Over 1 million Internet of Things (IoT) devices have been compromised in recent months and added to DDoS botnets created with the help of a malware family known as Gafgyt, but also as Lizkebab, BASHLITE, and Torlus. Lane Thames, Software Development Engineer and Security Researcher at Tripwire commented below. Lane Thames, Software Development Engineer and Security Researcher at Tripwire: “As security researchers, we love providing this type of useful information. We view changing default credentials, using encryption, locking down networks with firewalls, etc. as basic security hygiene. However, the bulk of the IoT market consists of non-technical consumers who, at this time,…
Author: ISBuzz Team
Six major banks within the UK have been the target of the relaunched Ramnit Trojan, according to research by IBM’s X-Force. After a silent period of approximately eight months, it appears that Ramnit’s operators have set up two new live attack servers, as well as a new command-and-control (C&C) server. The Trojan is configured to equip the malware with webinjections that are specifically deigned to target personal banking users. Brian Laing, VP Business Development at Lastline commented below. Brian Laing, VP Business Development at Lastline: “Lastline’s Global Malware Knowledge base has seen an exponential explosion in Ramnit attacks across the globe, and indicates that these attacks appear to be…
A report by Retuers revealed that SWIFT, the financial global messaging system, has disclosed new hacking attacks on its member banks following on from February’s high-profile $81 million heist at Bangladesh Bank. Following the new disclosures SWIFT have pressured their member banks to comply with new security procedures, suggesting that cyber thieves may have specifically targeted banks with lax security procedures for SWIFT-enabled transfers. IT security experts from VASCO, Balabit, FireMon and HPE Security – Data Security commented below. Shane Stevens, Data Security Director of Omni-Channel Identity and Trust Solutions at VASCO: “With so many attack vectors, it was just a matter of time before SWIFT became…
Following the news that the Labour party has proposed a new Digital Bill of Rights, Neil Greathead from digital transformation company, BMC Software Commented below. Neil Greathead, Vice President, Chief Customer Office, EMEA at BMC Software: “The race for digital transformation is no longer just a key consideration for British businesses, it is in fact becoming a crucial component of how our society may grow and flourish in the future. Achieving this robust new digital infrastructure is however no mean feat. The public sector can take key learnings from many private sector organisations, and must take measurable steps to try and secure the…
Study finds web scrapers can be employed for as little as $3.33 per hour SAN FRANCISCO. Distil Networks, Inc., the global leader in bot detection and mitigation, today released a new study titled, “The 2016 Economics of Web Scraping” which illustrates web scraping’s prevalence, sophistication, and industry use cases. Through analysis of top web scraping platforms and services, the report also outlines how the democratization of web scraping allows users to effortlessly steal sensitive information on the web. Web scraping is a computer software technique for extracting information from websites, and often includes transforming unstructured website data into a database…
A Chinese certificate authority handed out a base certificate for GitHub and the University of Central Florida to a security researcher. The incident occurred more than a year ago in July 2015 but went unreported, and it was the second time the researcher was able to obtain a base certificate from WoSign. Brian Spector, CEO at MIRACL commented below. Brian Spector, CEO at MIRACL: “This incident highlights just how easy it is for attackers to take advantage of the lax controls around commercial certificate authorities in order to achieve their goals. When hackers gain access to a legitimate code signing…
At the beginning of the summer, Kaspersky Lab assisted in the arrest of suspects that were part of the Lurk gang, which allegedly stole more than 45 million dollars from a number of companies and banks in Russia. It was the largest financial cybercrime group to be caught in recent years. However, this wasn’t the only cybercriminal activity Lurk group has been involved in. According to analysis of the IT infrastructure behind the Lurk malware, its operators were developing and renting their exploit kit out to other cybercriminals. Their Angler exploit kit is a set of malicious programs capable of exploiting vulnerabilities…
Roman Seleznev, the son of Russian parliament member, Valery Seleznev, has been convicted of 38 counts of fraud and theft by a US federal jury who conducted an eight-day trial in Seattle. Seleznev was taken into custody in July 2014 and his laptop contained more than 1.7 million stolen credit card numbers. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below. Jonathan Sander, VP of Product Strategy at Lieberman Software: “This story is like a “greatest hits” of contemporary cybercrime. Perpetrated by an organized, professional network, attacking weak points like Point of Sale that should be patched but aren’t,…
London, UK. Infoblox Inc. (NYSE:BLOX), the network control company, today announced results of the Infoblox Security Assessment Report for the second quarter of 2016, which finds that 40 percent—nearly half—of files tested by Infoblox show evidence of DNS tunnelling, a significant security threat that can indicate active malware or ongoing data exfiltration within an organisation’s network. Infoblox, an industry leader in securing Domain Name System (DNS) infrastructure, offers free security assessments to customers and prospective customers, identifying outbound DNS queries inside an organisation’s network that are attempting to reach known malicious or suspicious Internet locations (hostname). External threat data from…
Company Exhibits Joint Single Sign On (SSO) and Password Reset Solutions at Oktane 16 London, UK. Lieberman Software Corporation today announced new capabilities that integrate the company’s Privileged Identity Management (PIM) platform, Enterprise Random Password Manager™ (ERPM), with Okta’s market leading authentication and security platform. The integration provides secure SSO that allows only authenticated users to access the powerful privileged credentials managed by ERPM. Lieberman Software is exhibiting this new technology in booth 26 at Oktane 16 in Las Vegas this week. ERPM automatically locates, secures and audits access to privileged accounts throughout the enterprise – whether on-premises or in the cloud.…