A cybersecurity audit of the US Secret Service found unacceptable vulnerabilities that leave the possibility of insider-threat activity and privacy violations. According to this article, the Office of the Inspector General performed a cybersecurity audit after the Secret Service improperly accessed and disclosed information about Rep. Jason Chaffetz (R-Utah), chairman of the House Committee on Oversight and Government Reform, which monitors U.S. Secret Service (USSS) operations. A number of weaknesses were found, including inadequate system security plans (SSP), systems with expired authorities to operate, inadequate access and audit controls, noncompliance with logical access requirements, inadequate privacy protections and over-retention of records. Stephen Gates, chief research…
ISBuzz Team
Online hookup website “Adult FriendFinder” might have been hacked—again. The alleged hacker boasted on Twitter posting two screenshots that appeared to show he had access to some portion of the website’s infrastructure. Administrators for LeakedSource say what they’ve amassed so far from FriendFinder Networks Inc., easily surpasses 100 million records. IT security experts from Redscan, ESET and AlienVault commented below. Leon Pinkney, SOC Services Director at Redscan: “Despite the many unanswered questions surrounding the reported attack, businesses have an obligation to treat every threat seriously. While it’s not currently known what data the attacker may or may not have retrieved, Adult FriendFinder…
About 15 percent of all home routers are unsecure, according to a study recently released by ESET. ESET took a look at home 12,000 routers and found that 15 percent had weak passwords with the default ‘admin’ being the username. Craig Young, Security Researcher at Tripwire: “Frankly ESET’s numbers are strikingly low compared to what I’d expect to find. One of the figures for example was that 7% of the devices had medium or high risk vulnerabilities but per our own (Tripwire VERT) study, it was closer to 3/4ths of the top selling routers on Amazon US that had serious vulnerabilities with…
Over 3.2 Million debit cards issued by State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank may be compromised, The Economic Times is reporting, as a result of malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information enabling the theft of funds. Hitachi provides ATM, point of sale (PoS) and other services. Julien Bellanger, Co-Founder and CEO at Prevoty commented below. Julien Bellanger, Co-Founder and CEO at Prevoty: “To find the pot of gold at the end of the rainbow, hackers have to follow the money and find the weakest entry point point in the…
Following the news that website creator Weebly acknowledged a data breach earlier this year that has potentially affected more than 4.4 million customers, Deepak Patel, director of security strategy for Imperva commented below. Deepak Patel, Director of Security Strategy at Imperva: “The ease of getting millions of stolen credentials, with the fact that users will always continue to reuse passwords simply because they are human, makes brute force attacks more effective than ever and forces application providers to take proper measures to protect their users. As we see again in this case, data from breaches is hot merchandise on both…
Avi Rosen, CEO and co-founder of Kaymera Technologies explains why the way we protect mobile devices is broken, and how it can be fixed We’re all familiar with the cartoon image of a character stopping a water leak by plugging a finger into the hole, only for another leak to start, needing another finger, and so on, until the character is soaked by a wave of water. It’s a little like the current, fragmented state of mobile security – the range of threats is growing fast, outpacing current security measures. Also, the devices themselves have inherent vulnerabilities that can be…
Tests show that software vulnerabilities and weak passwords are common in home routers. ESET introduced a new feature to a Beta version of its security software, called Home Network Protection. This feature has enabled users to scan their home routers for vulnerabilities, malicious configurations, exploitable network services and weak passwords. Since the release of the Beta in April, ESET has tested more than 12,000 routers of users who agreed to share their data anonymously with ESET for statistical purposes. The analysis shows that almost 7% of the routers tested demonstrated software vulnerabilities of high or medium severity. Port scanning revealed that…
Following the new about a piece of research from Sucuri, which revealed that hackers are hiding stolen payment card data inside website product images, Mark James, security specialist at ESET commented below. Mark James, Security Specialist at ESET: “Attacks that are capable of returning an immediate gain like credit cards or financial information are always on the rise. The ability to see the fruits of your labours encourage new and better ways to hack those sites that hold this valuable information. Once stolen its fairly easy to identify credit card numbers in plain text files, they are fairly unique in their…
This morning, it has been announced that major high street banks have failed to adopt “two-factor” security steps that could protect customers from scams. Which? found that only five out of the 11 providers it tested offered this kind of login for online banking and that banks could be doing more to prevent fraud. Nick Brown, managing director at global identity data intelligence specialists GBG commented below. Nick Brown, Managing Director at Global Identity Data Intelligence Specialists GBG: “The internet and online banking has only made fraud easier – and you cannot deny bank fraud is a booming business. Individual’s identity details are so much more…
Online hookup website “Adult FriendFinder” might have been hacked—again. On Tuesday evening, a hacker known as Revolver or 1×0123 claimed to have breached into the service, posting two screenshots that appeared to show he had access to some portion of the website’s infrastructure. Mark James, Security Specialist at ESET commented below whether this is genuine, if the hacker can be caught more easily due to his gloating and provides advice for the company and its users. Mark James, Security Specialist at ESET: “With so much data surfacing from data breaches it’s a real possibility this new database exists, whether its actual data from a current hack…