Reports this week are claiming that the Mirai IoT malware has now infected almost half a million IoT devices, more than doubling the size of the original Mirai botnet. The news that the source code for the IoT botnet had been released broke earlier this month, and, as many predicted, the source code has been used by criminals to create their own versions of the malware and are infecting new devices. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “The new data confirms the importance of securing IoT devices to prevent massive…
ISBuzz Team
In terms of business risks, data breaches and cyber-crime in general are quickly marching up the list of priorities for companies around the world. For businesses at the enterprise level, this concern is manifesting itself in the increasing pressure they are forcing on their suppliers to prove they are practicing due diligence when it comes to keeping their systems safe. This proposition can pose a significant challenge for many supply chain partners. CTOs, for example, may be asked to submit an outline of the cyber security practices their company has in place before a partnership is finalised. The companies whose…
A study by the University of California, Irvine (UCI) called Don’t Skype & Type! (PDF) found that typing done during a video call using Skype, for example, could be recorded and translated from sound into text. This could prove handy for people with nefarious things on their mind. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “We have seen similar types of attacks both physical and digital in the past, it’s why security key codes are tone neutral. It’s why we should consider how clean or dirty our keyboards are, but we need to put this into…
ThreatConnect identifies Chinese targeting of two European drone and energy companies. Economic espionage or military intelligence? It was the best of times; it was the worst of times. While Russian advanced persistent threat (APT) activity against the US and other international organizations has dominated the headlines recently, Chinese APT actors have been active outside the limelight. In June 2016, Chinese APT actors were discovered using a customized implant within the network of a European consumer electronics company that specializes in drone technologies and a U.S. subsidiary of a French energy management company that builds infrastructure for the U.S. government and the Department…
Following the news that Sierra Wireless AirLink Gateways are vulnerable to the Mirai DDoS botnet, of which source code has been made public, IT security experts from Corero Network Security and Tripwire commented below. Sean Newman, Director at Corero Network Security: “It’s kind of understandable that passwords protecting the majority of network enabled consumer devices get left at their factory defaults, as end-users often lack the awareness or confidence to change them – in these cases, manufacturers need to start taking more proactive measures to help ensure users are aware and making it simple for them to update passwords without fear of…
According to a new report, tens of millions of people don’t have passcodes set on their Smartphones. The TransUnion® survey polled 1,263 consumers ages 18 and older about their experiences with and perceptions of cyber threats in anticipation of National Cyber Security Awareness Month in October. Despite increasing fear, nearly half of respondents don’t take common protective measures, such as locking their phone with a password (45 percent) and changing their passwords frequently (51 percent). Robert Capps, VP of business development at NuData Security commented below. Robert Capps, VP of Business Development at NuData Security: “The survey brings out some fascinating data, particularly that “despite the increasing fear,…
As much as we try to instill good email habits in the workplace, one slipup can lead to a security breach causing confidential information to get in the wrong hands. It’s one thing to email the wrong colleague a link to your favorite YouTube video, but it’s another thing to inadvertently share W-2 forms, company credit card information, or discover you’ve been caught by a phishing scam. One fatal click on “Send” can result in the loss of thousands or millions of dollars for a company. To err is human, but to identify red flags and understand how to avoid common email mistakes in the workplace is divine. 1) Getting…
Brian Krebs has explained how an overlay skimmer equipped with Bluetooth technology allows thieves to snarf swiped card data and PINs wirelessly using nothing more than a mobile phone. Lamar Bailey, Sr. Director, Security R&D at Tripwire commented below. Lamar Bailey, Sr. Director, Security R&D at Tripwire: The idea of a Bluetooth skimmer is neat but it has Pros and Cons. “Cons: Effective Bluetooth range is around 30ft and in a retail setting with lots of interference it is likely much shorter. Given the range the criminal would have to stand around to collect the data, they would be very suspicious for any security…
Many mobile games can access sensitive functions and data on employer-issued devices including SMS, social networking, location services & tracking and calendar access Maidenhead, U.K. Augmented reality, fueled most recently by the Pokémon GO sensation, and virtual reality gaming opportunities are beginning to really open up on mobile platforms. According to IDC, the number of smartphone and tablet gamers should increase to more than 1.9 billion in 2020. Millions of mobile device users are predicted to play these types of games within a few years, and the workplace is not immune. According to a new report, “It’s Not All Fun and Games: A…
Following the news that Britain’s banks are supposedly not reporting the full extent of cyber attacks to regulators for fear of punishment or bad publicity, Mark James, security specialist at ESET commented below. Mark James, Security Specialist at ESET: “Financial organisations suffer cyberattacks on a daily basis and it stands to reason that if hackers do what they do to make money, then why not target the source? Reporting every one of those attempts would indeed clog systems with lots of unnecessary information and I’m sure there will be a lot that never makes the light of day. However, the…