Web application security is a very hot topic these days, as shown by the variety of websites falling victim to hacking. One financial organisation fell foul to a data breach exposing over 1.4GB of customers’ data, including full personal data and credit card information. It was suspected that this bank was compromised via an SQL injection vulnerability. In such an inhospitable climate, how can CISOs and their security teams respond to the growing cybersecurity risks that threaten insecure web applications? Risk Acceptance Data breaches are just the tip of the iceberg and there are many more successful attacks that simply remain undetected…
Author: ISBuzz Team
The ability to stop ransomware and other damaging forms of cyberattack before they cause harm has placed Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, and its rapidly growing DatAlert solution at the centre of the global battle being fought by organisations to protect their valuable data. Varonis said attendance nearly doubled at its annual series of Varonis Customer Connect events, held in 20 cities across the U.S. and Europe during April and May 2016. At each Varonis Connect event, customers have shared stories of ransomware and other attacks that have been stopped thanks to…
Microsoft warned of malware authors who are using its legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Speaking about how phishers will use Office capabilities such as OLE and Macros, Jon French, security analyst of AppRiver, explains in detail below. Jon French, Security Analyst at AppRiver: “Macro and object linking and embedding (OLE) malware, especially in the world of business, is dangerous since handling documents is a normal day-to-day task for most people. A user being given the power to run a malicious macro or open a bad OLE is the default permission on Windows’ machines.” Turning…
Introduction Every Internet shopper has encountered at least one online store selling “big ticket” items at unbelievably low prices. Users do not need to search far and wide for websites offering generous discounts and, in the process, may discover, that in many cases, such deals are too good to be true. Unfortunately, despite their better judgement, many Internet shoppers choose a good deal over good sense. That pursuit of a good deal often leads shoppers to encounters that involve replica products or merchants who are less than trustworthy. When browsing a local discount store, the shopper is put at very…
Following the news that Acer has suffered a data breach on its e-commerce site due to the unauthorized access of a third-party. Acer is not saying how many users were affected by the intrusion but revealed that data such as names, addresses, payment card numbers, card expiration dates and three-digit security codes (CVV numbers) may have been compromised. IT security experts from AlienVault, ESET and Cryptzone commented below. Javvad Malik, Security Advocate at AlienVault: “Breaches as a result of third parties are not something new. The nature of business today is that organisations rely on many partners and suppliers to provide services to…
To many people, the Internet of Things (IoT) still sounds rather futuristic. However, it is already here and improving lives on a global scale. In 2015, Business Insider reported 10 billion devices were connected to the internet, with the prediction of this figure to increase by 28 per cent to 34 billion devices by 2020. The concept of IoT is simple. Multiple machines, devices and appliances connect to each other through multiple networks, including the internet, to provide consumers and businesses with new services and opportunities. For example, smart energy meters can eliminate the need for estimated bills, or vending machines which provide…
Research Highlights Bot Defense Performance Across 1,000 Top Websites in Consumer Services, Financial, Government, News and Media and Retail Sectors San Francisco, CA. Distil Networks, Inc., the global leader in bot detection and mitigation, today announced the findings of a new study that evaluated how top websites performed when attacked by advanced, evasive, simple and crude bots. This data was revealed today as one criterial component of the Online Trust Alliance’s (OTA) Online Trust Audit. Now in its 8th year, the Audit and Honor Roll recognizes excellence in the adoption of best practices in consumer protection, security and responsible privacy practices. The audit…
A cyberespionage group called Sofacy has launched a fresh attack against the US government, using a “new persistence mechanism” designed to help evade detection. The campaign involves sending government officials spear-phishing emails from the email address belonging to the ministry of foreign affairs of another nation, indicating that the sender’s account may have been compromised. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: How big is this threat? “Like most of these threats they are only big if they are successful, these types of threats rely on user interaction; they require you to actually trigger the…
Following the news that white hat hackers have found more than 100 vulnerabilities in the Pentagon’s infrastructure under its bug bounty program, Ken Gannon, security consultant at MWR InfoSecurity commented below. Ken Gannon, Security Consultant at MWR InfoSecurity: “A big part to take away from all of this is US Defense Secretary Ashton Carter’s statement saying that the cost of vulnerability discovery dropped because of the bug bounty program. This is the thought process other companies should be adopting; bug bounty programs are beneficial to companies. Malicious researchers and black-hat hackers are constantly finding vulnerabilities and not disclosing them for personal gain. This…
Infoblox Inc. (NYSE:BLOX), the network control company, today announced results of the Infoblox Security Assessment Report for the first quarter of 2016, which finds that 83 percent—more than four out of five—of enterprise networks tested by Infoblox show evidence of malicious DNS activity. Infoblox, an industry leader in securing Domain Name System (DNS) infrastructure, offers free security assessments to customers and prospective customers, identifying DNS queries inside an organisation’s network that are attempting to reach known malicious or suspicious domains. External threat data from these evaluations is anonymised and aggregated to produce the Infoblox Security Assessment Report. In the first…