Following the news about the Fiat Chrysler offering a bug bounty program. Art Dahnert, Consultant at Cigital commented below on this bounty program. Art Dahnert, Consultant at Cigital: “I’ve looked at the BugCrowd profile for the FCA bug bounty and it looks like they are just dipping their toe in the water. They are specifically staying away from the automotive platforms, meaning the cars themselves. The domains in scope are ancillary integration services for some of the vehicle components. They gave a well-defined list of what types of vulnerabilities are important, which helps with keeping the “signal to noise” ratio low. The…
Author: ISBuzz Team
Researchers have found government malware on the Dark Web that could be used against energy grids. Black Energy was used in the Ukrainian Power Grid attacks in December of 2015 and could pose a threat to energy grids around the world. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire and Dwayne Melancon, CTO of Tripwire commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “We’ve already seen that the industrial systems controlling the power grid can be vulnerable to cyber attacks. It’s no surprise that governments are investing in an expanding…
What’s the first thing you do when you wake up in the morning? Do you pick up your phone to check social media, the latest news and weather? Or are you straight into work-mode? The modern workplace is constantly connected. In many ways, connected devices are becoming an extension of our physical being, permanently within reach and “always on”. Increasingly, people sleep next to their phones, check devices at meal times, and even connect while on holiday. It is becoming almost impossible for many people to switch off from work in personal time and instead, working much longer hours. The…
It has emerged that a new strain of malware, which security researchers say was most likely created by nation-state attackers, has infected at least one European energy company. SentinelOne Labs’ searchers’ claim the malware, dubbed SFG, bears the hallmarks of a nation-state attack and is designed to bypass both traditional anti-virus software and firewalls. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB, a global network and application security provider commented below. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB: “I doubt anyone would disagree, taking down a power grid for an extended period of time would be disastrous for a modern…
ESET Ireland warns of fake Pokémon GO apps appearing, giving attackers full control over a victim’s phone. Since 2015, thousands of aspiring Pokémon trainers have been waiting for the release of Pokémon GO, the augmented reality game that will allow players to catch hidden Pokémon’s in the real world and conquer “gyms” through the internet, traveling both physically as well as within the app itself. Niantic Inc., the game’s developer, with the support of Nintendo and The Pokémon Company, has so far only made it freely available to users in the US, Australia and New Zealand. The rest of the…
Scientists at the University of Florida (UF) say they have developed software that can stop ransomware in its tracks. The solution – dubbed CryptoDrop – detected the malware and stopped it after it had encrypted just a handful of files, said its developers. IT security experts from Tripwire, ESET and AlienVault discuss what this new software means. Tim Erlin, Director, Security and IT Risk Strategist at Tripwire: “While the malware itself is a serious problem, we seem to have given up on solving the problem of how it gets onto devices. Users have been clicking on malicious emails for a lot longer…
Even the technology that promises to unite us, divides us. Dan Brown, Angels & Demons The way digital enterprises connect with their customers is changing. Consumers are demanding more trusted and personalised experiences in exchange for their personally-identifiable information (PII), while businesses are struggling to protect user privacy in light of growing global security and privacy concerns. Traditional authentication solutions and methods were simply not built to bridge this widening gap. As consumer patience for archaic security barriers like username and password combinations starts to wane, enterprises must find a way to secure millions of identities while still providing streamlined customer…
As application development tools go, Node.js is already one of the fastest options available due to several key features, such as its asynchronous and event-driven nature. However, as consumer expectations for their applications change and users expect ever increasing performance and speed, it’s become even more important than ever to maximize the speed of your applications. At the same time, that speed cannot come at the expense of security. Fortunately, there are ways that you can improve the performance of your applications without sacrificing — and in some cases, actually improving — security. Use Cache Caching data that you don’t…
Joanne Godfrey, Director of Corporate Communications & Strategy at AlgoSec, examines the conflicting views of security between IT teams and Senior Executives and discusses the problems this causes organisations. We recently released the findings of our latest survey, examining the State of Automation in Security. It showed that many companies are struggling. Struggling to rollout new business applications, struggling to migrate to the cloud or enter the software defined data era, struggling with outages, struggling to comply with regulatory requirements, and of course struggling to fend off the ever more sophisticated cyber-attacks. And the reason? Security policy processes…or more specifically manual management…
Scientists at the University of Florida (UF) say they have developed software that can stop the growing problem of ransomware in its tracks. In the response of this news, security experts provides an insight on this research below. Richard Cassidy, cyber security evangelist at Alert Logic: “Ransomware is indeed a global problem, reaching epidemic levels given many high-profile cases this past while, where ransom payments have been made. The industry is constantly striving to innovate in ransomware detection and prevention, with technologies across the stack (endpoint to point of entry into network) trying all in their power to come up with new and effective…