Following the reports that newer versions of Carbanak malware now use Google services to host command-and-control infrastructure to infect organizations and exfiltrate data (the Carbanak group has previously stolen more than $1 billion from banks around the world). IT security experts from Balabit, Lastline, CipherCloud and VASCO Data Security commented below. Balazs Scheidler, CTO and Co-founder at Balabit: “This is important, as a lot of anti malware software will use IP address reputation and threat intelligence to identify malicious traffic. Because this control technique uses the very same services as legitimate Google services, it would be difficult to include in a…
ISBuzz Team
If you’re a victim of ransomware, cybercriminals will encrypt your data and documents and demand a fee for them to unlock it. Once your data is locked, you face a tough choice: whether or not to pay. If you pay, will you really get your data back anyway? Here, we look at some tips on what to do if it happens to you. Who are you paying? Is there any way to really know if your bitcoin ransom – increasingly the currency of choice for cybercriminals – will go to the person with the digital keys? What if they come…
Researchers have discovered that the popular Samsung SmartCam cameras contain a critical and easy-to-use flaw, allowing hackers to gain full control of the smart home devices. This is not the first time that researchers have found issues with the product, with Samsung previously releasing patches but it appears the problem still remains. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “The Samsung SmartCam security failures are typical of ones that we see time and again in IoT; namely a lack of knowledge or expertise when it comes to embedded connected…
Millennials are set to outnumber baby boomers in the workplace this year for the first time. With a millennial workforce comes a demand for much more than a pay cheque. Flexibility is now a key differentiator when it comes to attracting new talent. However, with great flexibility comes great responsibility… and a massively increased cyber security risk. With this in mind, the following tips highlight how businesses in 2017 can navigate the murky waters created by a mobile workforce and mitigate the associated risks. Integrate your IDaaS with HR With organisations of all sizes increasingly turning to cloud-based technologies, incorporating…
Study Reveals Corporate Security Demands Outpace Available Talent at Alarming Rates CHICAGO. Trustwave and Osterman Research today released results of a new study on cybersecurity resource limitations that quantifies the challenges businesses face around recruitment of IT security talent, identification of the skills sets they require, the level of control they have over their IT security budgets, and other pertinent matters related to IT security management. The study reveals that corporate security demands still outpace the available talent at alarming rates. Based on an Osterman Research survey of 147 IT security decision makers and influencers, the study shows that a fast-moving confluence…
A software engineer is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service (DDoS) attack, an illegal act under federal law. IT security experts from DomainTools, Imperva and NSFOCUS IB commented below. Kyle Wilhoit, Senior Security Researcher at DomainTools: “Protestors across the globe continue to utilize denial of service and DDoS attacks to propagate their viewpoints and spread the concept of civil disobedience. In this situation, the White House likely has protections in place to help prevent simple page refresh denial of service attacks, so in order…
The proliferation of applications used in business today is integral to the way we generate and access information, whether via the cloud, mobile or laptop devices. A recent industry report revealed that network security continues to be better funded than application security, which has a dramatic impact on business performance. Meanwhile, accountability for the security of applications appears to be in a state of flux. In a survey by F5 Networks and The Ponemeon Institute, 56 percent of respondents believe accountability for application security is shifting from IT to the end user or application owner. With this in mind, who actually owns…
A newly-detected Gmail phishing attack sees criminals hack and then rifle through inboxes to target account owners’ contacts with thoroughly convincing fake emails. The new attack uses the file names of sent attachments and applies that name into new attachments that appear to be PDFs but are actually images that, when clicked, send victims to phishing pages. IT security experts from DomainTools, Lieberman Software, ESET, Agari and Proofpoint discuss below. Kyle Wilhoit, Senior Security Researcher at DomainTools: “This new attack against users with Gmail accounts is clever and dangerously successful. The fact that the attackers were seeking uniformity with Google’s infrastructure isn’t necessarily new-…
As 2017 approaches, the scale and sophistication of cyber-threats seems only destined to grow as criminals and state-backed groups learn how to exploit the weak-points in businesses and governmental organisations around the globe. If 2016 is anything to go by, unless enterprises change their approaches to cyber-security, 2017 will be another a year of successful ransomware attacks and data-breaches. For Glasswall, however, 2016 proved to be a year of forward momentum, with enterprises increasingly aware that our cyber-security solutions will protect them from the ever-growing threat of file-based malware attacks. Glasswall solutions are constantly being developed by our experts, aided…
IT security professionals in the European healthcare industry have a difficult job to do. Every day they face the seemingly impossible task of delivering on two opposing goals: enabling the connectivity and transparency that power digital healthcare, while maintaining strong barriers to protect data, devices and networks from data breaches and cyber-threats. This challenge is made even harder because digital healthcare allows ever more non-security trained medical staff to access and share confidential patient data. New security vulnerabilities are opening up all over the place and, if left unprotected, will quickly be seized on by cyber-attackers. The growing threat According…