Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources – according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry. Telecommunications providers are a top target for cyber-attacks. They operate and manage the world’s networks, voice and data transmissions, and store vast amounts of sensitive data. This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors. To achieve their goals, cybercriminals often use…
ISBuzz Team
Black-Hat Hackers are becoming more sophisticated, while their wares are becoming more diverse and complicated. One of the latest pieces of malware, the nasty Rex Linux Trojan, packs in DDoS attacks, ransomware, and a Bitcoin miner. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS: “Today, malware writers understand that once a vulnerability has been exploited, the resulting compromised machine can be used for a host of other activities. The machine can be used by the hacker to steal critical data. The machine can be used to spread its newly acquired malware by infecting other vulnerable systems it can access. …
I’m not surprising anyone by saying that Pokemon Go ranks among the largest and fastest-ramping phenomena of the Internet age to date. Whether it’s the players stumbling around staring at their phones, the snarky jokes about those players, or the inevitable memes, the game is ubiquitous (even if Niantic did seemingly throw a stick into its own spokes with the revision that took away the footstep counting tool). Sadly but predictably, anything that captures the public imagination this widely is bound to attract fraudsters, and the Pokemon Go juggernaut is no different. Any time a Big Thing happens, whether a…
Hotel operator HEI said 20 of its hotels had been infected, Eddie Bauer said its 350-or-so stores in the U.S. and Canada had also been the victim of a malware attack. IT security experts from Proofpoint’s Threat Operations Center, ESET and Tripwire commented below. Kevin Epstein, VP at Proofpoint: “Retailers investing seriously in security must have modern targeted attack protection and threat response systems in place, backed up by current threat intelligence. Today’s sophisticated threats and threat actors easily bypass legacy systems, then move laterally to point-of-sale operations. IT teams must have the appropriate technology and processes in place to be…
According to a recent report, banking customers are hesitant to use mobile features due to fraud and security concerns. The findings showed that of those not using mobile banking at all today (36 percent), more than half of them (74 percent) cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding. Ryan Wilk, director at NuData Security commented below. Ryan Wilk, Director at NuData Security: “We’re not at all surprised to see this reluctance on the part of consumers to adopt mobile banking wholeheartedly. It’s entirely understandable given the onslaught…
The Investigatory Powers (IP) bill has been given approval by David Anderson in a report. Britain’s spies should be allowed to continue harvesting large amounts of data from emails, the government’s reviewer of terror legislation said. IT security experts from AlienVault, MIRACL and Lieberman Software commented below. Javvad Malik, Security Advocate at AlienVault: “The IP Bill discussion is often framed as an ‘us’ vs ‘them’ argument. But as we discuss in our report “Privacy, the Feds, and Governments Surveillance” it appears that many agree on the intent (62% of security professionals supported governments being able to legally intercept communications relating to suspected…
In response to the announced report on the Investigatory Powers Bill by David Anderson QC, Jonathan Parker-Bray, Founder and CEO commented below. Jonathan Parker-Bray, Founder and CEO at Pryvate: “It is interesting to see this report on the Investigatory Powers Bill go live, as we have been saying for quite some time that this bill requires further scrutiny. It is also good to see the recommendation that an independent panel of technical experts be set up to advise the intelligence service on how to minimise their impact on individual privacy. However, the greatest issue with mass surveillance from a privacy perspective…
In Q2 2016, the average level of spam emails in overall email traffic equaled 57.3 per cent, according to the quarterly report on Spam and Phishing by Kaspersky Lab. This is a four per cent increase compared to Q2 2015, and one per cent increase in comparison to the previous quarter. The US elections, especially news about one particular candidate – Donald Trump – became the new hot spam topic this quarter. During the past quarter, political topics were among one of the most interesting for spammers. The upcoming US elections and the candidates involved gave fraudsters a good opportunity…
Banks must balance risk with reward as new mobile banking requirements are announced The Competition and Markets Authority (CMA) has announced changes in the banking industry that will enable customers to access the details of their entire finances through a single mobile phone app by 2018, raising inevitable security concerns. Not only will banks have to bolster security within their mobile banking applications, but they will also need to make sure that everyone within the supply chain meets the security requirements for these big changes in service provision, in order to mitigate the security risks. This is according to Phil…
Researchers have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network — as well as your email account. Craig Young, Security Researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “This is entirely unsurprising to anyone who’s been paying attention to the IoT market. Often times these devices do not use authentication at all and when they do it is commonly hardcoded or generated with an insecure algorithm. Product vendors in this space may have expertise when it comes to making hardware but it seems that they lack experience…