The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them. The vulnerability was discovered by researchers from the hacking collective the Exploiteers (formerly GTVHacker), who have found vulnerabilities in the Samsung SmartCam devices in the past. IT security experts from Tripwire and AlienVault commented below. Craig Young, security researcher at Tripwire: “While this flaw by default would not directly allow attacks from the Internet suitable for something like Mirai, it would be pretty trivial to use CSRF to infect devices on home networks.…
ISBuzz Team
While the speed in which manufacturers create and release new technology grows exponentially with each passing year, the security of these devices has failed to keep up. As a manufacturer, are you constantly testing your devices to make sure that you not only know what vulnerabilities exist but also how to patch them? As a customer, do you believe that your device is as secure as possible? Here are 5 rules manufacturers should follow to keep consumers safe in the world of the Internet of Things: Scan, Test, Patch Repeat– You wouldn’t send out a new smart phone without making…
Following the news about the high street stores, that have ended the year on a high, with an increase of 0.8% during December, as compared to the same period last year. British Retail Consortium CEO Helen Dickinson also noted that Ecommerce accounted for nearly a quarter of all purchases in December, suggesting that online shopping is more popular than ever. Anil Gandharve, the Associate Vice President of digital transformation company Mindtree commented below. Anil Gandharve, Associate Vice President at Mindtree: “The news that high street footfall rose by 0.8% compared with last year will come as a welcome boost to retailers amidst a challenging…
Following the news that the Barts Health Trust has been hit by hackers, Jonathan Martin, EMEA Operations Director at Anomali commented below. Jonathan Martin, EMEA Operations Director at Anomali: “Unfortunately this type of attack is not losing prevalence. Luckily, on this occasion the trust did not have to pay any ransom, yet having to cancel 2,800 patient appointments across a 48 hour period is damaging to the NHS’s already weak reputation. When dealing with sensitive data, companies are at greater risk than most and therefore have a greater responsibility to ensure these types of attacks are mitigated. Organisations, particularly those…
Significant decrease in Locky infections in December 2016 causes the ransomware to drop out of the top 10 malware families globally, for the first time since June 2016. SAN CARLOS, CA. Check Point® Software Technologies Ltd. (NASDAQ: CHKP) has revealed that Locky ransomware attacks have dramatically decreased during December 2016. These findings are part of Check Point’s monthly Global Threat Index, a ranking of the most prevalent malware families attacking organizations’ network. Locky, which uses massive spam campaigns as a major distribution vector, only surfaced in 2016 but has rapidly become one of the most popular tools for cybercriminals, part…
McDonald’s website is insecure and could lead to passwords being stolen, according to Dutch software engineer Tijme Gommers. The attack, reported on Gommers’ blog, is possible thanks to an Angular expression injection vuln present in mcdonalds.com and could be used to steal and ship logins to attackers along with account information should users follow links. IT security experts from Tripwire, AlienVault, Lieberman Software, ESET, Prevoty and VASCO Data Security commented below. Tim Erlin, Sr. Director, Product Management at Tripwire: “It’s easy to see why financial information like credit card or bank account details are valuable to criminals, but simple personal information can be a target…
Following the news that there are more cyber attacks in north Wales than street crime, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “It’s no surprise to see reports of cybercrime overtake street crime. As with markets generally, investment tends to flow into areas where it will be most productive, and crime is no different. With so much financial activity moving online, criminals have capitalised on this by moving their activity into the cyber world. While this specific report relates to the North Wales region, this is worldwide trend. “The…
With consumers’ personal data being compromised on a near daily basis, it is unsurprising that the EU is preparing to get tough on businesses that do not protect their customers. The result is that as of May 2018 any company handling the data of EU citizens must comply with EU General Data Protection Regulation, which demands that companies collecting, using and storing personal data must have adequate protections and controls in place. However, despite it being more than 12 months before the regulation comes into play, companies are already being urged to ready themselves. Indeed, there has been a huge…
“The UK government’s call to digitise tax returns by April 2018 has faced backlash as MPs warn that the plans are being rushed through without proper preparation taking place. Improper implementation of this system will inevitably cause errors in the submissions process, which may create chaos in our tax system. HMRC tend to have weak systems in place even for systems in place for many years. Therefore a rushed system developed by HMRC will cause taxpayers, companies and HMRC lots of issues.” “A survey recently found that in the last two years, 19% of those who filled in a self-assessment tax…
Multple outlets such as HelpNetSecurity blog are reporting that a New Gmail Phishing Technique Fools Even Tech-Savvy Users. An effective new phishing attack is hitting Gmail users and tricking many into inputing their Gmail credentials into a fake login page. How the attack unfolds: The phishers start by compromising a Gmail account, then they rifle through the emails the user has recently received. After finding one with an attachment, they create an image (screenshot) of it and include it in a reply to the sender… to invoke recognition and automatic trust. IT security experts from Balabit, Lastline, Prevalent, VASCO Data Security and NuData…