Following the news that 20,000 Tesco Bank customers lost money as a result of “online criminal activity” on their accounts over the weekend, IT security experts from ZoneFox, Huntsman Security and ESET commented below. Jamie Graves, CEO at ZoneFox: While details are still emerging around the Tesco Bank attack, many suggestions are pointing towards the fact a third-party retail partner was compromised. What is worrying for Tesco is that the now infamous Target breach in 2013 followed a similar trend and of course resulted in record amounts of customer information being compromised. What is clear here is that the issue of…
ISBuzz Team
Following the news that IT systems are back up and running at Northern Lincolnshire and Goole Hospitals NHS Foundation Trust four days after its systems were shut down when a virus, which is suspected to be ransomware, was discovered, Spencer Young, RVP at Imperva commented below. Spencer Young, RVP at Imperva: “Ransomware works for the same reasons DDoS works: because people do not put the appropriate defences in place and ultimately, they pay. And since people are willing to pay, cybercriminals will continue to evolve their tools and strategies to enable themselves to target more with reduced effort. Most concerning in…
A new strain of android malware has been found targeting banking and social media apps. Reports suggest around 94 different banking apps are currently being targeted including Santander, American Express, and Paypal. The malware overlays the screen for these other apps, stealing the user’s credentials once activated. It’s also targeting a lot of common social media apps including Facebook, Twitter, Snapchat, LinkedIn, Instagram and more. Kevin Bocek, Chief Security Strategist at Venafi commented below. Kevin Bocek, Chief Security Strategist at Venafi: “Android malware masquerading as common banking and social media applications is nothing new. The trend in Android malware – as we’ve seen…
A cyber attack has knocked Liberia’s internet offline, as hackers targeted the nation’s infrastructure using the same method that shut down hundreds of the world’s most popular websites at the end of last month. Multiple attacks against Liberia’s internet infrastructure have intermittently taken the country’s websites offline over the course of a week. IT security experts from NSFOCUS and ESET commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS: “Researchers and analysts (like myself) have been warning organisations all over the world that this day would come, and now it’s here. Since the attacks on Spamhaus in early 2013 that exceeded 300Gbps, taking a country offline…
The following ransomware targets have been introduced by the ThreatSTOP Security Team. It is important to update policies to include these targets for immediate increased protection from the growing number of ransomware attacks. Ransomware has emerged as the “hot topic threat” of the security industry, and rightfully so. Ransomware, a malicious software type that holds your system and/or data ransom, has affected millions with an estimated cost of$1 billion in damages to date. The profitability of ransomware has made it very attractive to attackers, and they are getting creative by developing a multitude of new ransomware variants that constantly keep us on…
Karen Bradley MP, Secretary of State for Culture, Media and Sport (CMS), has confirmed that the UK will more than likely go ahead with implementing the EU GDPR in May 2018, which has been reinforced by Information Commissioner Elizabeth Denham. With this in mind, Christine Andrews, MD at DQM GRC commented below. Christine Andrews, MD at DQM GRC: “This might be the wakeup call needed for the 18.4% of organisations who admitted they will require 12-24 months to make the necessary changes the General Data Protection Regulation (GDPR) demands – but we’re not at all surprised by this news. The UK ICO…
A cyber attack has knocked Liberia’s internet offline, as hackers targeted the nation’s infrastructure using the same method that shut down hundreds of the world’s most popular websites at the end of last month. The attack, which is the same used to shut off sites including Netflix, eBay and Reddit, fuels fears that cyber criminals are practicing ways to sabotage the US’ internet when the country heads to the polls on November 8. Dave Larson, CTO and COO at Corero Network Security commented below. Dave Larson, CTO and COO at Corero Network Security: “DDoS is killing Internet service availability across the globe, and it is about time the ISP’s…
New research from US tech consultancy company CEB, says that employees pose a bigger threat than hackers even though companies are increasing technology investments to protect against external data breaches. IT security experts from Synopsys and Tripwire commented below. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys: “I do not find it surprising that employees violate data breach policies, because I have indeed been in the same situation. In one case, the IT department simply did not have any failure mode in place to compensate for instances where the policies caused a halt in workflow due to any of a number of reasons.…
Following the new research findings from tech consultancy firm CEB, which note that 90+% of employees violate breach prevention policies, IT security experts from Synopsys Software Integrity Group and Balabit commented below. Mike Ahmadi, CISSP, Global Director – Critical Systems Security at Synopsys Software Integrity Group: “I do not find it surprising that employees violate data breach policies, because I have indeed been in the same situation. In one case the IT department simply did not have any failure mode in place to compensate for instances where the policies caused a halt in workflow, due to any of a number of reasons. I was still expected to…
The internet has been recovering from high profile DDoS attacks on Friday that took down Dyn (the DNS provider to Reddit, Spotify, SoundCloud and a multitude of other sites). In the media, the blame for this attack has been firmly placed on IoT devices and as a supplier of connectivity to IoT and M2M devices, we are keen to share advice on how devices should be secured. The following methods and tactics have been developed from our experience and if used, should prevent the IoT devices from becoming infected with the Mirai malware. Beyond the altruism of protecting others (and yourself) from…