ESET Ireland finds new scams faking Irish Revenue, Irish Water and Irish Motor Tax correspondence, linked to phishing sites registered from China. Cybercriminals know that familiar names of services or institutions can fool people into believing they’re receiving legitimate correspondence and make them click on things they shouldn’t be clicking on. That is why, tailored for the Irish “market”, they’re regularly (ab)using names of services and institutions familiar to the Irish. This week ESET Ireland has spotted several such emails doing the rounds. The first claims it’s from Revenue – Irish Tax & Customs and says the recipient is eligible to receive a…
ISBuzz Team
Following the news of the CloudPets Data Breach, Tod Beardsley, Director of Research at Rapid7 commented below. Tod Beardsley, Director of Research at Rapid7: “The tragic tale of CloudPets indicates at least four distinct failures when it comes to securing IoT. I’d characterise this confluence of vulnerabilities as catastrophic. CloudPets rolled out a service that relied on an insecure, open-access database, stored voice data on an insecure, open-access Amazon S3 bucket, and secured access to an online account with a password that has effectively no complexity requirements (a single character would do). While bad, these three technical design failures could have been addressed,…
Following the news that Spiral Toys, parent company of the popular CloudPets line of internet-connected toys, was hacked, exposing personal messages and information, Cybersecurity experts from FireMon, Imperva, InfoArmor and Lieberman Software commented below. Paul Calatayud, Chief Technology Officer at FireMon: “I like to call IoT the IoMT as in the Internet of Malicious Things, and news of the teddy bear leak hits on two main issues. One, the growing use of open source databases, and two, putting devices on the internet. MongoDB is becoming a common technology for use in e-commerce due to its flexibility and price (free). Like most…
If a computer can outsmart us playing chess, what is the next move for mankind? If an automated botnet can easily take control of your car, do personal safety issues drive you round the bend? The proliferation of devices and the adoption of new technologies, such as of the internet of things (IoT), has revolutionised all aspects of our lives. Demands for specialist skills to engineer, maintain and protect our vital data are now more important than ever. Yet, are there enough experts around to make sense of it all? Closing the talent gap According to The Institute for Public…
Following the recent news that the technology industry has hit back at proposed plans by France and Germany to force EU member states to backdoor encryption for the police, Jason Ginsberg, Senior Director at Echoworx commented below. Jason Ginsberg, Senior Director at Echoworx: “No-one can argue with the fact that if intelligence agencies and the police were able to access and look inside all houses, they would catch more criminals. But is this going too far? We also have to consider how this may be putting the majority of law abiding citizens at risk. European lawmakers need to remember that…
Hundreds of MySQL databases have been hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks,” according to security vendor GuardiCore. Travis Smith, Senior Security Research Engineer at Tripwire commented below. Travis Smith, Senior Security Research Engineer at Tripwire: “The evolution of database targeted ransomware started with MongoDB and transitioned to Elasticsearch. These two products could be installed without any authentication mechanism. When deployed to the internet with default configurations, the databases were world writable. When installing MySQL, you’re prompted for a password which protects against ransomware attacks. What these attackers are doing is guessing the root password via brute force attacks. In…
Following the news about the recent HSBC outage, Guillaume Ayme, IT Operations Evangelist at Splunk commented below. Guillaume Ayme, IT Operations Evangelist at Splunk: “Any service downtime or IT outage that means customers cannot access their financial data puts pressure on the bank or building society responsible. According to recent research into IT outages carried out by Quocirca, the average cost of service downtime to a financial services organisation is over £105,000 per event with the value of more significant outages being far higher. With companies averaging three outages per month, losses can be significant over a financial year -…
Protection Group International host the first Cyber Security Challenge UK face-to-face competition of 2017 30 of the UK’s top amateur cyber defenders battle to protect connected car company from cyber-attack, reflective of the 2016 Mirai DDoS IoT Botnet attack Top performers from the day invited to Masterclass competition where they could be recruited by UK’s leading cyber security firms Bristol. This weekend, Protection Group International (PGI) and Cyber Security Challenge UK, pitted 30 of the UK’s best cyber security amateurs against each other in an ultra-realistic simulated cyber-attack on an automotive company, all in a bid to find the country’s best…
Researchers have unveiled the first practical collision attack for the 22 year old cryptographic hash function SHA-1. While long expected, news of the attack, dubbed ‘SHAttered,’ should further accelerate the urgency of sunsetting of the maligned algorithm. Lamar Bailey, Sr. Director, Security R&D at Tripwire commented below. Lamar Bailey, Sr. Director, Security R&D at Tripwire: “Cryptographic algorithms have a half-life similar to radioactive isotopes. The factors that play into determining the half-life are the processing power needed to find collisions that break the algorithm along with the costs to obtain the processing power. When both of these factors are in the realm…
Following news that UK robotics research will get a £17.3m pledge from government, Paul Canberra vice president EMEA at BMC Software commented below on the need for a shift in debate when it comes to robotics in the workplace. Paul Cant, Vice President EMEA at BMC Software: “It is clear that robotics, automation and artificial intelligence are set to change many aspects of the traditional workplace, as this weekend’s pledge from the UK government reveals. As with any industrial revolution in history, we need to remember that whilst some jobs will be lost, new ones will be created if employers take tangible steps now to upskill…
