Following the news that the health secretary has announced plans for apps to inform on patient records Paul Farrington, EMEA Solution Architects Manager at Veracode commented below. Paul Farrington, EMEA Solution Architects Manager at Veracode: “Creating a truly digital NHS requires both investment in the latest apps and wearables alongside a rigorous security policy to give patients and healthcare professionals complete assurance that their data is secure. This is a bold initiative from our world class health service and one which will undoubtedly provide more personalised and efficient healthcare to millions, but there are inevitable risks around privacy and security which must be…
ISBuzz Team
Phishing continues to be a large and growing problem for organizations of all sizes. As pioneers in the use of simulated phishing attacks, Wombat Security, strongly recommends organizations make anti-phishing education the foundation of their security awareness and training programs. However, it’s also recommended to think beyond the phish to assess and educate end users about the many cybersecurity threats that are prevalent (and emerging) in today’s marketplace. Risky behaviors like lax data protection, oversharing on social media and improper use of WiFi are all dangers in their own right – and could be considering contributing factors to the ever-growing…
A Congressional report blames the U.S. Office of Personnel Management (OPM) for jeopardizing US national Security for more than a generation. The U.S. House Oversight & Government Reform Committee conducted an investigation of the OPM data breach which exposed background information and fingerprints of millions of Americans and blames everyone from top leadership all the way to outdated technology for the massive data breach. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “Theft like this once again reinforces the position that some data repositories simply don’t belong connected to the Internet. If even one file is…
Following the news about new Android malware, Elday Tuvey, Co-Founder and CEO at Wandera, the leading provider of mobile data management and security commented below. Elday Tuvey, Co-Founder and CEO at Wandera: “Malicious applications using the overlay technique have become quite prevalent over the past couple of years in the Android ecosystem. This technique enables malicious actors to phish for sensitive information in more efficient ways, evading even two factor authentication mechanisms. Fortunately, we have seen the issues addressed by developers and protection mechanisms being implemented along the way. Still, the human factor remains the main reason why such attacks are highly…
WESTFORD, Mass. NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT), a leading provider of business assurance – a powerful combination of service assurance, cybersecurity, and business intelligence solutions – today announced the availability of its next-generation, real-time information platform called the InfiniStreamNG. The InfiniStreamNG delivers unprecedented scalability and flexibility in multiple form factors and deployment options: virtual, software and hardware appliances. Both enterprise and service provider customers can leverage InfiniStreamNG in data center, cloud, and hybrid infrastructures, providing seamless, end-to-end visibility, which can dramatically accelerate their digital transformation initiatives. The new platform enables NETSCOUT to elevate its value proposition and expand its total addressable market (TAM). With…
Following the news that ‘Armada Collective’ hackers have threatened to launch a huge new DDoS attack, Sean Newman, Director at Corero commented below. Sean Newman, Director at Corero: “Although the September 6th date has now passed, without us knowing how effective their campaign was, this is just another example of the growing trend for cyber criminals to resort to extortion, by demanding ransom payments. In fact the FBI has predicted just this facet of cybercrime will exceed one billion US Dollars, in 2016 alone. “DDOS is a perfect threat for those demanding ransoms, as these attacks are relatively easy to launch these days. Plus,…
According to the research Corporate IT Security Risks 2016* conducted by Kaspersky Lab, last year, one cryptomalware attack cost small and medium businesses up to $99,000 on average. Despite the fact that cybercriminals do not guarantee the return of corporate data, 34 per cent of entrepreneurs admitted paying extortionists. The total damage caused by a cryptomalware infection is a combination of a variety of factors: partial or complete suspension of operations (internal business processes, financial transactions, etc.); the loss of valuable data (financial and project documents, customer or partner databases, etc.); reputational risks, and more. In fact, the total amount of damage can…
SEC Consult has released a damning update to its study on hardcoded cryptographic secrets in embedded systems which shows that the number of devices on the web using known private keys for HTTPS server certificates has gone up by 40% in the last nine months: http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html. Cryptography expert Kevin Bocek, VP Security Strategy at Venafi commented below. Kevin Bocek, VP Security Strategy at Venafi: “New research that identifies private keys are being reused in critical network security devices is disturbing, but nothing new. And it’s even more scary since it applies to many of the vulnerabilities in critical infrastructure and telecommunications systems. We share SEC Consult’s…
Following the news about Hutton Hotel Breach, Brian Laing, VP Products and Business Development at Lastline commented below. Brian Laing, VP Products and Business Development at Lastline: “It is hard to tell the specifics afflicting the Nashville Hutton Hotel, but the Hotel disclosure did state, ‘Findings from the investigation show that unknown individuals were able to install a program on the payment processing system at the Hutton Hotel designed to capture payment card data as it was routed through the system.’ This is a statement of presence of malware. “Point of Sale (POS) systems tend to rely on older operating…
Kaspersky Lab experts have discovered a modification of the Gugi banking trojan that can bypass new Android 6 security features designed to block phishing and ransomware attacks. The modified trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls, and more. It is spread through social engineering and its use by cybercriminals is growing rapidly. Between April and early August, 2016, there was a ten-fold increase in its number of victims. The Gugi Trojan’s aim is to steal users’ mobile banking credentials by overlaying their genuine banking apps with phishing apps and to seize credit card…