Delayed software updates enable cybercriminals to exploit mobile apps; Pinkslipbot Trojan returns with new capabilities NEWS HIGHLIGHTS McAfee Labs identifies more than 5,000 versions of 21 consumer mobile apps containing colluding code capable of a variety of malicious activities New strain of Pinkslipbot Trojan features anti-analysis and multi-layered encryption New ransomware grew 24% quarter-over-quarter in Q1 2016 Threat researchers saw a 17% quarter-over-quarter increase in new mobile malware samples in Q1 2016 Mac malware spiked Q1 primarily due to an increase in VSearch adware LONDON, UK. Intel Security today released its McAfee Labs Threats Report: June 2016, which explains the dynamics…
ISBuzz Team
Apple has announced that Siri will be coming to the next Mac OS, and for the first time the digital assistant will be compatible with third party apps such as WhatsApp and Uber. Ipswitch has just commissioned a survey with FreeForm Dynamics that found, as virtual assistants are given more access to operating systems and apps that contain sensitive data, there are increasing concerns about security and deskilling in the IT industry. On this news, Michael Hack, SVP of EMEA Operations at Ipswitch commented below. Michael Hack, SVP of EMEA Operations at Ipswitch: “Apple’s announcement that it is bringing its virtual assistant Siri to the…
Patent-pending social media security protects brands and customers from targeted Angler Phishing attacks that involve fake customer care accounts designed to steal customer credentials London, UK. Proofpoint, Inc., (NASDAQ: PFPT), a leading next-generation cybersecurity company, today announced new functionality that safeguards customer service interactions on social media. Available today, Proofpoint Angler Phish protection is the first solution to help brands proactively detect and facilitate the take down of fraudulent customer service accounts and stop hackers from hijacking customer care requests on social media. An increasing number of companies are using social media to provide customer support. Angler Phishing exploits this trend through the…
Secure Cloudlink – SaaS Providers Edition eliminates password proliferation, improving revenues, application security and the user experience A new solution that not only reduces the risk of cyber attacks, but also cuts development and support costs through the elimination of passwords, has been launched for SaaS solution providers. Secure Cloudlink – SaaS Providers Edition has been designed from the ground up by British cloud security software company Secure Cloudlink Ltd. The innovative and groundbreaking security application provides anonymised authentication to SaaS, cloud or on-premise applications without storing, replicating or transmitting passwords anywhere outside of the directory services. Using a patented…
Following the news that a Thames Valley police officer has been sentenced for leaking confidential material including witness statements to his father, Justine Cross regional director at Watchful software commented below. Justine Cross, Regional Director at Watchful Software: “The police officer sentenced for sending confidential police material to his father demonstrates the need for much tighter controls on how data is managed. “Police have a duty to ensure that all investigative information is kept safe, especially when it concerns vulnerable people at risk of violence. Fortunately, this leak seems to be a case of mere bravado, but it could a corrupt…
A10 Networks reports that companies suffer an average of 15 DDoS attacks a year A10 Networks (NYSE: ATEN), a leader in application networking and security, today announces a new report with IDG Connect, “DDoS: A Clear and Ever Present Danger.” The report, which surveyed 120 IT decision makers at large organisations, finds businesses locked in combat with a growing army of online attackers. It finds that the average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes. As DDoS attacks become more popular, they are also growing…
Following the news that another Flash zero-day is being exploited in the wild and users have days to wait for a fix, Gavin Millard, Technical Director EMEA at Tenable Network Security commented below. Gavin Millard, Technical Director EMEA at Tenable Network Security: “It’s becoming ever more critical that organisations reduce their reliance on Flash within the enterprise, continuously monitoring for usage, uninstalling where possible and enabling click to play where it’s not. Flash has been the favoured attack vector for exploit kit authors for the last 18 months, with many of the ransomware variants leveraging known vulnerabilities to deliver their code.…
As Microsoft has released their patches for the month of June, Adam Nowak, Rapid7 Active Lead Engineer at Rapid7, has provided his commentary below. Adam Nowak, Rapid7 Active Lead Engineer at Rapid7: “June continues an on-going trend with Microsoft’s products where the majority of bulletins (7) address remote code execution (RCE) with elevation of privilege as a close second (6); the three remaining bulletins address information disclosure(2) and denial of service. All critical bulletins are remote code execution vulnerabilities affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services and Web Apps as well as Windows (client and server). However, this…
Following the news that Flocker Android Ransomware is now infecting Smart TVs, experts from PRPL Foundation, Imperva, Proofpoint and MIRACL, commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “There is not really anything special about this attack; the malware operates in the same way to other malware on Android devices and we have seen a few cases with smart TVs in the past with LG TVs. Users need to be careful if they are using multiple devices that run on the Android platform, as it can move more easily from one device to the next. “Manufacturers can help eliminate the headache…
As reported in the WSJ today: “Fair Isaac Corp., known for its US-standard FICO consumer-credit scores, waded deeper into online security Tuesday with the acquisition of cybersecurity startup QuadMetrics. The terms of the deal were not disclosed. The company said it plans to leverage QuadMetrics’s predictive analytics and security-risk assessment tools to develop an industry-wide “enterprise security score” for businesses. The security score is meant to provide an “easy-to-understand” metric to help chief information officers and other corporate IT decision-makers gauge their company’s online risks, while managing risks from third-party software vendors. It can also act as a guide for cyber-breach insurance underwriting, the company said.” Security experts from VASCO Data Security and Lastline responded below. John…