There’s a newly discovered flaw in macOS (and OS X) that could let miscreants peep on you through your webcam. The flaw lets malware lurk in the background, waiting for you to make use of your built-in webcam, and then activate, recording both video and audio. IT security experts from Redscan, ESET and AlienVault commented below. Robert Page, Lead Penetration Tester at Redscan: “Video conferencing has become so important to the way that we communicate daily with family, friends and colleagues that more needs to be done by hardware and software manufacturers to improve security of webcams. Taping up a webcam when not…
Author: ISBuzz Team
Researchers have reported on smash and grab malware has been updated as a “FastPoS” point of sales hack app designed to steal credit card information more efficiently ahead of the holiday shopping, travel and entertainment season. Smrithi Konanur, global product manager, payments, web and mobile for HPE Security-Data Security commented below how retailers and all businesses can avoid a serious customer data breach. Smrithi Konanur, Global Product Manager, Payments, Web and Mobile at HPE Security-Data Security: “Retail malware is typically designed to steal clear data in memory from Point of Sale (POS) applications, resulting in the loss of magstripe data, EMV…
It seems staggering that a technology provider like TalkTalk should resort to ignorance as it’s line of defence and yet that’s just what the company did when faced with the results of the investigation by the Information Commissioner’s Office. The company ‘did not know’ the vulnerable web pages subjected to at least three separate SQL attacks existed and was ‘unaware’ that the installed database software had not been patched for three and a half years that it inherited from Tiscali. What’s interesting is that the fine was levied as the result of an attack – and no doubt that’s the…
The average IT security budget for an SMB currently exceeds 18 per cent of the business’s annual IT spending and continues to grow. The reasons for this are not hard to find. Growing IT complexity and maintenance costs are leading the trend. 42 per cent of SMBs see complexity of IT infrastructure as the main reason to grow their IT security budget.Security incidents also contribute to mushrooming spending. Today’s threat landscape, with its rapid expansion of ransomware, POS exploits and DDoS attacks, is forcing businesses to protect themselves by buying in more software and expanding their IT teams. Growing their IT spend is not…
New study released by NIST, which has identified a growing security fatigue in light of the constant barrage of warnings and hack attacks now coming to light. Piers Wilson at Huntsman Security commented on this report below that enterprises have just as much of a problem with security fatigue as consumers do. He points out that security analysts are now bombarded with so many threat alerts that it’s become difficult for them to see the wood through the trees; a challenge that enterprises will need to address if they are to protect themselves. Piers Wilson, head of product management at Huntsman Security commented…
Following the news about NSA Contractor Arrest, István Szabó Product Manager of syslog-ng/SSB at Balabit commented below. István Szabó, Product Manager of Syslog-ng/SSB at Balabit: “While very few details are available about the case of another NSA contractor stealing confidential information, based on the information available thus far, there are some observations that can be made. Mainly, there is no easy way to characterize insider threats. Motivation can be political, financial, personal or can simply be attributed to negligence or unawareness of the risks involved. No single tool and no policy can be flexible and powerful enough to capture this…
Following the news about the latest development of the Yahoo data breach that Yahoo may have allowed US government to search user emails, Jeremiah Grossman, Chief of Security Strategy at SentinelOne commented below. Jeremiah Grossman, Chief of Security Strategy at SentinelOne: “As a security professional, my first thought on this whole situation is what a government backdoor does to technology at a base level. No matter how noble the intention, the creation of any backdoor for any reason opens up risks that our adversaries can exploit. Even the most top-of-the-line, advanced security tools may falter in the face of deliberate vulnerabilities.…
Every day, and usually without organisations realising it, their networks are being breached. With confidential information exposed to the wrong eyes, secrets can become commodities capable of ruining well held reputations. We live in a world where network incidents are so common that no one can deny their existence. As attacks proliferate, problems mount. With the attack surface continually growing, more devices being plugged into networks, and growing volumes of data, the challenges for corporate leaders are more complex than ever. Fortunately, most enterprises are taking steps to increase their defence, but the security strategy does not become effective by…
Following the news about the announcement that Mastercard will allow customers to pay with a selfie, Jay Floyd, Head of Fraud Strategy and Solutions EMEA at ACI Worldwide commented below on the rise of biometric payments which allows online shoppers to use fingerprints or selfies to verify their identities. Jay Floyd, Head of Fraud Strategy and Solutions EMEA at ACI Worldwide: “The launch by MasterCard proves that the disruption in the payment sector is well underway. “Recent research has shown a growing demand for biometric payments especially amongst millennials. The widespread use of biometric payments is only a matter of time, not…
Following the news that security researchers have found insulin pump are vulnerable to hacking, security experts from MWR Infosecurity and Veracode commented below. Chris Day, Security Researcher at MWR Infosecurity: “As is increasingly reported in the news, it is typical to see embedded, IOT and medical devices entering the market with security weaknesses. There can be many reasons for this, but these typically boil down to one critical point; there was not a corporately endorsed requirement to add security to the device. “Although we would expect these devices to be secure, in many instances there is neither an explicit requirement from customers or regulatory bodies on security.…