Check Point has revealed the most common malware families being used to attack organizations’ networks and mobile devices globally in February 2016. For the first time, malware targeting mobiles was one of the top 10 most prevalent attack types, with the previously-unknown HummingBad agent being the seventh most common malware detected targeting corporate networks and devices. Discovered by Check Point researchers, Hummingbad targets Android devices, establishing a persistent rootkit, installs fraudulent apps and enabling malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises, with the aim of intercepting corporate data. Check Point…
Author: ISBuzz Team
Talktalk have announced that they will be using voice recognition in place of passwords as a result of the data breach last year, here to comment on this news is Barry Scott, CTO EMEA, Centrify. Barry Scott, CTO EMEA, Centrify: “Passwords are no longer fit for purpose, and the risks are inherent as TalkTalk has experienced on more than one occasion. Many breaches result from someone either stealing credentials for privileged accounts or someone using credentials internally to gain access to somewhere they shouldn’t have access to. As an industry, we should be doing everything we can to encourage companies to think…
Kaspersky Lab has discovered that consumers are installing apps on their devices without being aware of the potential consequences. A shocking 63 per cent of consumers neglect to read the license agreement carefully before installing a new app on their phone. Additionally, one-in-five (20 per cent) never read messages when installing apps; they simply go through the motions of clicking ‘next’ and ‘agree’, without understanding what they could be signing up to. Kaspersky Lab’s “Are you cyber savvy?” Quiz, which questioned more than 18,000 consumers about their online habits, found that an alarming number of consumers are leaving their privacy…
Following Google’s recent announcement of its plan to expand encryption of user data by rolling it out to even more services, Ilia Kolochenko, CEO of High-Tech Bridge, has asked why such a large number of traffic requests that Google currently handles are not already secured with end-to-end encryption. Ilia comments: “A recent disclosure in Canada states that only 64 per cent of the inbound web traffic requests that Google receives are securely encrypted. Encryption of HTTPS traffic has become vital these days, as almost every Internet user uses e-commerce and e-banking via a browser or mobile apps. However, security of…
A number of users have reported the infection dubbed Surprise ransomware. The infection is easy to spot. It does not hide as its encryption payload has completed, It clearly informs its victims they need to pay. The malware is going to lock all files with a sophisticated encryption. To undo the malicious modification, a user is prompted to buy the decryption key. Surprise ransomware generates a relevant message and drops it into every folder with affected files. The files concerned cannot be opened until after decrypted. Names of the affected files get changed. The ransomware adds “.surprise” extension at the…
Rapid7 has disclosed two vulnerabilities as outlined below. The first vulnerability is a cross-site scripting vulnerability the team discovered in ManageEngine OpUtils, an enterprise switch port and IP address management system. This vulnerability allows a malicious actor to conduct attacks which can be used to modify the systems configuration, compromise data, take control of the product or launch attacks against the authenticated user’s hosts system. The second vulnerability deals with serial servers exposed on the internet, which are manufactured by Moxa. In 2013, Rapid7 reported about serial servers connected to the internet and security implications. The same issues that were reported then are also applicable for these…
More Than Half of Survey Respondents Believe Digital Currency is the Future; Consumers Throw Caution to the Wind on Security for their Work and Personal Email Accounts IEEE, the world’s largest professional organization dedicated to advancing technology for humanity, today announced the findings of an online survey that detail more than 1,900 technology enthusiasts’ views on digital safety and the future of cybersecurity. According to the results, when asked what year mobile payments would be secure enough to the point where traditional methods (such as cash and credit cards) would no longer be required, 70 percent of respondents indicated a…
Millions of Android users are at risk from another ‘Stagefright’ security flaw. Researchers claim it gives hackers the ability to inject malware that could copy, steal and delete data on the device, take over the smartphone’s microphone and camera for spying purposes and even track a user’s movements via GPS. Here to comment on this news is Chris Eng, Vice President of Research at Veracode, the web and mobile application security specialist. Chris Eng, Vice President of Research at Veracode “With the discovery of the ‘Metaphor’ vulnerability, 2016 is the third year in a row when a serious application exploit has been discovered which could impact millions of devices. With…
According to a story as seen in The Register millions of people are being affected by popular US online publishers who are serving up adverts that attempt to install ransomware and other malware on victims’ PCs. With ransomware on the increase, what can companies do to protect themselves from these type of cyber attacks? Here to comment on this news is Richard Beck, Head of Cyber Security at training company QA. Richard Beck, Head of Cyber Security at training company QA said: “Ransomware is the fastest growing category of cyber attack that we see today. Anyone reading these publications on their work…
Following the news Amazon has applied for a patent to offer selfies as a method of customer authentication, Here to comment on this news is David Emm, Kaspersky Lab Principal Security Researcher. David Emm, Principal Security Researcher at Kaspersky Lab: “I like the idea of using facial recognition to confirm someone’s identity. And the idea of a two-step process – a static picture, followed by a second, anti-spoof picture – is even better. However, I’d prefer to see this used as well as a password, rather than instead of a password. Given that lots of people use the same password for everything,…