The emergence of new technologies in the last decade has irreversibly changed the way we live, work, and communicate; whether it is how we shop, bank or order a taxi. This shift hasn’t been born out of a research and development facility but, more often than not, driven by customer behaviour, leaving many businesses struggling to keep pace within a rapidly changing market. Embracing and keeping pace with accelerating change can provide an organisation with the ability to exploit and maximise the opportunity to reflect the customer’s evolving wants and needs in a compelling way. New technology, when successful married…
ISBuzz Team
Following the news that a smash and grab malware gang has updated its FastPoS point of sales hack app to plunder credit cards more efficiently ahead of the festive season. IT security experts commented below. Smrithi Konanur, Global Product Manager, Payments, Web And Mobile at HPE Security-Data Security: “Retail malware is typically designed to steal clear data in memory from Point of Sale (POS) applications, resulting in the loss of magstripe data, EMV card data or other sensitive data exposed at the point of sale. And unfortunately, POS systems are often the weak link in the chain — they should be considered insecure even…
It was reported that Londoners are being warned to be careful when using cash machines after a spate of crimes involving malware-laden ATMs. Criminals have been hacking into cash machines to install malware that would then allow large amount of money to be stolen without needing to enter a card. If you are planning on covering this news, please see below for comments from Stephen Gates, chief research intelligence analyst at NSFOCUS commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS: “It seems these days that no matter where you use your credit/debit cards, the likelihood of the transaction processing devices being hacked is getting…
No matter where you may be in the world, the email attachment is the most common means by which criminals deliver malicious code into your IT estate, allowing them to steal vital information, hold your organisation to ransom or wreak havoc within your enterprise. The global trend is that ransomware in particular is on the increase at an alarming rate. A report earlier this year identified that the first half of 2016 saw 172 per cent more malware occurrences than the whole of 2015 and that 58 per cent of ransomware attacks were carried in email attachments. This is malware…
French TV network TV5Monde has revealed additional details about the cyber attack in April that took down all 12 of its channels. Using a series of targeted attacks, the hackers first breached the network on the 23rd of January and were able to remain there until an engineer discovered a corrupted machine and shut it down. The attack was far more sophisticated and targeted than reported at the time. IT security experts from Digital Guardian and Barracuda Networks commented below. Luke Brown, VP and GM EMEA, India and LatAm at Digital Guardian: “The TV5 hack demonstrates how a well-thought-out incident response plan can limit the…
Not long ago, the Department of Homeland Security directed extra attention to voter registration hacking threats. The recent news that the Arizona voter registration hack came from an email that looked like it was from an employee reignites the conversation on the importance of cyber security training, particularly among government agencies. This seemingly minor user misstep points to the detrimental consequences lack of security awareness and training can have on government entities in particular. Most average consumers aren’t aware spoofing emails of trusted sources is very common in phishing attacks, and many think it’s a difficult process for cyber criminals to successfully bait an employee. While we can’t speculate on the specifics…
Information security is viewed in some organizations as a function owned by a few individuals or one department. However, it is important to create a corporate culture that views information security as a shared responsibility among all employees. When data protection is prioritized and done well, it provides more disciplined operations, increased customer and stakeholder trust, and minimized risk. One of the best ways to reduce risk is to implement regular and comprehensive training programs for all employees. According to recent research, U.S. companies are not prioritizing employee training in their fight against fraud and data breaches[1]. Seventy-eight percent of…
Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting ‘False Flag’ timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups, according to a paper presented at Virus Bulletin by Kaspersky Lab security researchers Brian Bartholomew and Juan-Andres Guerrero-Sade. The identity of the group behind a targeted cyber-attack is the one question everybody wants answered, despite the fact that it is difficult, if not impossible to accurately establish who the perpetrators really are. To demonstrate the growing complexity and uncertainty of attribution in today’s threat intelligence…
Over the past few years many organizations have opted for virtual IT environments. A 2016 survey by Spiceworks reports that 76% of respondents have adopted server virtualization, and Gartner estimates that server virtualization rates in many organizations already exceed 75%. The reasons behind such strong adoption of virtualization is easy to understand: virtual environments are easy to deploy, improve IT efficiency, provide better business continuity, and — most importantly — reduce costs. Unfortunately, without appropriate security measures, these benefits can be reversed. For example a 2015 global survey by Kaspersky Labs reveals that businesses pay twice as much to recover from…
There’s a newly discovered flaw in macOS (and OS X) that could let miscreants peep on you through your webcam. The flaw lets malware lurk in the background, waiting for you to make use of your built-in webcam, and then activate, recording both video and audio. IT security experts from Redscan, ESET and AlienVault commented below. Robert Page, Lead Penetration Tester at Redscan: “Video conferencing has become so important to the way that we communicate daily with family, friends and colleagues that more needs to be done by hardware and software manufacturers to improve security of webcams. Taping up a webcam when not…