In my work as a penetration tester for SureCloud, I’m often asked to look at unusual, out-of-the-ordinary vulnerabilities. This was the case when a major UK financial institution asked us to test for vulnerabilities in its radio frequency (RF) networks, looking at its WiFi networks, digital mobile radio (DMR) systems, cordless DECT phones, Bluetooth devices and more. These days, a great deal of office networking and comms equipment runs over RF than was previously the case, so the organisation was concerned that its data and networks may be exposed to potential vulnerabilities from vectors that they hadn’t tested before. You…
ISBuzz Team
Following the news that the two researchers who hacked the Jeep Cherokee car last year during BlackHat have now hacked it again with a similar attack, Paul Farringdon, senior solution architect at application security specialists, Veracode commented below. Paul Farringdon, Senior Solution Architect at Veracode: “With security researchers Charlie Miller and Chris Valasek’s latest connected car hack enabling them to apply a car’s breaks or spin the steering wheel remotely, the security of connected vehicles has once again been called into question. This time the researchers were able to access the car’s computer using a cell phone that links to Chrysler’s Uconnect system.…
It has been reported that UK card fraud rose a staggering 18 percent in 2015, the sharpest rise across the whole of Europe. The UK, Denmark and France stand to benefit the most from additional security measures for card payments, and additional investments from merchants and issuers. Further, 10 of the 19 European countries monitored suffered more card fraud in 2015 than in 2014. Robert Capps, VP at NuData Security commented below. Robert Capps, VP at NuData Security: “I’m saddened but not shocked to see these findings. Coupled with the data that cardholders have very high expectations, that they aren’t willing to change their habits…
So it might not be immediately apparent but when I am not hacking things and complaining about the lack of security in businesses, I also do mundane things. I tidy the house, I go shopping for soy milk and vegetables, I have recently adopted running and when i’ve done all the basics of life, I even try to complete the stack of things that mount up whilst I am hard at changing the world – one job at a time. It seems though sometimes I can’t escape my habit of finding weaknesses in things. My dad said I had a…
Twitter scammers have a new weapon with the release of an effective spear phishing tool that lands a victim almost two thirds of the time, dwarfing the usual five-to-fifteen-per-cent-open-rate for spam tweets. The SNAP_R machine learning spear phishing Twitter bot is a data-driven menace unleashed at the Black Hat security conference that is capable of consuming information from victim tweets to target users. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: How interesting/innovative is this? “For a lot of people phishing emails can be easily spotted, bad grammar, terrible spelling, completely “out of context”…
Following the news about banner health breach, IT security experts from Balabit, InfoArmor and VASCO Data Security commented below. Csaba Krasznay, PhD, Product Manager at Balabit: Although worldwide data protection laws emphasize the highest levels of care for healthcare data, hospitals usually don’t have sufficient money and expertise to get their IT infrastructure’s security aligned with real threats. This year alone, many healthcare institutes around the world have suffered ransomware campaigns, resulting in serious outages in service. The US and Canadian governments even issued a joint alert. (http://www.reuters.com/article/us-cyber-ransomware-alert-idUSKCN0WY3BN). But this is just the surface of the problem. Patient data has real value…
AppRiver has warned of a ‘free iPhone 7’ scam that is currently circulating. Paul Tolbert – Email Security Specialist at AppRiver commented below. Paul Tolbert, Email Security Specialist at AppRive: ” With the imminent release of the iPhone 7, consumers and media outlets alike have been casting their predictions on what’s in store for Apple’s latest smartphone. Rumors and unverified “leaked” images of the mobile device continue to circulate on the Internet. It’s no wonder that cybercriminals seek to take advantage of this golden opportunity by offering consumers a “free iPhone 7.” An image of the scam is also available here: https://blog.appriver.com/wp-content/uploads/2016/08/iphone7scam.jpg| Paul continues,…
Significant security flaws have been discovered in Ruckus routers, according to new research from Tripwire Cybersecurity Researcher, Craig Young. Findings include: Authentication Bypass: All requests containing a particular string received ‘200 OK’ responses. By creatively adding this string to other requests, I was able to get response data intended only for authenticated queries. This is a behavior I have observed in routers from NETGEAR, TrendNET and Asus. Denial of Service: There is a particular page accessible over HTTP without authentication that, when requested over SSL, causes the management interface to become unavailable. This is a serious issue as the product…
A new report by Experian has revealed that nearly a quarter of all identity fraud victims in the UK last year were tech savvy mobile and social media users. The group, which represented 8% of the population, also experienced a 17% rise in victims when compared to 2014. Robert Capps, VP of Business Development at NuData Security, an award winning behavioural biometrics company commented below. Robert Capps, VP of Business Development at NuData Security: “This is yet another reminder for those of us who spend a significant amount of time online, that we can’t become complacent when it comes to our online habits. We all need to practice good…
Businesses are feeling tremendous pressure to ensure their organisation is data-driven in order to remain competitive. Yet C-Suite surveys show there is still quite a bit of confusion that remains about how to implement an effective data culture. According to a recent report by KPMG Capital, 96 percent of enterprise companies surveyed admitted they could do more with big data and make better use of analytics in their organisation. So why are the vast majority of large enterprises today struggling with how to turn data into insights, and insights into a competitive advantage? Most organisations today are struggling with how to…