with these different type of insurance coverages? Expert Response: Brian A. McHenry Cyber insurance is manifesting in much the same way as past regulatory compliance initiatives, such as PCI and HIPAA. In order to establish…
It may come off as a pessimistic world view, but lately it seems as though there are two types of news: bad news, and news that seems good but then isn’t. Take, for example, the news that HackForums.net was closing down its server stress testing section back in October. Since it was reportedly the internet’s largest open marketplace for DDoS for hire services, the news that it was being closed down was more than welcomed by the internet security community. Over three months later? It didn’t end up mattering at all. Devastation for hire A DDoS attack is a distributed…
Following the news that Lotte Duty Free said its website crashed after attack from Chinese IPs, Sean Newman, Director at Corero Network Security commented below. Sean Newman, Director at Corero Network Security: “Yesterday’s reported attack on South Korea’s Lotte Duty Free demonstrates just how damaging distributed Denial of Service (DDoS) can be. With so many organisations now relying on continuous online availability, as a key part of their business model, even short periods of disruption can be extremely costly. In this case, even though the attack reportedly impacted servers outside of peak trading times, it was still quoted as causing lost business…
Following the news that more than 1 million websites running the WordPress content management system may be vulnerable to hackers stemming from a “severe” SQL injection bug in NextGEN Gallery, a WordPress plugin. Mike Pittenger, President of Security Strategy at Black Duck Software commented below. Mike Pittenger, President of Security Strategy at Black Duck Software: “We’re seeing another example of a WordPress plug-in vulnerability. This type of issue – running old and vulnerable versions of open source – made WordPress one of the main suspects in the Panama Papers breach (along with Drupal and Outlook Web Access).” “The issue here isn’t that another vulnerability has been disclosed, it’s…
Security researchers have spotted a new variant of the TorrentLocker ransomware that has the ability to spread through shared documents on the infected computer. The variant is currently making its way through Denmark, and according to VirusTotal has been circulating almost undetected, with only 3/55 Anti-Virus software managing to spot the malware. Fraser Kyne, EMEA CTO at Bromium commented below. Fraser Kyne, EMEA CTO at Bromium: “This is where there is a fundamental flaw in the current cybersecurity paradigm – attacks have to be detected to be prevented. However, if hackers deploy malware that doesn’t execute immediately, detection software can be easily fooled. In…
Following the news that IOActive released a report exposing numerous vulnerabilities found in multiple home, business and industrial robots on the market today. IT security experts from Synopsys, Synack and prpl Foundation commented below. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys: “The consequential damage of a hacked robot, or any hacked system, is directly commensurate with the amount of trust put into the system. This becomes extremely problematical as technology improves, and we become more reliant and more trusting of the systems. Once external connectivity is introduced, industrial robots become potential security time bombs, wherein any system…
Following the news about the research from the New Forter-Merchant Research Council shows that the EMV chips in credit cards are pushing fraud online. The new study shows online fraud up by 8.9% in 2016 with apparel retailers and food delivery businesses hit the hardest. Robert Capps, VP of Business Development for NuData Security commented below. Robert Capps, VP of Business Development at NuData Security: “Over the 2016 holiday season, NuData saw a 400 percent increase in sophisticated automation and scripting targeting large retail merchants. These attacks were caught by NuDetect and had they been successful, would almost certainly have culminated into new account…
