Following the news about Pharmaceutical firm Johnson & Johnson that has warned one of its insulin pumps for diabetics is at risk of being hacked, causing an overdose. IT security experts from ESET, NSFOCUS, Tripwire and prpl Foundation discuss how medical suppliers can better secure their products. Mark James, Security Specialist at ESET: “Quite often the problem with security in the medical or health industry is financially driven; cost is a major factor both in running and supplying the equipment used. In these instances the biggest factor is often making the equipment attainable for the masses who need it. The security of…
ISBuzz Team
Researchers have found multiple vulnerabilities in MOXA ioLogik industrial controllers which are widely used in industrial facilities such as utilities and manufacturing plants. Code injection, weak password policies and lack of protection mechanisms allow hackers to execute arbitrary code within webpages and modify settings of vulnerable devices. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “Sadly most software will have flaws or vulnerabilities, what’s important is how quickly patches and fixes are created and made available for the end user to apply. This usually requires the user to download the patch and apply that…
Kaspersky Lab has been named partner of the month for August 2016 by Citrix Ready, a program that helps customers identify third-party solutions that are recommended to enhance virtualisation, networking and cloud computing solutions from Citrix. Bringing multi-layered security to the virtualised environment for the fourth consecutive year, Kaspersky Security for Virtualisation | Light Agent supports Citrix infrastructure and desktop virtualisation solutions with advanced security, helping global enterprises to protect what matters most to them. Scalability, protection quality and system performance are cornerstones of the technology relationship between Citrix and Kaspersky Lab. Kaspersky Security for Virtualisation has addressed the needs…
Following the news that TalkTalk has been fined £400,000 for the theft of customer data, IT security experts from Zscaler and Anomali commented below. Chris Hodson, CISO EMEA at Zscaler: “The record breaking fine imposed on TalkTalk is merely a drop in the ocean. If the breach was to take place after GDPR had been enforced, the severity of the penalty would have been significantly more damaging. With the risk of personal information reaching the public domain, organisations need to step up and ensure that they are accountable for personal data. “Despite TalkTalk’s technical and operational failings, they overestimated the extent of the breach,…
Following the news that an NSA contractor was arrested for allegedly stealing inside information, IT security experts from STEALTHbits Technologies and Prevoty commented below. Mark Wilson, Director of Product Development at Stealthbits Technologies: Insider threat is the most realistic and largest threat to corporate data. No intrusion detection or perimeter security measure can account for this. An internal bad actor with motivation and the correct credentials can and will infiltrate an organization’s Crown Jewels – sensitive data. Why? Because it has monetary value. The insider threat or bad actor has two things in their sight: credentials and data. The challenge is how to…
Risk management has come a long way since its origins as a financial instrument for the insurance industry in the mid-1900s. Now, it’s a mainstream corporate function – due in large part to regulations that have been brought in by various industrial and governmental institutions seeking to tackle some of the major calamities of more recent time. From the global financial crisis to BP’s Deepwater Horizon disaster, risk management and regulatory compliance play major roles in establishing why crises have happened, and how they can be prevented from occurring again. As is the case with emerging technologies, there have been…
Following the news about some of the Steam accounts that were previously hacked are now distribution malware. The user on Reddit who goes by the alias Hayaddict can be seen alerting about the hacked Steam accounts being used to SPAM malicious URLs, Tim Erlin, Sr. Director, Product Management at Tripwire commented below. Tim Erlin, Sr. Director, Product Management at Tripwire: “The activity with these compromised accounts is a good example of how criminals make use of the spoils of successful cyber attacks. If you think your account doesn’t contain anything of value, you’re wrong. It provides attackers with connections to other people, who they…
Following the news about the New Mastercard app that has launched in the UK and Europe to let shoppers authenticate payments with their face, Reeve, Director Product Management at Nuance Communications commented below. Sebastian Reeve, Director Product Management at Nuance Communications: “The global biometrics market is expected to grow to $44.2 billion by 2021, a massive increase from $7 billion in 2014, with many leading customer-facing companies – such as Barclays, First Direct, TalkTalk and HSBC – adopting the technology for authenticating sensitive information and speeding up the overall customer journey. “While Mastercard customers may not yet be able to forget their…
Following the news that some Steam accounts for gamers, hacked last year, are now spreading Malware, Tim Erlin, Senior Director of IT Security and IT Risk Strategist commented below. Tim Erlin, Senior Director of IT Security and IT Risk Strategist at Tripwire: “The activity with these compromised accounts is a good example of how criminals make use of the spoils of successful cyber attacks. If you think you’re account doesn’t contain anything of value, you’re wrong. It provides attackers with connections to other people, who they can convince to click a link, and ultimately install malware. The need to be careful about…
Enables Customers to Automatically Manage 64 Percent of Outbound Email Sent Via Cloud Email Services SAN MATEO, Calif. Agari, a leading cybersecurity company, today announced Email Cloud Identity, a new capability in the Agari Email Trust Platform™ that enables organisations to automatically identify, monitor and manage the five billion emails per month being sent on their behalf by third-party email senders. This enables businesses to easily identify and authorise legitimate email communications, block malicious emails from cyber criminals and protect customers, partners and employees from advanced email attacks including phishing and business email compromise (BEC). “For many organisations, cloud-based email services…