Almost three million Android phones are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said. Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. IT security experts from Tripwire commented below. Tim Erlin, Senior Director of Product Management at Tripwire: “This certainly isn’t the first time that a tool intended for support or developers resulted in a security flaw in the shipping product. As an industry, we need to continuously learn and…
ISBuzz Team
The House of Lords has passed the Investigatory Powers Bill, putting the huge spying powers on their way to becoming law within weeks. The bill forces internet companies to keep records on their users for up to a year, and allows the Government to force companies to hack into or break things they’ve sold so they can be spied on. IT security experts from ESET, Comparitech.com, Lieberman Software and Blancco Technology Group commented below. Mark James, Security Specialist at ESET: “For me one of the biggest concerns here is the wealth of data that is being harvested by the internet companies…
The number of financial phishing attacks is expected to rise during the Holiday season, which starts unofficially on so-called Black Friday, and continues through Cyber Monday and Christmas. Retrospective research by Kaspersky Lab specialists shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year. A peak season for sales is obviously also a peak hunting season for criminals. In fact, some £5 billion of transactions are predicted over that period – five times higher than 2015. Retailers offer lots of hard-to-resist deals as…
The House of Lords has passed the Investigatory Powers Bill, putting the huge spying powers on their way to becoming law within weeks. The bill forces internet companies to keep records on their users for up to a year, and allows the Government to force companies to hack into or break things they’ve sold so they can be spied on. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below. Jonathan Sander, VP of Product Strategy at Lieberman Software: “The Investigatory Powers Bill demonstrates yet again that law – and law makers – have an extremely difficult time keeping up…
Look at the biggest data breaches of 2016 and a common theme emerges: pile it high, sell it cheap. The hacking stories of the year involved tens of millions of stolen user accounts from the likes of LinkedIn, Yahoo, Tumblr and Twitter. But when those stolen accounts appeared for sale on the Dark Web, they were sold in bulk for a few thousand dollars a time – typically $100 for 100,000 user credentials. There is a clear lesson for businesses. Don’t expect to lose one or two confidential files. When a data breach happens, expect a full-blown smash and grab…
Qualcomm has recently announced its new Vulnerability Rewards Program, where it is offering £12,000 ($15,000) to anyone able to spot bugs in its modems and processors. The news comes off the back of the DEF CON conference in August where four vulnerabilities were revealed for the company’s chipsets. Mike Ahmadi, Global Director – Critical Security Systems at Synopsys: “Chipmakers build chips based on customer needs and specifications, which are mostly driven by features and cost. Most of the better chipmakers build decent quality hardware-based secure chips, which meet or exceed Common Criteria EAL4 or FIPS 140-2 Level 3 requirements for secure hardware,…
Following the news that there have been reports of a new Facebook scam detected by security researchers over the weekend, Fraser Kyne, EMEA CTO Bromium commented below. The campaign works by hijacking users’ Facebook accounts and then sending all their contacts an image file over Messenger, so can very easily snowball if even just a handful of victims fall into the trap. Even more worryingly, the security researchers said they have seen it being used to spread Nemucod malware installer and Locky ransomware to victims. Fraser Kyne, EMEA CTO at Bromium: “This looks like a relatively unsophisticated phishing campaign; the hackers…
John Christly, CISO, Netsurion, a provider of remotely-managed security services for multi-location businesses and subsidiary EventTracker, a security information and event management (SIEM) As Brian Krebs reported, “It remains unclear whether Republicans and Democrats can patch things up after a bruising and divisive election, but thanks to a special Election Day Patch Tuesday hundreds of millions of Adobe and Microsoft users have some more immediate patching to do.” His article goes on to state how the regularly scheduled round of patches from Microsoft fell on election day this year, and this leaves us wondering if system administrators will remember that patching their systems is…
We’ve all seen the headlines: ransomware – not software – is eating the world (sorry Marc Andreesen). Companies are losing millions of dollars because sensitive information is being encrypted by hackers who have penetrated porous IT defenses. It’s frustrating, it’s maddening and happening to companies of all shapes and sizes. What can be done? To effectively prevent ransomware from hurting their business, security professionals must first understand how these attacks take place. After all, Sun Tzu said, “If you know the enemy and yourself, you need not fear the results of a hundred battles.” Here are some insights into how…
One of Britain’s biggest mobile phone companies, Three, has admitted to a major cyber-security breach which could have exposed six million customers’ personal data at risk. Three Mobile admitted that hackers have successfully accessed its customer upgrade database after using an employee login. IT security experts from Ping Identity, NSFOCUS, Security Company Centrify, Alert Logic, Lieberman Software, Redscan, Informatica, Intercede, ESET, Certes Networks, RES, Verizon, WhiteHat Security, Barracuda Networks, ForgeRock, ZoneFox, Glasswall Solutions, Post-Quantum, Vectra Networks, WinMagic and Ipswitch commented below. Hans Zandbelt, Senior Technical Architect at Ping Identity: “Another high-profile data breach such as this reminds us that our identities are…