The breach of Dota 2 forum, which saw 2 million user accounts leaked? Barry Scott, CTO, Centrify Corporation at Leader in Identity Management commented below. Barry Scott, CTO, Centrify Corporation at Leader in Identity Management: “The Dota 2 breach was apparently done using an attack that has been known about for a long time called SQL Injection. It’s disappointing we still see such hacks and it’s really important that web developers close wide open doors like this that are letting hackers in. As users, in spite of all the advice we’re given, we are often STILL guilty of using the…
Author: ISBuzz Team
Delta grounded all its flights worldwide yesterday claiming a power outage in Atlanta caused the system to go down. The power company said when the Delta systems went down, it took down the power. Still others speculated that it might be a hack. Dwayne Melancon, CTO at Tripwire commented below. Dwayne Melancon, CTO at Tripwire: “I have heard that the cause was a fire during a cutover to backup generators, which seems plausible. Furthermore, Delta has consistently claimed (including a statement by Delta’s CEO) that this incident was the result of a power outage.If this were caused by a hack,…
Hilton Hotels recently sent out an email to customers that looked so much like a phishing attempt that its own IT support team advised customers it was a scam. Agari, a specialist in helping companies secure emails against phishing and cybercrime commented below. Patrick Peterson, Founder and Executive Chairman at Agari: “This incident at Hilton illustrates that trust in the email ecosystem today is brittle at best. Clearly new approaches to address phishing and protect consumers and brands alike are required, especially by organisation with large member or consumer bases. “Relying on consumers, or in this case Hilton’s own IT…
Up to 100 million cars could be unlocked and potentially stolen by simply copying the radio frequency used in remote control locking systems, computer scientists say. IT security experts from MIRACL and AlienVault commented below. Brian Spector, CEO at MIRACL: “These vulnerabilities demonstrate the serious problem of verifying the identities of people using the connected devices within today’s cars. Having very limited encryption, identity management and data protection within such a powerful computer is extremely dangerous and poses a real and serious threat to everyone using our roads today. Move forwards to the increasing trend for driverless cars, and the…
Lieberman Software Webinar Explores the Growth of the Linux Platform, the Rise of Cyber Attacks Against Linux and How to Defend Against These Threats with Scalable, Automated Security LOS ANGELES. The growth of Linux in the enterprise has accelerated rapidly since the launch of Amazon Web Services (AWS) 10 years ago. Linux is widely adopted as the platform of choice for the cloud, becoming the backbone operating system of the majority of IT. With the rise of Linux, however, there has also been a spike in cyber attacks targeting the platform. Just like with other operating systems, Linux hosts with…
Hackers have breached the official developers forum of Dota 2, stealing the details of almost 2 million users including usernames, emails, user identifiers, passwords and IP addresses. The hackers reportedly exploited a SQLi vulnerability in the forum’s vBulletin software. The hashed passwords used the outdated MD5 algorithm, which was declared ‘cryptographically broken and unsuitable for further use’ by the CMU Software Engineering Institute back in 2009. LeakedSource went on to crack 1.54 million of the scrambled passwords with rudimentary cracking tools. Security Experts commented below. Thomas Fischer, Threat Researcher & Global Security Advocate at Digital Guardian: “Valve Corporation, just like many successful…
It seems today, it’s no longer a question of if you will be breached, but when. Despite the best efforts of traditional perimeter, network and endpoint security defenses, breaches have continued – and will continue – to occur. Why? Cyber-attacks are growing increasingly sophisticated and elusive. Attackers are slowing down their activities to hide exfiltration in the noise of normal traffic. This has translated into data breaches going undetected for more than 200 days (Verizon Data Breach Report), and 69% of breached organizations finding out they were breached from outside their organization (Mandiant M-Trends 2015). We are getting smarter about…
Following the rising circulation of Hitler-ransomware as reported by Bleeping Computer, Thomas Pore, Director of IT at cyber security firm Plixer, commented below the reason this variant does not actually encrypt files, why he thinks we’ll see a mature version of this soon and what users can do to avoid being hit. Thomas Pore, Director of IT at Plixer: “Ransomware, or ‘Ransonware’ in this case, is not going away any time soon. Why? Because it’s very successful. Users love to click on URLs and open attachments. A German string found in the malware “echo Das ist ein Test”, translates to “This is a…
It’s the time of year where back to school is on the minds of many. As your brain shifts out of summer vacation mode, remember the cardinal rule of security and put it into practice: don’t provide administrative access to anyone who doesn’t absolutely have to have it. Users should ALWAYS have the least privilege they need for their jobs. For this month’s Patch Tuesday, Microsoft published 9 bulletins; 5 of which are critical. In all 5 critical updates, the attacker seeks to gain user rights. If your user has administrative rights and that attacker was successful, your ship has sunk. In…
Proofpoint researchers noticed a variety of election-themed emails during June and July- everything from straightforward text-based spam with embedded links to credential phishing. What is interesting is that samples skew heavily towards lures featuring the Republican nominee, Donald Trump; who had nearly 169 times as many spam lures as those featuring his Democratic opponent, Hillary Clinton. Whether they used graphics or text, the lures followed two general themes: Surprising election news by or about Trump: These usually had a fake sending alias of a major news organization like CNN or Fox News. Names and sometimes branding for both liberal and conservative…