Following the news about Yahoo breach, Richard Windsor, Analyst at Edison Investment Research commented below. Richard Windsor, Analyst at Edison Investment Research: “With Verizon, Yahoo is likely to become irrelevant. Verizon is building an ecosystem but second rate assets are unlikely to get Verizon very far without inspirational management to make these assets shine. On top of the $3bn it is paying for Yahoo’s core business, Verizon also appears to be in advanced discussions to purchase a video streaming start-up called Vessel which would take Verizon / Yahoo’s coverage of Digital Life to 51% putting it ahead of many of its competitors. However, Digital…
Author: ISBuzz Team
Hackers who call themselves TheDarkOverlord recently tried to extort a series of health care organisations into paying hefty ransoms. Their most recent target is WestPark Capital. The hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort to extort money from the victim company. Jamie Moles, security consultant at cyber security firm Lastline commented below why this story differs from other high profile hacks, including the traditional techniques and language that TheDarkOverlord have used in publishing the data. Jamie Moles, Security Consultant at Cyber Security Firm Lastline: “This story stands out from this year’s higher profile reports in a number…
Pippa Middleton’s iCloud account was hacked stealing round 3,000 private photographs. The Sun said it had been approached by someone using a pseudonym and asking for £50,000 within 48 hours. IT security experts commented below how people, royalty or not, can secure their iCloud accounts and stay safe online. Javvad Malik, Security Advocate at AlienVault: “The main thing is for people to remember to secure their cloud storage platforms well. In addition to choosing a strong password, most websites offer additional security features such as notifications whenever the account is logged onto, or enabling two step verification.” Javvad made a video about…
Professor Avashai Wool, CTO at Alogsec explains how businesses can best manage a cross-border firewall estate, keeping their perimeters secure globally. Globalization is the new normal for most organizations today, but it can present some significant challenges – not least when it comes to managing the firewall estate across these large-scale, distributed networks. A typical, multinational corporation, headquartered in the US may have offices and datacenters in dozens of countries around the globe. Let’s assume the organization takes a proactive, structured and logical approach to cybersecurity, and therefore protects each datacenter with firewalls. Yet all of these firewalls also have…
In a new blog post researchers from Proofpoint detail their discovery of the MarsJoke ransomware, which is targeting state and local government agencies and educational institutions in the United States. Proofpoint researchers originally spotted the MarsJoke ransomware in late August by trawling through their repository of unknown malware. However, beginning on September 22, 2016, they detected the first large-scale email campaign distributing MarsJoke. The full blog post announcing Proofpoint’s discovery can be found here, however key takeouts include: Proofpoint detected a large MarsJoke ransomware email campaign. Emails contained URLs linking to an executable file named “file_6.exe” hosted on various sites with…
A new form of ransomware is targeting government agencies and educational institutions in the US, using emails claiming to be from airlines. The MarsJoke ransomware was unearthed by Proofpoint security researchers, who said that a large-scale email campaign distributing the machine-locking malware began on 22 September, with the main targets being state and local government agencies. Travis Smith, Senior Security Research Engineer at Tripwire commented below. Travis Smith, Senior Security Research Engineer at Tripwire: “This time the joke’s on the malware authors. Restoring from backups still is the easiest and safest way to recover from a ransomware infection. The fact that ransomware is threatening to wipe…
Following the news that a lawsuit filed in Federal District Court in San Jose is accusing Yahoo of gross negligence in connection with a 2014 breach in which data was stolen from more than 500 million users, Security experts from Tripwire commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “Financial loss is absolutely a motivator for organizations to implement stronger security controls. A successful civil suit, with material damages, will cause other organizations to take notice and work to avoid the same culpability. Compliance regulations and the associated audits are simply a forcing function to make…
Data from Venafi which reveals just how inadequately Yahoo has reacted to the breach announced last week and specifically, the cryptographic controls it still has in place. The results are damning: – Yahoo has not taken the action necessary to ensure they are not still exposed and that the hackers do not still have access to their systems and encrypted communications – Yahoo is still using cryptography (MD5) that has been known to be vulnerable for many years now. The net result if you are a Yahoo customer (or a BT or BSKYB customer) is that you should be worried that Yahoo has not…
Luxury hotel chain owned by Donald Trump has been fined $50,000 for negligent cybersecurity practices after two separate attacks on its payment processing systems exposed more than 70,000 customer credit card numbers. In light of this news, Jose Diaz believes that, as the hospitality industry becomes more of a target for POS-based malware, more has to be done to protect customers’ payment information. Jose Diaz, director of payment strategy at Thales e-Security commented below. Jose Diaz, Director of Payment Strategy at Thales e-Security: “The accommodation industry has been particularly vulnerable to POS-based malwares, with reports citing it as the sector with the highest number of POS breaches. And…
Privileged Identity Management Solution Leverages OAUTH2, SAML and LDAP for Secure Authentication London, UK, September 26, 2016 – Many organizations with on-premises IT environments find that as they move to the cloud, their on-premises management and security solutions stop functioning at the perimeter. At Microsoft Ignite in Atlanta this week, Lieberman Software Corporation will demonstrate how the newest version of its cyber security platform, Enterprise Random Password Manager™ (ERPM), securely manages credentials and access to both cloud and on-premises resources using OAUTH2, SAML and LDAP. “The general direction for Privileged Identity Management (PIM) and Privileged Access Management (PAM) solutions has been to…