Critical vulnerabilities discovered in Symantec and Norton security products. Here below Chris Wysopal, CTO and co-founder at Veracode, reflecting on how security software is second to worst category of software for application security. Chris Wysopal, CTO and co-founder at Veracode: “The critical vulnerabilities discovered in Symantec and Norton security products are not a surprise – Veracode’s State of Software Security v3 (SoSSv3) report shows security software is second to worst category of software for application security. And in general the code you buy is worse than the code you build because the operator of the software retains all liability not the software vendor.…
Author: ISBuzz Team
Financial institutions have had a torrid time of it of late, as the echoes of the Bangladeshi SWIFT attack continue to reverberate. With a solid $81m still missing, and bickering between stakeholders over responsibility for the compromise just beginning, the headlines aren’t making good reading for the industry. Was the problem a flaw in the global SWIFT system, or a more localised issue, as some reports claim cheap switches and un-firewalled routers could be to blame – it’s not for us to speculate, but the incident comes as no surprise. Many financial institutions fail to perform comprehensive risk analysis and…
Following the news about Niche dating site, Muslim Match has been breached with nearly 150,000 user credentials and profiles posted online as well as over half a million private messages between users. IT Security experts from MIRACL and AlienVault commented below. Brian Spector, CEO of MIRACL: “Dating site hacks are becoming a cliché, just like hospitals falling victim to ransomware. There was the controversial Ashley Madison as well as what are probably long forgotten by now, Beautiful People, Plenty of Fish, Match.com, the list goes on and on.. What’s worrying is that Muslim Match doesn’t seem to have been encrypted, which…
With data breaches and ransomware in the news every day, it’s no surprise that over 177 million personal records were exposed in 2015, according to the Identity Theft Resource Center. While IT teams are already overwhelmingly tasked with ensuring perfect availability and performance of IT networks and infrastructure, now they must also secure their networks from cybercrime to protect their company’s data, reputation and business. Safeguarding your company from cybercrime is no small feat but the consequences of failing to do so are severe – the average cost of a data breach is around $4 million, according IBM. We get it. You’re…
Survey reveals IT teams will struggle to cope with added security pressures brought on by the Euros The European Cup will be watched by millions of fans across the world, however because of its immense popularity it is also an ideal platform for cybercriminals to launch attacks, and a new survey from internet security firm ESET has revealed that almost a third of IT professionals believe the tournament will put an extra burden on their company’s IT teams which they will struggle to cope with. Commenting on the findings, Mark James, security specialist at ESET said: “The tournament is also…
Security Information and Event Management (SIEM) systems have been the cornerstone of many IT security monitoring strategies. But as the threats facing organizations and the tools used to protect against them have become more complex, SIEMs have become more like sieves. Sieve. /siv/ noun. 1. A utensil consisting of a wire or plastic mesh held in a frame, used for straining solids from liquids, for separating coarser from finer particles, or for reducing soft solids to a pulp. How Did This Happen? With attacks from highly-skilled adversaries hitting organizations from multiple vectors in order to exploit any potential weakness, security…
Following the news about the ransomware attack on Office 365 users IT security experts commented below. Ryan Barrett, VP of Security and Privacy at Intermedia: “The most recent zero-day attack targeting Office 365 email users sends a clear message to organisations working to defend themselves against ransomware: it’s only going to get more difficult. Safeguarding sensitive files from ransomware is an important factor in any defence strategy, but how quickly an organisation can get back up and running is equally important. Business continuity solutions, which perform instant mass rollbacks to restore entire file archives to uninfected versions and devices, can…
Organisations that fail to take data seriously are not only risking the safety of their customers’ most sensitive information, but also gambling with their own business reputation. Matt Bryars, CEO of Aeriandi discusses the importance of data storage, archive and retrieval solutions and why the cloud may hold the answers businesses are looking for. There are many reasons why organisations record their customer and business calls. Whether for training purposes, compliance adherence or other business processes, the volume of call recordings being generated today is growing at an exponential rate. However, with each recording made comes important questions that need…
Security researchers have found a resurgence of Conficker and networm32.kido.ibmalware that is being used to attack IoT Hospital Devices like MRI machines, CT scanners to steal patient medical records from hospitals. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire commented below. Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire: “Keeping devices on current operating systems, updating software and installing security patches might not be exciting, but it’s proven to reduce the number of successful attacks. As other industries have ramped up security due to increased breach activity, attackers are migrating to less protected…
Following the news about a hacker claiming to have broken into multiple healthcare databases across America has listed a fresh trove of 9.2m records on a Dark Web-based marketplace for 750 bitcoin (£368,000). IT security experts commented below. Ondrej Kubovic, IT Security Specialist at ESET: “The attacker found vulnerabilities in the affected companies’ systems that allowed him to get access to the records, then – apparently unsuccessfully – demanded “a small fee to prevent the leak” and now he/she is trying to sell the loot on a dark web marketplace. There is no guarantee that the data is genuine, but we can assume that the…