Ahead of International Fraud Awareness Week (13-19th November), which brings together anti-fraud professionals and communities to discuss how far reaching the effects of fraud can be and how to mitigate the risks, IT security experts Wyatt, Managing Director, and John Cassey, Director at Protiviti, a global consultancy firm commented below. John Cassey, Director at Protiviti: “Fraud risk management can only be effective if those responsible for identifying fraud scenarios have a full understanding of the criminal mind.” “Organisations should have effective controls that are commensurate to potential fraud risks, regularly reviewed and updated as the company evolves and new risks are identified. The…
ISBuzz Team
Following the news about Wired UK’s on the addition of 2FA to WhatsApp, Shane Stevens, Director of Omni-Channel Identity and Trust Solutions, VASCO Data Security commented below. Shane Stevens, Director of Omni-Channel Identity and Trust Solutions at VASCO Data Security: “This is interesting and is becoming common practice in the marketplace, once an app has been targeted by fraudsters several times. It is a step in the right direction and one that more app developers should be doing, but they have unfortunately been trying to mirror others who were not successful in implementing 2FA. The “optional” feature activation is a major compromise in security here.…
Researchers have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. The researchers demonstrate attacking bulbs by drone or ground station. The demo attacks Philips Hue lightbulbs, the most popular smart lighting system in the market today. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:…
ESET researchers have discovered a link between the Tesco Bank breach and the Retefe malware. The Retefe trojan horse goes after users’ online banking credentials, which can be then misused to conduct fraudulent transactions. Thousands more could be at risk as there is quite a lengthy list of other banks located in many other countries in this malware’s crosshairs. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below. Jonathan Sander, VP of Product Strategy at Lieberman Software: “The Retefe malware, suspected as the main culprit in the Tesco attack, is a perfect example of the thorough, professional attacks hitting the…
Some employees at Yahoo were aware of a recently disclosed major hacking incident when it occurred in 2014, the company revealed in a Securities and Exchange filing yesterday. The Financial Times reported that an investigation has been launched, to look into the “scope of the knowledge within the company in 2014” regarding the breach, which was announced six weeks ago. IT security experts from NSFOCUS and Comparitech.com commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS: “From the recent keynote speeches in several cybersecurity conferences in the U.S., the audience learned that Yahoo had some serious internal cultural issues. According to the keynotes, the employees responsible…
Smart light bulbs may be the next big IoT attack vector and researchers have now created a proof-of-concept worm that can be used to spread across smart light bulbs, potentially infecting an entire network and opening them up to exploitation. IT security experts from the prpl Foundation and AlienVault commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “Zigbee was never intended to be a secure wireless technology, at least by current standards. The ability to remotely hijack a large number of electric loads (i.e. light bulbs) represents a real safety concern – due to the impact this kind of attack can…
Despite investment in cyber security, employees are still putting organisations at risk, according to new research from Databarracks A new study reveals that nearly two thirds (61 per cent) of IT decision makers believe their employees regularly circumvent company security policies. Despite the fact that over half of those surveyed have invested in safeguards to protect their businesses against cyber threats in the past 12 months, careless employee behaviour could be leaving many organisations exposed to risks. The findings are part of Databarracks’ sixth Data Health Check report, which surveyed over 350 IT decision makers in the UK. When asked…
Proofpoint researchers have analysed Microsoft Word Intruder (MWI), a kit designed for building malicious Microsoft Word documents for use in targeted attacks. The most recent iteration of MWI – Version 8 – supports a wide variety of vulnerabilities that actors can exploit via crafted Microsoft Word documents. IT Security Experts from Tripwire and AlienVault commented below, how this attack could be used and what individuals and organisations can do to protect themselves. Craig Young, Security Researcher at Tripwire: “Crafted Word documents are probably most often used in phishing campaigns to gain access to a victim’s computer by getting them to…
• Ten of the UK’s best amateur cyber sleuths are competing in a bid to make the UK 2016’s European cyber security champions • Team players are aged 16-27 and include school, college and university students as well as those who have just joined the cyber industry • The team is being coached and mentored by experts at BT and Cyber Security Challenge UK • The competition takes place in Dusseldorf this week London (UK). Ten of the UK’s best codebreakers are representing Britain in the 2016 European Cyber Security Challenge this week in Dusseldorf. Britain’s best cyber talent will…
Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the third quarter of 2015. According to the Kaspersky Security Network (KSN), 27,471 attempts to block access to corporate data were detected and repelled by Kaspersky Small Office Security in Q3 2016, compared to 3,224 similar attacks in the same period of 2015. Ransomware blocks all operations or encrypts critical business data until a ransom is paid. A successful ransomware attack usually leads to significant financial loss or even the shutdown of critical business processes, something which can have a significant impact on a small…