Security Researchers demonstrate ease of hacking into conference phones to listen in Criminals can gain a treasure trove of sensitive information by listening in to board meetings, suggest security researchers at Context Information Security, who have shown that some conference phone systems might be at risk from hackers. The Context team managed to gain root access and take full control of a Mitel MiVoice Conference and Video Phone (also known as the Mitel UC360), potentially enabling them to listen into meetings without alerting the room’s occupants, disable the mute button so that private discussions could be heard by everyone on a call and maintaining a remote backdoor into the network…
ISBuzz Team
It’s Monday morning. Your e-mail inbox icon lights up with a new message. It’s a note from your CEO, describing a procedural change and inviting you to open an attached Word document to view the details. You are relatively new to your job, and you are eager to make a good impression, so you quickly open the message and prepare to dutifully dive into the directions. I knew you would do this. I knew it two weeks ago, when I started researching your daily routine and getting to know your habits. I knew you would be quick to open the…
The seismic hole in business app development and why it’s business critical to close it People have embraced mobility because of the success and adoption of apps. It might sound like a bold and somewhat sweeping statement; however, research shows apps dominate with 90 per cent of time spent on mobile being on apps, supporting the important role apps play in our mobility revolution. App use is only going to increase, indeed Gartner predicted that more than 268 billion app downloads will generate $77 billion worth of revenue in 2017. However, while many people can reel off the consumer facing apps they use everyday…
Australian governments are trying to protect citizens by demanding that big businesses will soon be legally obliged to disclose details of affected individuals of any ‘eligible’ data breach. Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “The majority of the states in the US have already adopted similar laws, GDPR in the European Union and UK (despite Brexit) also implies strict data breach disclosure and notification guidelines. “The obligation to report a data breach is definitely useful to protect customers, however its enforcement and control are not obvious. Professional cybercriminals do their best to remain unseen, at…
Out of 62 new crypto ransomware families discovered by Kaspersky Lab researchers in 2016, at least 47 were developed by Russian-speaking cybercriminals. This is one of the findings of an overview of the Russian-speaking ransomware underground, conducted by Kaspersky Lab researchers. The review also found that small groups with limited capabilities are transforming into large criminal enterprises that have the resources and intent to attack private and corporate targets worldwide. Crypto ransomware – a type of malware which encrypts its victim’s files and demands a ransom in exchange for decryption – is one of the most dangerous types of malware…
Unit 42, Palo Alto Networks threat intelligence research arm, has reported a sample of a backdoor Trojan that targets individuals running macOS systems – believed to be used by the Sofacy group. The Trojan was discovered as part of ongoing research on Sofacy’s ‘Komplex’ Trojan, first identified by Unit 42 in September 2016. A new blog post explores how the Trojan, dubbed XAgentOSX by its authors, works and how it is being used by attackers. For more information, please see the blog here http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/ , and an extract of the blog is below. “During our continued research on Sofacy’s Komplex Trojan, we have found…
As a small-business owner, you’ve undoubtedly heard the statistics about your risk for a data breach. You know that you are a target for hackers, and you’ve done everything you can to keep your data safe. However, even if you have done everything right — established a firewall, installed antivirus and intrusion protection on your network, added encryption, set up backups, implemented strong password management and authentication policies, etc. — your network might not be as secure as you think it is. Unless you are using business-grade products to secure your network, you might be only partially protected. Business vs.…
ESET Ireland warns unwary users who fall for installing the malware might find their mobile devices held ransom or bank accounts emptied. ESET researchers discovered a dangerous new app targeting Android devices, that is capable of downloading and executing additional malware. Detected by ESET security software as Android/TrojanDownloader.Agent.JI, the trojan is distributed via compromised websites and masquerades as a Flash Player update. Following installation, the malware creates a fake ‘Saving Battery’ service in the Android system and urges the victim to grant it crucial permissions within Android’s Accessibility functions. If granted, these permissions – Monitor your actions, Retrieve window content and…
Following Chancellor, Philip Hammond’s speech on the increasing threat of cyber security and the need for UK businesses to “sharpen” their approaches, Neil Owen, Director at Robert Half Technology commented below. Neil Owen, Director at Robert Half Technology: “The number of cyber-attacks carried out against UK targets each month continues rising. Yet, our research shows that only every third CIO is confident that their teams have the skills to manage these threats. “This chronic shortage of skilled IT talent to fend of potential attacks comes down to two things – the evolution of cyber threats and the current skills shortage in cyber security. In…
Cybersecurity researchers have revealed the development of a new, custom form of ransomware targeting industrial systems (SCADA). The malware and subsequent attack on a simulated water treatment plant were designed to highlight how cyberattackers could disrupt key services which cater for our critical needs, such as energy providers, water management utilities, heating, ventilation and air conditioning (HVAC) systems or escalator controllers. IT security experts from NSFOCUS, AlienVault, ESET and Nozomi Networks commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS: “One of the greatest threats to SCADA implementations and the industrial control systems (ICS) they regulate, is the loss of view and loss of…
