Following the news that the WordPress has patched three security flaws – including an SQL injection problem, Paul Farrington, Manager, EMEA Solution Architects at Veracode commented below. Paul Farrington, Manager, EMEA Solution Architects at Veracode: “It is absolutely imperative that all users of WordPress 4.7.2 upgrade immediately to the new version. Despite having been around for over a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), both SQL injections and cross scripting vulnerabilities continue to expose enterprises to large-scale breaches and brand damage. The 2015 TalkTalk breach only serves as a reminder…
ISBuzz Team
Researchers have discovered that 31 models of the Netgear home router contain critical flaws that make them vulnerable to hackers. These latest vulnerabilities come only months after “Command Injection” based flaws were found in Netgear devices last year. IT security experts from the prpl Foundation and Lastline and Rapid7 commented below. Art Swift, President at the Prpl Foundation: “Once these devices have been compromised, especially routers, IoT hubs, and network gateways – due to the fact that they are very often on a local network – they represent a gateway to the network, and can be used to perform a series of attacks on…
As New Threat Actors and Vulnerabilities Emerge, NSFOCUS Provides the Most Complete Insight into Evolving Threats with Real-time, Actionable Intelligence LONDON, UK. NSFOCUS, a global provider of intelligent hybrid security solutions, today announced the launch of its Global Threat Intelligence platform. In the world of cyber attacks, 2016 may go on record as the worst year the enterprise has ever seen. With more than 18 million samples of known malware, the first DDoS attack exceeding 1 TBps, ransomware attacks using municipal and industrial IoT devices, and predictions of global annual cybercrime costs reaching $6 trillion by 2021, keeping pace with the evolving threat landscape is a daunting…
Following the news that during a Republican party retreat, US Senator John McCain warned that the US does not have a comprehensive plan to deal with cyberwarfare. Michael Patterson, CEO at Plixer International commented below. Michael Patterson, CEO at Plixer: “One of the biggest challenges is unequivocally knowing who is behind a specific cyber attack whether it is a country, state agency, private organization or hacker. Unfortunately, there is the need to overcome issues surrounding anonymity before a perpetrator can be identified. This is a foundational issue with Internet communications. Whether it is an attack on businesses, organizations, individuals or…
Following the news about a luxury lakeside hotel in the Austrian Alps, Romantik Seehotel Jägerwirt, recently paid a large ransom in Bitcoins, after its systems were attacked by a ransomware attack. It was initially reported that the attack had locked hotel guests in their bedrooms until the ransom was paid. However, the owner of the hotel Cristoph Brandstaetter, told Motherboard that, “This is totally wrong, it was just a normal cyber-attack and no guests were locked in.” Tim Erlin, Sr. Director, Product Management at Tripwire commented below. Tim Erlin, Sr. Director, Product Management at Tripwire: “Welcome to the Internet of Things. Connected…
Before the inauguration in Washington, hackers used ransomware to take down DC police surveillance cameras forcing the police to remove all the software and reinstall it on 123 cameras. While that was an arduous task, no ransom was paid. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “The less ransom that’s paid, the less profitable ransomware will be for the criminals involved. By now, it should be well understood that having functioning backups and a clear, efficient restore process are the best…
Scientists from China and the UK have published research that reveals how to break Android’s pattern lock system using videos of people entering their patterns. Craig Young, Principal Security Researcher at Tripwire commented below. Craig Young, Principal Security Researcher at Tripwire: “Password based authentication is the best option in terms of securing an Android device. It is important to remember that the lock screen pattern/pin/password is also used to derive the encryption keys for a device so it is definitely worth considering passwords for this reason as well. Complex passwords on a phone however are rather cum66bersome which is why…
According to recent reports online, see one here from the Register, the LeakedSource data breach aggregator and look-up service has been taken offline by what is thought to have been a police raid. The site uncovered a number of high-profile data leaks, including 85.2m records from Dailymotion, 32m Twitter accounts and 43m from Weebly, but had been widely criticised for disclosing account details rather than informing users directly. While no official statement has been made, a Pastebin post – lifted from this forum thread (login required) – made shortly after the takedown claims the site has been raided and all of its hosted data…
The new Thales Data Threat Report produced with The 451 Research codifies and questions enterprise security spending priorities. Among the key points: 26% of organizations responding experienced a breach in the last year and 30% say their organizations are very or extremely vulnerable; and organizations are spending on endpoint & network security. 451 analysts urges organizations to embrace newer security technologies. IT security experts from Balabit, STEALTHbits Technologies, CipherCloud, VASCO Data Security and Prevoty commented below. Sándor Bálint, Security Lead for Applied Data Science at Balabit: “It’s all too easy to chastise organizations for a perceived misalignment of security spending priorities – it is another thing to actually…
Unless you’ve been living under a rock, you’ve heard that Yahoo has been in serious hot water lately. Two isolated breaches, disclosed separately from one another but totaling an impact of almost 1.5 billion users has caused a major blow to the tech giant’s reputation; so much so that Yahoo’s sale to Verizon is now slated to close even later in the year. Given that it seems similar incidents are happening at an alarming rate, almost daily, the question should no longer be, “How can I avoid the breach?” but rather, “How can I protect myself and minimize the damage…
