A new Abobe Flash patch that has just been released, Amol Sarwate, Director of Vulnerability at Qualys commented below. Amol Sarwate, Director of Vulnerability at Qualys: “Adobe released APSB16-36 today to fix one 0-day vulnerability in Flash for a critical security flaw. The release is an emergency fix after the vulnerability was discovered in a range of active attacks. All platforms including Windows, Macintosh, Linux and Chrome OS are affected. The vulnerability (CVE-2016-7855) is triggered when the victim views malicious Adobe Flash content. Users can end up exposed to Flash by clicking on bad links from e-mails, viewing adverts that include Flash on websites and blogs, on…
ISBuzz Team
Staff are a significant risk to their employer’s cyber security according to research by specialist global executive search and interim management company Norrie Johnston Recruitment (NJR). The research, which forms part of NJR’s cyber security report: how real is the threat and how can you reduce your risk, shows that 23 per cent of employees use the same password for different work applications and 17 per cent write down their passwords, 16 per cent work while connected to public wifi networks and 15 per cent access social media sites on their work PCs. Such bad habits and a lack of awareness about security mean…
A new Zero-day distributed denial of service attack (DDoS) technique has been found in the wild that is able to amplify malicious traffic by as much as 55x. Ofer Maor, Director of Security Strategy at Synopsys commented below. Ofer Maor, Director of Security Strategy at Synopsys: “This vulnerability is another example of how developers often do not comprehend the security implications of implementation decisions they make for certain extreme cases. It appears that in this case, the response to an unintended exception results in returning substantial amounts of data. Naturally this can be used by attackers to make DDoS attacks…
Previously only available to nation-states, it’s no secret that ransomware is now affecting everyone from consumers to hospitals to enterprises. In honor of National Cybersecurity Awareness Month, I have pulled together a comprehensive overview on the threat, based on my years of studying cyberwar—plus new findings from the Comodo Threat Research Labs. It’s time to arm you with the knowledge you need to recognize and prevent these attack methods from affecting you or your business. What is Ransomware? Ransomware is a “cryptovirology” attack. It can devastate individuals and organizations by locking up or encrypting their proprietary data in a denial-of-access…
Citrix announced new research which revealed that an average of £27,818 is now spent by many local authorities on health and safety training. This is considerably more than the amount being committed to data protection and IT security training – just £3,378 per local authority. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “Sadly investing in IT security usually falls quite low in the spending list for most local authorities. The consequences for failures in IT Sec are significantly lower than other areas with no clear guidelines on what constitutes a failure. If you back that up with…
Following the news about Imperva Stats On Dyn DDoS Attack Size, Ofer Gayer, product manager at Imperva for the Incapsula product line commented below. Ofer Gayer, Product Manager at Imperva for the Incapsula product line: “There is still quite a bit of speculation swirling on the size of the DDoS attack on Dyn last Friday. We know there were 100,000 Mirai botnet nodes – which is not especially large in our experience. So, in our estimation, there are two likely causes. The attack may have been a high-volume attack – over 500 million packets per second – that overwhelmed the Dyn…
United States- Internal Revenue Service (IRS) The caller pretends to be with the IRS and demands money for unpaid taxes or will trick the recipient into sharing private information. Hong Kong- Immigration and Customs Scammers are posing as immigration officers to trick new Hong Kong residents from the mainland. Victims are accused of being involved in the manufacture and sales of fake passports. Brazil – Extortion/Kidnapping These scammers tend to be prison inmates who call random phone numbers and demand payment for the return of a “kidnapped” family member or friend. United Kingdom- Accident Claim Scammers pretend to be from an…
A new social media phishing scam campaign has been identified by security researchers at Proofpoint, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “Cyber criminals often come up with new and different ways to trick the unsuspecting user into releasing their private information. As trends move this way the easiest victim is the one expecting to receive a response. If you target someone…
Following the news that Vodafone’s £4.6m fine following IT issues linked to its new billing system, Kevin Cunningham, Director at SQS, software quality specialists commented below. Kevin Cunningham, Director at SQS: “Today’s news that regulator Ofcom has fined Vodafone £4.6m after IT issues linked to its new billing system led to a “serious” breach of customer protection rules, has brought to life the impact that insufficient software assurance can have on an organisation’s bottom line and brand. It could have been avoided. Vodafone’s IT issues cost its customers £150,000 over a 17-month period. Vodafone’s “failure to address these problems” has not only led to…
Dr Bernard Parsons, CEO at Becrypt, looks closer into how every organisation can prepare, prevent and even learn cyber threats using Digital Forensics. The significance of activities such as Incident Response planning and Digital Forensics may for many seem only relevant for organisations that work in the most security conscious sectors. However, I believe that a rounded appreciation of good cybersecurity practices is valuable, if not critical, for all organisations. It is important that, in any size or type of organisation, if a security incident should occur, those charged with responding and investigating are prepared to follow a structured, effective and…