SWIFT, the global financial messaging system, disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank. IT security experts from Tripwire, Lieberman Software, MIRACL, Imperva and ESET comments on the attacks: Tim Erlin, Director, Security and IT Risk Strategist at Tripwire: “Basic security best practices work, and failing to implement them consistently will increase the risk to your organization. They are considered best practices with good reason. Attackers will always take the path of least resistance, so starting with the basics is important, but it’s…
ISBuzz Team
CREST releases report exploring the reasons behind the lack of gender diversity in cyber security and looking at ways to drive change CREST, the not-for-profit accreditation and certification body representing the technical information security industry, has released a report outlining the details and conclusions from its 2016 Diversity Workshop, attended by representatives from CREST member companies and a variety of leading professionals, from industry, government and academia. It is no secret that the cyber security industry suffers from a lack of gender diversity and it is estimated that only 10% of the global information security workforce are women. The industry…
Microsoft’s mixed reality headset set to transform business Ever imagined being able to interact with the computer pixels in front of you without a screen? Just reaching into your computer to manipulate the information and visuals you’re looking at. The Microsoft HoloLens makes this a possibility. A ‘Mixed Reality’ device, HoloLens is positioned between Augmented Reality and Virtual Reality, recognising the surrounding environment and placing holograms in your world. UK innovation studio Kazendi, was one of the first companies in the UK to start working with Microsoft’s unique HoloLens technology and will be bringing it to attendees at IP EXPO Europe…
Following the news that EA’s online servers have been brought down by DDoS attack, Sean Newman, Director at Corero Network Security commented below. Sean Newman, Director at Corero Network Security: “Yet another example of the ease with which motivated attackers are wreaking havoc – ongoing proof that organizations which depend on their online presence need the protection offered by the latest generation of DDoS defense solutions. Even where DDoS protection is being used, legacy solutions just don’t have the capacity, intelligence, or reaction times, to deal with today’s attacks. “By deploying the latest breed of intelligent, high-performance, DDoS defence solutions directly, or…
London, UK. Tripwire, Inc., a leading global provider of endpoint detection and response, security and compliance solutions, today announced the results of a survey of over 220 information security professionals who attended Black Hat USA 2016. The conference took place July 30-August 4, 2016, at the Mandalay Bay Convention Center in Las Vegas, Nevada. As ransomware and phishing attacks increase in frequency and sophistication, information security professionals remain apprehensive in their organizations’ abilities to protect themselves. When asked if their companies could recover from a ransomware infection without losing critical data, only thirty-four percent of the respondents said they are “very…
Countercept by MWR has discovered a new RAT – dubbed Luminosity The term “sophisticated” is often linked to “Advanced Persistent Threats”, but other generic malware families have become more sophisticated and often have no issue getting past traditional security solutions. We recently discovered a new variant of the Luminosity Remote Access Trojan (RAT) that leverages the use of the AutoIt script tool. AutoItis a legitimate system administration tool that is designed for task automation using scripts written by administrators. The benefit of using AutoIt is that it is legitimate software that is likely to evade detection from traditional security solutions.…
Finance Sector Attracts 33% of all Financial Penalties, While Only Responsible for 6% of Incidents London. Data disclosed in error and breaches in security were the primary reasons for an 88% rise in self-reported data protection breaches between 2014-15 and 2015-16 (1), according to a Freedom of Information request by Huntsman Security. 2,048 incidents were reported to the Information Commissioner’s Office (ICO) between April 2015 and March 2016, up 88% from 1,089 in a similar period the year before. In fact, there were more incidents where the ICO took ‘No Action’ in 2015-2016, than were reported in all of the previous year (2). “Unfortunately, this…
Following the news about the fall out of the Dropbox data breach, IT security experts from KCS Group Europe and Kaspersky Lab commented below. Tony Sweeney, Cyber Security Director at KCS Group Europe: “The news of 68 million Dropbox passwords being leaked online is not a shock; after all, the breach occurred in 2012 when LinkedIn and MySpace were also hacked. It is safe to assume any online accounts held since 2012 are at risk and ALL passwords should be changed. Realistically, no accounts are safe from being compromised. One way to make accounts more secure is by enabling two-factor authentication, such…
ESET Ireland is detecting an increased number of phishing emails, pretending to come from Apple’s App Store. ESET Ireland has analysed a number of spam emails, that look like they are from Apple’s App Store, but actually use a Norwegian domain email address, which claim the user has subscribed to “YouTube Music Key through the App Store” and their trial period has ended and they will henceforth be charged monthly for the service for various amounts, ranging from €9.55 to €29.55. Because the recipient of such an email would likely be alarmed about not recalling they subscribed to anything such and would…
Over 1 million Internet of Things (IoT) devices have been compromised in recent months and added to DDoS botnets created with the help of a malware family known as Gafgyt, but also as Lizkebab, BASHLITE, and Torlus. Lane Thames, Software Development Engineer and Security Researcher at Tripwire commented below. Lane Thames, Software Development Engineer and Security Researcher at Tripwire: “As security researchers, we love providing this type of useful information. We view changing default credentials, using encryption, locking down networks with firewalls, etc. as basic security hygiene. However, the bulk of the IoT market consists of non-technical consumers who, at this time,…