Security researchers have uncovered the first ever Twitter-controlled Android botnet, which acts as a backdoor to download malware onto infected devices. Dubbed Twitoor, the malicious app is not available on any official Android app stores. Researchers believe that the botnet is possibly distributed via SMS or malicious URLs. IT security experts from Imperva and AlienVault commented below. Ben Herzberg, Security Research Group Manager at Imperva: “Attackers keep looking for novel ways to extract information and receive commands and by using Twitter or other social media, the traffic seems less suspicious or prone to blocking. We see attacks emanating from mobile devices on…
Author: ISBuzz Team
Following the news that apple patching three separate zero-day exploits? Kyle Lady, Senior R&D Engineer at Duo Security commented below. Kyle Lady, Senior R&D Engineer at Duo Security: “This patch is a big one and people need to update immediately. For organisations with iPhones accessing business applications and email, which, let’s face it, is EVERY organisation, employees and contractors should be encouraged to patch their phones as soon as possible. To offer some perspective: 62% of employee devices are affected by this, based on our own customer data sample of over two million devices.” “In this case, SMS is masquerading…
Players of Funcom games have been told that forums associated with four of the developer’s online games have suffered a data breach, with the studio resetting all passwords as a precaution. The news was delivered via emails to affected players and a notice on the studio’s website, with the Norwegian company claiming forum accounts on TheSecretWorld.com, AgeofConan.com, Anarchy-Online.com and LongestJourney.com had been “compromised by a third party.” This comes almost immediately after gaming giant Epic Games suffered a massive data breach in which login credentials of 800,000 plus registered from Unreal Engine and Unreal Tournament forum were stolen. Robert Capps, VP of business development at NuData Security commented below. Robert Capps, VP of…
Following the news that WhatsApp’s public move to start sharing users’ personal data, including phone numbers to parent company Facebook, Jonathan Parker-Bray CEO and Founder at Pryvate commented below on the potential security concerns this raises. Jonathan Parker-Bray CEO and Founder at Pryvate: “Over a billion WhatsApp users are currently being notified of a significant change to WhatsApp’s privacy policy – something that will allow WhatsApp to now publicly share people’s personal information for ‘the first time’ with Facebook. Furthermore, users will only be given 30 days to opt out of this change – putting the move in stark contrast to the original mission…
Following the news that government hackers have been caught using a never-before-seen malware/iPhone spy tool that exploits three different vulnerabilities in Apple’s iOS operating system that allows them to get full control of the iPhone. This is the first time that anyone has uncovered such an attack in the wild. IT security experts from ESET, Tripwire, Cloud Security and prpl Foundation commented below. Travis Smith, Senior Security Research Engineer at Tripwire: “Any zero day which can remotely take control of a device is incredibly dangerous. The fact that this particular exploit took advantage of three vulnerabilities to accomplish complete control shows how advanced…
According to Brian Krebs, United Airlines has rolled out a series of updates to its website that it claims will improve the security of its customer accounts. These changes include moving from a 4-digit PIN to a password, as well as customers being required to pick five different security questions and answers. Robert Capps, VP of business development at NuData Security commented below. Robert Capps, VP of Business Development at NuData Security: “United Airlines is clearly attempting to incrementally advance consumer security, while maintaining usability. We remind ourselves every day that security is a process, and for it to be so, it has to become…
This week marks the 25th anniversary of when the WWW was made available to the public. Security experts from Ipswitch, ForgeRock, Barracuda Networks and WhiteHat Security commented below. Michael Hack, SVP of EMEA Operations at Ipswitch: “The World Wide Web has come a long way since it was opened up to the public 25 years ago. However, in the grand scheme of things, it is still in its infancy. Rapid adoption and fast paced development of Web technologies have, however, meant that innovation has outpaced security and our data isn’t always as secure as we’d like. “Whilst Governments and regulators work to…
World-renowned technology specialists join eleventh annual IP EXPO Europe to discuss the impact AI will have on humanity, the next big Cyber Security issues and how to improve STEM skills IP EXPO Europe, Europe’s number one enterprise IT event, has today announced the addition of several influential industry speakers to this year’s keynote and seminar programme. Attendees will have the opportunity to hear how key IT issues are affecting businesses and humanity alike, from Author & Founding Director of Oxford University’s Future of Humanity Institute: Nick Bostrom; the ‘Father of Java’: James Gosling; the creator of the ‘MySpace worm’ and…
It has been reported that French shipbuilding firm, DCNS, has suffered a huge data breach. The information exposed was 22,000 pages of detailed information revealing the combat capabilities of the Scorpene class vessels – six of which are used in a £2.6 billion contract with the Indian navy. IT security experts from AlienVault, ESET, Lieberman Software and NSFOCUS commented below. Javvad Malik, Security Advocate at AlienVault: “Intellectual property can sometimes be the most difficult form of data to protect because it is usually unstructured, and often times the full value of the whole data isn’t realized by the individuals who may be working on…
There is simply no all-in-one solution when it comes to security – the growing sophistication of hackers, the combination of human error and internal threats means every network is vulnerable. While many companies are still relying on traditional security methods, such as firewalls and anti-virus solutions, companies need to make sure they are prepared for when (yes, when) a hacker makes it through perimeter defenses, or a rogue employee decides to take data for personal gain. While security teams are always trying to prevent those attempting to enter an organization’s network, they are all too often left helpless if the…