ISBuzz Team

LAS VEGAS, Nevada.  Imperva, Inc. (NYSE: IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today released its new Hacker Intelligence Initiative (HII) Report: “HTTP/2: In-depth analysis of the top four flaws of the next generation web protocol” at Black Hat USA 2016. In the report, researchers at the Imperva Defense Center  document four high-profile vulnerabilities in HTTP/2 – the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure which then becomes vulnerable…

Bitcoin plunging in value because hackers stole about $65 million of the digital currency,Jon Geater, Chief Technology Officer at hales e-Security commented below. Jon Geater, Chief Technology Officer at Thales e-Security: We as an industry are working to develop blockchain, a key underlying technology on which bitcoin runs, in order to take advantage of the exciting opportunities it opens up for connected markets and online living.  But the world has to realize that blockchain and bitcoin are not magic: they are not silver bullets to all security and state interference problems; they are only technology.  There’s a long way to go…

Web hosting provider 123-reg was hit by a +30Gbps DDoS attack between 10.10am and 10.40am this morning. The servers managed to stay online thanks to the company’s DDoS protection platform, however critical applications such as email, control panels and websites (including 123-reg’s own website) were down for a large number of customers. Wieland Alge, VP and GM EMEA at Barracuda Networks commented below. Wieland Alge, VP and GM EMEA at Barracuda Networks: “30 minutes may seem like an effective response time against such a powerful DDoS attack, however a survey from IDC last year found that the average cost of critical application failure was…

The legal battle between Apple and the FBI is several months in the rearview mirror, but the continuing battle for technology and privacy is still ahead of us. The long fight between the world’s largest technology company and the most powerful law enforcement agency left us with more questions than answers. Even though Apple may have won the battle, the war between the government and our digital privacy is just getting started. ATragedy in California The building tension between the U.S. government and the privacy of the American people goes back to 9/11; however, this particular incident started with a terrorist…

Reports are circulating about a huge data leak of 200 million Yahoo users. This data is being offered for sale on TheRealDeal dark web market by “peace_of_mind” (aka Peace). The batch of data is, apparently, being sold for 3 Bitcoins and contains usernames, passwords and dates of birth. For users based in the United States, the dump also includes backup email addresses and users’ ZIP codes. Rizzo, technical director EMEA at HPE Security – Data Security and Brian Spector, CEO at MIRACL commented below. Brendan Rizzo, Technical Director EMEA at HPE Security – Data Security: “Enterprises need to follow best practices of encrypting all sensitive personal data as it…

New SandBlast Agent for Browsers plug-in prevents the latest web-based malware, phishing and credential theft attacks using cloud-based analysis  Check Point has announced SandBlast Agent for Browsers, an anti-malware and anti-phishing extension for web browsers to address the rapid growth in web-based malware and social engineering attacks.  The solution protects users against malicious files and content downloaded from infected websites byseamlessly adding real-time, low-footprint protection against attacks into users’ web browsers. Files downloaded from the web are a leading entry point for malware onto networks.  An upcoming SANS survey, Exploits at the Endpoint: SANS 2016 Threat Landscape Study, shows: 41% of the respondents experienced…

When IT leaders talk about their employees improving their skills, these days much of the conversation revolves around soft skills. The ability to communicate technical information to a non-technical audience, for example, is important as IT becomes more integrated with overall business functions and innovation within the organization. Leadership, interpersonal skills, project management skills, and organizational skills are also listed as priorities for managers, but even with the increased priority being placed on those intangibles, technical skills, especially in the realm of security, still matter. Why security? Cybercrime is a global threat, and is no longer simply a technical issue…

Image: tanuha2001 / Shutterstock.com In regards to the recent reveal that WhatsApp stores chat logs, even when users believe that they have deleted them, Richard Stiennon, Chief Strategy Officer at Blancco Technology Group and Former VP of Research at Gartner commented below. Richard Stiennon, Chief Strategy Officer at Blancco Technology Group: “Security researcher Jonathan Zdziarski recently revealed that mobile messaging application WhatsApp stores chat logs, even after they are supposedly deleted. Simply deleting, clearing or archiving chat logs is not enough to remove the forensic trace that is left on mobile devices. Most consumers are still unaware of the difference…

It hasn’t come exactly as a bolt from the blue, but even longtime security practitioners have been taken aback by how fast and furious the spread of ransomware has been. I’ll admit up front that I haven’t conducted an exhaustive review of the “2016 Security Predictions” articles that came out late last year–for one thing, there are way too many, and for another, they contain a lot of the same material–but I don’t think that in general they elevated the specter of ransomware to the level it (unfortunately) merits. In case you’re visiting from another planet or have been in…

Image of Whatsapp courtesy of tanuha2001 / Shutterstock.com It has been reported that the latest version of WhatsApp leaves forensic traces of chats, even after they have been deleted. The security researcher that discovered the bug said that the only way to properly delete them is to delete the app entirely. The security experts from Alert Logic, NSFOCUS, and ESET and Comparitech.com commentedbelow. Richard Cassidy, Cyber Security Evangelist at Alert Logic: “Full preservation of privacy can be obtained for data in transit; that is to say when your messages are sent from your computer/phone to another user, the encryption that they are sent with can provide the highest…