Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - Archives for ISBuzz Team - Page 717

ISBuzz Team

ISBuzz Team
  • Website

Cloudflare User Data Leak (Uber, OKCupid, Fitbit User Data Compromised)

ISBuzz TeamFebruary 28, 20172 Mins Read

As reported by several news organizations, several major consumer-facing organizations – including Uber, Fitbit, 1Password and OKCupid – were impacted by a ‘memory leak’ vulerability suffered by Cloudflare – a content delivery network and Internet security services provider.  IT security experts from Prevoty and CipherCloud commented below. Kunal Anand, CTO and Co-Founder at Prevoty: “I’ve been following this very closely since it started percolating through various channels. Some folks are calling this “CloudBleed” – the high level story is that there was a software bug that caused sensitive information to be leaked. Unlike typical sensitive information disclosure, this one is a little different…

Read More

World’s Largest Spam Botnet Adds DDoS Feature

ISBuzz TeamFebruary 27, 20172 Mins Read

Following the news that Necurs, the world’s largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. Ben Herzberg, Security Research Group Manager at Imperva Incapsula commented below.  Ben Herzberg, Security Research Group Manager at Imperva Incapsula: “It is interesting that Necurs added a DDoS feature, but I wouldn’t be too alarmed. Currently, IoT devices are easy prey for DDoS BotNets. At Imperva, we are seeing attempts to use IoT BotNets for things such as credential stuffing and other automated attacks, not just…

Read More

Underestimating The Attack Severity In The Krebs Altair Breach Notification Story

ISBuzz TeamFebruary 27, 20171 Min Read

Krebs on Security recently reported on the suppression of a particularly insidious breach at Altair Technologies, but an even bigger story may be the impressive efficiency of this attack. Jeff Hill, Director, Product Management at Prevalent, Inc commented below. Jeff Hill, Director, Product Management at Prevalent, Inc: “Ironically, Altair’s awkward attempt to cover up or otherwise downplay the significance of their breach successfully masks both the serious nature of the episode, and the brilliance of this attack vector.  The attackers successfully penetrated a single organization, and then navigated to the update server, an ingenious technique to propagate malware to dozens of high-profile…

Read More

Security Lapse That Exposed Critical Servers At A NYC Airport

ISBuzz TeamFebruary 27, 20171 Min Read

Security researchers have found a security lapse at Stewart International Airport that exposed server backups to the Internet for more than a year. The backups contained sensitive information including one file with a list of usernames and passwords for various devices and systems, allowing full access to the airport’s internal network. The drive was installed by a third-party IT contractor. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “After uncovering an exposed backup system, it is often a good idea to review historical traffic patterns headed to the Internet from the server at risk.  This allows…

Read More

World’s Largest Spam Botnet Now Has DDoS Capabilities

ISBuzz TeamFebruary 27, 20172 Mins Read

A new module has been added to Necurs, the world’s largest spam botnet, and can be used for launching DDoS attacks. The news comes from security researchers who believe the capability was added almost six months ago, and despite a Necurs yet to be attributed to a DDoS attack, if it did decide to use its bots for such an attack, the scale would be larger than anything we have seen before. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB: “When observing the common motivations for DDoS attacks,…

Read More

Most Attackers Need Less Than 12 Hours To Break In

ISBuzz TeamFebruary 27, 20172 Mins Read

A Nuix study of DEFCON pen testers shows that the usual security controls are of little use against a determined intruder. Lamar Bailey, Sr. Director, Security R&D at Tripwire points out the weaknesses of the research. Lamar Bailey, Sr. Director, Security R&D at Tripwire: “Pentesters are a valuable resource to evaluate the security stance of an application, system, or network. However, it is worth noting that this survey only asked people who are paid to break into systems and get hired based on how good they are, so of course they are going to brag and probably stretch the truth some. All their engagements are under…

Read More

Malicious Weather App Found On Google Play

ISBuzz TeamFebruary 27, 20172 Mins Read

ESET research finds Android users were the target of new banking malware with screen locking capabilities, which was disguised as a weather forecast app on Google Play.  ESET researchers discovered new variant of botnet-forming Android banking malware, detected by ESET asTrojan.Android/Spy.Banker.HU, based on source code made public a couple of months ago.  Their investigation leads to a running C&C server and looks under the lid of an active Android botnet. The new Android banking malware ESET recently discovered on Google Play was spotted in the wild again, now improved and targeting more banks. Further investigation of this resurfacing threat has uncovered its…

Read More

Phishing Getting More Professional To Steal Victims’ Money

ISBuzz TeamFebruary 26, 20171 Min Read

A new report released by Kaspersky found that almost half of all phishing attacks registered by its lab were targeting victims’ money with phishing pages which looked exactly like legitimate banking services. Robert Capps, VP of Business Development at NuData Security commented below. Robert Capps, VP of Business Development at NuData Security: “It’s not much of a surprise that Phishing is still a valid concern for cyber security professionals. The Internet is awash in stolen consumer data ripe for malicious use providing fertile soil in which fraudsters can grow innovative attacks using purloined black-market data. Victims of stolen data are…

Read More

Google Collision Attack Cracks SHA-1 Algorithm

ISBuzz TeamFebruary 26, 20173 Mins Read

Google researchers have managed achieve a collision attack for SHA-1, creating two PDF files with the same signature. The weakness of SHA-1 has been known about for some time but this demonstrates that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible. There are more details on Google’s blog here. IT security experts from Venafi and Rapid7 commented below. Kevin Bocek, Chief Cybersecurity Strategist at Venafi: “Google’s announcement just confirms what we already know – SHA-1 is simply not secure. This is no longer science fiction. Unfortunately, despite the dangers, organisations are just not reacting. The time to eradicate…

Read More

Robots On The Internet: How To Talk To Your Gran About Botnets

ISBuzz TeamFebruary 26, 20174 Mins Read

As with most depictions of mechanical folk in science fiction, robots on the internet can be good or evil, helping the various functions of the web along or working to bring it down. According to security firm Incapsula, the proportion of both good and bad bots to humans on the internet grew in 2016, with robotic users constituting 51.8% of all traffic online. As that number increases, bots’ fame or notoriety grows and they start to become part of the public consciousness. For instance, a bot called Mirai shut down part of the internet in 2016. Even if a user is…

Read More
Previous 1 … 715 716 717 718 719 … 1,258 Next
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}