Volkswagen drivers are facing another issue with their vehicles as, not only has Volkswagen left its ignition vulnerable, but researchers have discovered that the keyless entry system that unlocks the vehicle’s doors can also be hacked, affecting all cars sold since 1995. Rob Miller, Head of Operational Technology at MWR commented below. Rob Miller, Head of Operational Technology at MWR: “Volkswagen is clearly aware of what this research means for its customers’ security, and are taking steps to make sure that this information does not fall into the wrong hands. This is a common theme we have seen with several…
ISBuzz Team
UK-based accounting software firm Sage has reportedly suffered a data breach. The attacker is thought to have used an internal login to access personal details of employees at around 300 companies. It is currently not clear if the data was merely viewed, or if it was stolen. IT security experts commented below. Adam Bangle, Vice President of Northern Europe at FireEye: “While we don’t know the specific details of the Sage breach yet, based on our data and the trends we’re seeing this type of attack is becoming fairly typical and has lasting effects on a company’s brand. In a statement…
Customers can now integrate real-time Threat Data Feeds from Kaspersky Lab into their security operations by leveraging the Threat Intelligence App for Splunk. Kaspersky Threat Intelligence Data Feeds were launched earlier this year as part of Kaspersky Security Intelligence Services. Kaspersky Threat Intelligence Data Feeds provide customers with up-to-date information about cyber-threats, such as new malicious apps, botnet activity, phishing and malicious resources, as well as web hosts potentially linked with criminal activity. By leveraging the Splunk® platform, customers can enhance their security position through data analytics and real-time visibility in their security infrastructure to gain actionable insights. Kaspersky Threat…
Nemucod, the Trojan that affected Ireland worst in 2016 is back with a new campaign. Instead of serving its victims ransomware, it delivers an ad-clicking backdoor Trojan detected by ESET as Win32/Kovter and is spread via email as a fake invoice. Nemucod was used in several large campaigns in 2016, having reached a 24% share of global malware detections on March 30, 2016. Local attacks in particular countries saw a prevalence level far above 50% throughout 2016. In the past, Nemucod payloads were primarily ransomware families, most frequently Locky or the now-discontinued TeslaCrypt. In the most recent campaign detected by ESET’s systems, Nemucod’s payload is…
New research paper from IOActive shows half of vehicle vulnerabilities could put hackers in the driving seat IOActive, the worldwide leader in research-driven security services, will be releasing the findings of a three year study into the vehicle cybersecurity space. The findings are detailed in a new research paper – Commonalities in Vehicle Vulnerabilities – which offers analysis on the general issues and potential solutions to the cybersecurity issues facing today’s connected vehicles. The paper provides metadata analysis of real-world private vehicle security assessments, conducted by IOActive’s Vehicle Cybersecurity Division since 2013. It combines insights gleaned from 16,000 man hours…
Three-year study by IOActive that has found half of vehicle vulnerabilities could allow cyber attackers to take control of a vehicle – and 71% are ‘easy to exploit’ Jon Geater, CTO, Thales e-Security commented below. Jon Geater, Chief Technology Officer at Thales e-Security: “With around 100 million lines of code and the computing power of over 20 PCs combined, today’s vehicles have more in common with the iPhone than the Ford Escort. Increased complexity and connectivity demands advanced security approaches to ensure safe operation and protection of sensitive data – and this study only raises fresh questions regarding how secure connected cars…
Richard Parris, CEO of digital identity expert Intercede, explores how recent high-profile cyberattacks have created an urgent need for service providers to find a new, more effective approach to security When we leave the house in the morning, we close the windows and lock the doors. We worry that, in our absence, someone might be able to get into our homes and steal our personal items. We want to protect what we value, and that means keeping anyone we don’t know out of our private space and their hands off our things. But why are we not able to take…
The Met is currently using 27,000 computers running on Windows XP. For the last two years, XP has no longer been supported by Microsoft, opening up security flaws. IT security experts from Lieberman Software and ESET commented below whether using the out of date system is actually a security risk. Jonathan Sander, VP of Product Strategy at Lieberman Software: “Being old doesn’t make a system a security risk. It may seem like a system that’s been around longer may be a more well known target. But it’s also true that those weaknesses have been found and likely patched. If someone has…
Following the news that Check Point uncovered and announced a new Android vulnerability, Spencer Cobb, VP of Strategy & Business Development at Cyber adAPT commented below Spencer Cobb, VP of Strategy & Business Development at Cyber adAPT: Not to be cavalier, security is important! But for Android it’s not unexpected, the os itself has a multitude of well documented security issues, mainly that allow for ‘escalation of privilege attacks’ since the os is not locked down. This prohibits users and isv’s from securing these devices effectively. Hackers are turning their efforts toward mobile as more and more critical data is stored and transmitted. This specific hack…
The breach of Dota 2 forum, which saw 2 million user accounts leaked? Barry Scott, CTO, Centrify Corporation at Leader in Identity Management commented below. Barry Scott, CTO, Centrify Corporation at Leader in Identity Management: “The Dota 2 breach was apparently done using an attack that has been known about for a long time called SQL Injection. It’s disappointing we still see such hacks and it’s really important that web developers close wide open doors like this that are letting hackers in. As users, in spite of all the advice we’re given, we are often STILL guilty of using the…