More than 2,500 victims were able to decrypt their data, with more than one million dollars already saved, thanks to the global initiative Just three months after the successful launch of the No More Ransom project, law enforcement agencies from a further 13 countries have signed up to fight ransomware together with the private sector. The new members are: the United Kingdom, Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain and Switzerland. Further law enforcement agencies and private sector organisations are expected to join the programme in the coming months. Their collaboration will result in more…
ISBuzz Team
Following the news about the report in the Register, that the Owlet wi-fi baby heart monitor was demonstrated to have possibly the “worst IoT security of 2016” by security researcher Jonathan Zdziarski. Cesare Garlati, chief security strategist for the prpl Foundation commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “This latest case is another example of how devices with the best of intentions, such as alerting parents when their babies experience heart troubles, can turn dangerous if taken advantage of by a sinister party. Sadly, this is more often than not in the case of embedded computing within…
Did you catch that chill in the air? It’s October, and as the leaves turn orange and the cats turn black, we all know that we’re about to be visited by the 3 C’s. That’s right–Costumes, Candy, and Cybersecurity (awareness month). OK, I cheated a little bit on the 3rd C, but here’s what isn’t funny this fall: there are plenty of verifiably ghoulish things floating around in cyberspace, and we all would do well to take a look at a few of them–and how to bust these particular ghosts. Fantoms: No, my spellcheck didn’t die of fright. There is…
Last week Sierra Wireless warned that some of its wireless gateway devices might be vulnerable to the Mirai botnet: NCCIC/ICS-CERT received a technical bulletin from the Sierra Wireless company, outlining mitigations to secure Airlink Cellular Gateway devices affected by (or at risk of) the “Mirai” malware. While the Sierra Wireless devices are not being targeted by the malware, unchanged default factory credentials, which are publicly available, could allow the devices to be compromised. Additionally, a lower security posture could lead to the device being used in Distributed Denial of Service (DDoS) attacks against Internet web sites. IT security experts from Imperva and…
Following the news that over 5,900 e-commerce sites have fallen victim to malware that skims victims’ credit card details online, Paul Farrington, manager of EMEA solution architects at information security specialist Veracode commented below. Paul explores: How hackers are targeting small firms who do not have access to the necessary resources to determine whether the site is secure, nor are staying on top of the need to patch their software Who to blame? Is it the fault of open source-community, retailers, hosting providers or even government? What can we do? Calling on the government to do more in the area to instigate consequences…
Following the news that fears of a campaign of cyber attacks on leading airlines have grown after a “systems issue” delayed dozens of United Airlines flights worldwide, Mark James, security specialist at ESET commented below. Mark James, Security Specialist at ESET: Could these system issues potentially be the result of a cyberattack? “Typically these systems are well established, well used and some have been around for a while, that’s not to say they are not safe, but like any software the potential for compromise is there and should certainly not be ignored. However, waving the cyberattack flag just because systems are…
High-end fashion retailer, Vera Bradley, has reported that its point of sale system in its stores suffered a security breach, possibly compromising payment cards used to make purchases. IT security experts from Cryptzone and ESET commented below. Leo Taddeo, Chief Security Officer at Cryptzone: “Cybercriminals have an insatiable thirst for credit card data and they’ll stop at nothing to get it. POS data breaches continue to generate enormous illicit profits for cybercriminals, making it essential for retailers to deploy several layers of defences. Legacy perimeter defences should be replaced with more flexible software defined perimeter (SDP) solutions. “The SDP architecture allows enterprises to isolate critical systems…
Following the news about the Hackers Test Stolen Emails W/IoT Devices (stories The WSJ, PYMNTS, Krebs on Security), Rod Schultz, IT security experts from Rubicon Labs and STEALTHbits commented below. Rod Schultz, VP of Product at Rubicon Labs: “Experts may have known about vulnerabilities in the networking protocols that were exploited for over 10 years, but the world has understood the dangers of a virus for over a century. Connect a device to a network and you must model that device as a biological entity. History has shown that certain biological viruses have catastrophic impact on society, and now that we are connecting billions of devices…
A security researcher has found almost 6,000 online retailers with malicious code on their websites that is capable of stealing customer credit card information. Such attacks take advantage of known vulnerabilities in several web-based payment programs. The hackers are able to compromise the site and inject code that can skim card details. The blog post detailing the research can be found here: https://gwillem.github.io/ WhiteHat Security has also researched retail website security and found the following: Around half of all retail websites exhibit at least one serious security flaw on every single day of the year On average, retail sites exhibit 23 unique vulnerabilities…
Study finds that fewer than 10 percent of enterprise IT leaders have fully migrated to cloud, but 86 percent say it is critical to digital transformation initiatives London. Ping Identity®, the leader in Identity Defined Security, today announced the availability of “The State of Digital Transformation Report 2016,” which highlights that digital transformation is a top priority and source of anxiety for enterprises, but the majority of IT decision makers have not completed technology deployments to address the initiatives that are critical to making the shift. Security and identity access management were respectively ranked the top two initiatives critical to…