F5 just released a report (in conjunction with the Ponemon Institute) on the state of application security in 2016. The report surveyed security professionals about their approach to protecting applications that are critical to running their businesses and highlights why traditional security methods are no longer effective. A few interesting data points from the report include: Enterprises are investing in network perimeter (90% of budget), but majority of attacks are aimed at user identity and application (72% of attacks) 57% respondents said lack of visibility in the application layer is preventing strong security 71% of security professionals who have integrated DevOps practices…
Author: ISBuzz Team
Blizzard, the game developer behind World of Warcraft and Overwatch, was hit by another DDoS attack on Tuesday. The assault coincides with the final day of its Overwatch Summer Games event. In an update to an official Twitter account, Blizzard admitted the assault was affecting its ability to deliver services. Ofer Gayer, Senior Security Researcher at Imperva commented below. Ofer Gayer, Senior Security Researcher at Imperva: “Gaming servers are a top target of DDoS assaults; they have been hit by some of the largest and longest attacks on recent record. Since online gaming platforms are highly sensitive to latency and availability issues, they’re ideal DDoS attack targets.…
Details for nearly 200,000 Grand Theft Auto fan site users have been traded on the digital underground. This contains email addresses, hashed passwords, dates of birth, and IP addresses. Deepak Patel, Director of Security Strategy at Imperva commented below. Deepak Patel, Director of Security Strategy at Imperva: “Data breaches in online video games are steadily growing every year. If this breach was the result of SQL injection, there are several effective ways to prevent those types of attacks from taking place, as well as protecting against them. The first step is input validation or sanitization, which is the practice of writing code that can…
A meeting this week between the interior ministers of France and Germany has focused on the issue of encryption and its potential impact on security. French interior minister Bernard Cazeneuve even went so far as to argue that the European Commission (EC) should draft a new law that would require companies to work with the authorities to decrypt secure communications on demand and help track down terrorist suspects. Brian Spector, CEO at MIRACL commented below. Brian Spector, CEO at MIRACL: “These proposals wouldn’t just make it easier for governments to spy on their citizens; it would also weaken the very…
Earlier this week, AdaptiveMobile released a blog post which examined application-to-person (A2P) SMS banking scams, specifically as they relate to identity theft. Attackers are increasingly using creative social engineering led approaches to trick individuals into giving away personal information, allowing an attacker to impersonate a victim resulting in financial gain for the perpetrator. The post also looked at the recent Barclay’s TV advert which examines the same topic. Robert Capps, VP of business development at NuData Security commented below. Robert Capps, VP of Business Development at NuData Security: “The lack of standard trust indicators in SMS, coupled with the seemingly organic deployment of SMS as a messaging…
SentinelOne FoI request released, finding that over half of UK universities have been hit by ransomware in the past year, whilst Bournemouth University alone has been hit 21 times. Ben Johnson, Chief Security Strategist at Carbon Black commented below. Ben Johnson, Chief Security Strategist at Carbon Black: “When it comes to ransomware, universities are just as lucrative a target as hospitals, county councils or any other type of organisation. Users can fall victim to ransomware through conventional means like phishing and spam emails, but in the last few years, attackers have started leveraging exploit kits such as Angler and Nuclear. As a…
Following the report about Freedom of Information, Bournemouth University, which boasts a cybersecurity centre, has been hit by ransomware 21 times in the last 12 months. Cybersecurity firm SentinelOne contacted 71 UK universities. Of the 58 which replied, 23 said they had been attacked in the last year. Twenty-eight NHS Trusts said they had also been affected. IT security experts from AlienVault, Lieberman Software and ESET commented below what law enforcement can do to help against ransomware and how organisations can protect themselves. Javvad Malik, Security Advocate at AlienVault: “Being hit by ransomware, or any other form of malware is…
News recently broke that more than 800,000 usernames and email addresses were taken from Unreal Engine and its maker, Epic Games. Deral Heiland, Research Lead at Rapid7 commented below. Deral Heiland, Research Lead at Rapid7: “This breach is another reminder that SQL injection — which has been around since 1998 — doesn’t appear to be going away anytime soon. Current reporting of this event indicates that vBulletin forum software was still in use with a known SQLi vulnerability. While it is absolutely critical that we ensure all of our installed software is patched with the latest, secure version, it’s not entirely uncommon…
Even though the Irish tend to use safer passwords than the global average, here are some safety tips just in case. Growing up before the age of the internet and social networks has left many older users unprepared for risks looming in the virtual world. From that perspective, today’s kids are lucky, as the best cybersecurity practices, such as good password hygiene, are at hand. So, if you are not exactly the most security savvy of parents, try our password essentials. Here’s the short version: Create a unique password for each account and don’t share it with anyone. The general rule…
Following the news that Epic Games has confirmed that the Unreal Engine and Unreal Tournament forums, as well as some of its legacy forums, have been compromised in a massive breach affecting over 800,000 users. The attack was carried out on 11 August – allegedly using and SQL injection vulnerability. John Smith, Principal Solution Architect, Veracode commented below. John Smith, Principal Solution Architect at Veracode: “While there have been high levels of discussion around the SQL injection since the high profile TalkTalk breach last year, we’re continuing to see consumer data exposed by this attack vector. Although having been around for more than…