A hacker known as Guccifer has stolen files from the Democratic National Committee and has revealed the top Democratic Donors, their addresses, e-mails and phone numbers, how much they donated and more. The list, given to The Hill, includes such Hollywood names as David Geffen, Jeffrey Katzenberg, Tom Hanks, Judd Apatow, Magic Johnson, Elon Musk, Diane Keaton and Rob Reiner. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “The story here is the disclosure of celebrities’ personal information, not the fact that…
ISBuzz Team
New flaws that could be exploited by hackers have been uncovered in the Common Gateway Interface (CGI) widely used by web sites. According to the site https://httpoxy.org/ the httpoxy set of vulnerabilities affect application code running in CGI, or CGI-like environments, including PHP, Go, Python and others. Christopher Fearon, director of security research at Black Duck Software commented below. Christopher Fearon, Director of Security Research at Black Duck Software: “It’s extremely likely that these flaws will lead to attacks since the flaw is easy to exploit. But mitigation is quick to perform, although many separate pieces of open source software are affected and must be patched separately.” “Simply block…
Toby Scott-Jackson, senior security consultant at SureCloud explores how penetration testing has changed – and how it must continue changing in the future. Penetration testing has, quite rightly, become part of the basic IT security vocabulary. It is a core element in any organisation’s security strategy, a crucial tool in the fight against cyber criminality. But that’s not to say that penetration testing is a static entity. Rather, it has undergone an evolution to get to this point – and, crucially, it must continue evolving in order to continue supporting and enhancing organisations’ security postures. To explore the future evolution…
A new vulnerability discovered that could be exploited by attackers, could allow them to take complete control over mobile phones and key parts of the world’s telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks. Craig Young, Cybersecurity Researcher for Tripwire commented below. Craig Young, Cybersecurity Researcher at Tripwire: “Common components used by many products are very attractive targets for attackers. Code for parsing or decoding data can be particularly risky and should be carefully inspected before use, but unfortunately vendors commonly make the assumption that 3rd party code is secure. In this particular case, the flaw…
Today’s digital threats are more numerous and sophisticated than ever. As a result, many in the security industry feel organizations can no longer adequately defend their networks by themselves. Those analysts feel the threat environment is evolving too quickly. Modern threats know no boundaries, they argue, which is why companies and governments alike need to work together to improve their state of preparedness. Recognizing that need for collaboration, OASIS will be hosting Borderless Cyber Europe on 8-9 September, 2016 in Brussels. In collaboration with its partners, OASIS has designed the conference to provide expert insight on the international advances in…
The European Court of Justice (ECJ) has just clarified that the collection of bulk data from telephone calls and emails – such as that within the IP Bill – is only legal if law enforcement agencies use it to tackle ‘serious crime’. Security experts at MIRACL and AlienVault commented below about what this means for privacy and security in the UK. Brian Spector, CEO at MIRACL: “It’s great that the EU’s highest court is questioning the legality of the IP Bill with more scrutiny and conviction than our MPs did back in March. However there are still plenty of grey…
In just a few weeks, thousands of athletes and fans from around the world will gather in Rio de Janeiro for one of the world’s most widely anticipated international sporting events, the Olympics. However, as one of the most popular events, the Olympics also entices cyber criminals and scamsters to take advantage of unsuspecting users who might be searching for related news, the event schedule and online streams. At ThreatLabZ, we are always on the lookout for threats taking advantage of major world news and events, and recently found some examples of exploit kit traffic coming from Olympics-related content. As is usually…
New capabilities support business-driven approach to security policy management AlgoSec, the market leader for Business-Driven Security Policy Management, today announced the availability of AlgoSec AutoDiscovery. An integral component of AlgoSec’s industry-leading security policy management solution, AlgoSec AutoDiscovery automatically identifies all business applications and services based on actual traffic flows, and generates an up-to-date connectivity map for all applications — without requiring any prior knowledge or manual configuration by security, networking or application experts. Companies often struggle to identify their applications and their dependent network traffic flows across today’s complex enterprise environments. This is because they have little to no up-to-date…
Pokemon Go login servers were hit by hackers with a DDoS attack, leaving players frustrated and unable to log into the game. In light of this news, Paul Heywood, MD EMEA, Dyn, the Internet Performance expert commented below, on best practice for businesses when it comes to preparing for DDoS attacks. Paul Heywood, MD EMEA at Dyn: “Since the launch of Pokémon Go, it’s all people can seem to talk about. But perhaps following this weekend, conversations haven’t been all that positive, as players found themselves unable to log in to the game as the result of a suspected DDoS attack. As we can see,…
While researching the dangerous banking trojan, Lurk, Kaspersky Lab security experts have found that criminals behind this malware used legitimate software for infection purposes. While unsuspecting users were installing legitimate remote access software from a software developer’s official website (ammy.com), they unwittingly had malware leaked onto their machines. The Lurk gang was arrested in Russia in the beginning of June 2016 and was using a namesake multilayer trojan. With its help, they reportedly managed to steal 45 million dollars (3 billion rubles[1]) from banks, businesses and other financial institutions in the country. To propagate the malware, they used different malicious techniques, including watering…