Following the news that Opera, the Norway-based internet browser maker, has confirmed that a hacker breached one of the company’s sync servers, potentially exposing passwords, IT security experts from Rapid7 and Centrify commented below. Corey Williams, Senior Director, Products and Marketing at Centrify: “The potential payoff of 1.7 million passwords could be huge. Attackers will work hard to crack any server’s encryption and try these passwords across countless thousands of other sites, services, and apps. Until we have something better than passwords protecting our accounts – something like Multi-factor Authentication — we will continue to see these breaches result in success for…
ISBuzz Team
What could shipbuilder DCNS have done to better protect its sensitive documents detailing the build specifications for the Scorpene submarine? James Henry, Consulting Practice Director for Auriga, looks at the lessons we should all take from the incident. News of a massive data leak affecting French shipbuilder DCNS emerged this week regarding the Scorpene submarine. More than 22,400 pages were stolen detailing the technical capabilities of the vessel in a leak to the Australian media (whilst DCNS won a major contract from the Australian government to build a fleet of submarines, the Scorpene vessel is not one of them.) The…
HERNDON. /PRNewswire/ — Global technology company Nuix today announced Nuix Insight Adaptive Security, the first endpoint security platform to tightly integrate cybersecurity threat prevention, detection, response, remediation, and deception in one solution. Unlike traditional endpoint security products, Nuix designed its adaptive security platform from the ground up to provide a seamless end-to-end approach for protection. Most endpoint security products focus only on a few links of the security kill chain, forcing organizations to invest in multiple point solutions in order to implement a complete security workflow. This inevitably leads to greater risks, costs, and productivity losses. “Previous attempts at applying…
Following the news about how the UK can stop being so attractive to DDos attackers, Stephanie Weagle, Senior Director at Corero commented below. Stephanie Weagle, Senior Director at Corero: “What makes the UK such an attractive target for DDoS attackers, over and above other countries (only the US got DDoS’sed more)? “DDoS attacks have become many things over the last decade; weapons of cyberwarfare, security breach diversions and service impacting strategies. The motivations for these attack campaigns are endless – financial, political, nation-state, extortion and everything in between. The reported increase in attacks against the UK, over the last six…
Every senior manager knows that falling prey to a malware attack could yield catastrophic results. But what if that malware spread beyond your own systems, taking your partners, customers and supply chain down with you? Cybercriminals have been busy over the past year, carrying out an alarming number of malware attacks varying the payload from types that enable access to confidential client or personnel data to a recent wave of ransomware attacks. Yet despite a growing awareness, these attacks continue to be successful. With file-based attacks accounting for 94 per cent of successful data breaches, a growing number of organisations…
A sophisticated piece of malware has exploited three different unknown vulnerabilities in Apple’s iOS operating system that would allow attackers to get full control of an iPhone. Government hackers have been caught using the never-before-seen malware/iPhone spy tool in an unprecedented attack never before seen in the wild. Apple have release an emergency update which every iPhone user should download and install as soon as possible. IT security experts from Lieberman Software, ESET and Tripwire commented below. Jonathan Sander, VP of Product Strategy at Lieberman Software: “The only real surprise in this iPhone spy tool story is that anyone is…
Following the news that Dropbox is resetting passwords that haven’t been changed since 2012, Charles Read, Regional Director – UK, Ireland and Benelux at OneLogin commented below. The comment looks at how, despite it being a positive move to come from a vendor as large as Dropbox, for a truly secure environment, the implementation of a single sign-on platform with SAML based authentication services is recommended. Charles Read, Regional Director – UK, Ireland and Benelux at OneLogin: “The recent announcement that Dropbox is to force password resets on accounts that haven’t been reset since 2012 is a really positive move…
Hackers have developed a ransomware inspired by hit TV show Mr Robot and named it after the fictional hactivist group ‘fsociety’. The ransomware is yet to have infected anyone and is believed to be still under development. IT security experts from Tripwire and AlienVault commented below. Craig Young, Security Researcher at Tripwire: “With the most accurate Hollywood portrayal of hacking to date combined with ties to real-world hacking conferences, Mr. Robot has garnered the attention of a sizeable hacker audience. The notion that someone out there would decide to create themed crypto-ransomware is not at all surprising given the use…
A new study says the Asia-Pacific region (Apac) has the worst cyber security in the world. Most breaches never become public and the discovery time on average was 520 days, way longer than the global average of just 146 days. IT security experts from Tripwire, AlienVault and Lieberman Software commented below. Tim Erlin, Sr. Director, Product Management at Tripwire: “Companies implement cybersecurity because it’s a business need, and that simply hasn’t been in the case in APAC. The business need for cybersecurity is driven either by customer demand and the potential brand damage from a breach, or by adequately enforced…
Security researchers have uncovered the first ever Twitter-controlled Android botnet, which acts as a backdoor to download malware onto infected devices. Dubbed Twitoor, the malicious app is not available on any official Android app stores. Researchers believe that the botnet is possibly distributed via SMS or malicious URLs. IT security experts from Imperva and AlienVault commented below. Ben Herzberg, Security Research Group Manager at Imperva: “Attackers keep looking for novel ways to extract information and receive commands and by using Twitter or other social media, the traffic seems less suspicious or prone to blocking. We see attacks emanating from mobile devices on…