Research by NCC Group has indicated that automated vulnerability scanners are turning up mostly false positive results, but may still be preferred by organisations due to being cheaper than manual testing processes – a view that Ilia Kolochenko, CEO of High-Tech Bridge and chief architect of ImmuniWeb web security platform, shares but warns against: ” Today many cybersecurity companies backed by money-hungry VCs promote the concept of fully-autonomous machine learning suitable for any type of problem solving. However, machine learning has clear limits and is suitable for solving only some particular types of problems. Automated vulnerability scanning is cheap, quick…
ISBuzz Team
Huge demand for security automation driven by the growing number and sophistication of cyber threats, business transformation initiatives, and security change management AlgoSec, the market leader for Security Policy Management, today announced the results of its “State of Automation in Security” survey. The survey revealed that 83% of organizations want the use of automation to manage security processes to greatly increase over the next 3 years. Other key takeaways from the survey include: · Lack of automation causes outages and breaches. 20% of organizations experienced a security breach, 48% had an application outage and 42% had a network outage as…
In an industry worth over an estimated hundred billion US dollars, gaming is not just big business for developers and manufacturers, but for cybercriminals too. Steam Stealer is a constantly evolving breed of malware that is responsible for hijacking the user accounts of the popular gaming platform, Steam. The malware’s goal is to steal online gaming items and user account credentials, and then resell them on the black market. It is distributed to cybercriminals under a malware-as-a-service business model with an extremely low entry price of as little as £20 GBP. Steam is one of the most popular multi-OS distribution…
Following the recent discovery that Chinese hackers are now moving to ransomware by hijacking machines and demanding payment to decrypt them, here to comment on this news is Chris Carlson, VP of product management at security company Hexis Cyber Solutions on what enterprises can do to identify and isolate these attacks. Chris Carlson, VP of product management, Hexis Cyber Solutions: “It’s important to remember that Ransomware is a game of cat and mouse. By design, the attack isn’t meant to be sophisticated. Savvy cyber-criminals don’t want to invest time and effort in building a threat that will eventually be discovered. “However, this doesn’t mean that…
Gone are the days when companies only had to worry about valuable documents leaving the building in a pocket or briefcase. Today, sensitive and proprietary information can move across networks in digital format – and even be plucked out of these networks from the sky. The need for intrusion detection has expanded beyond the front door of your building to the network and now, thanks to advances in drone technology, the airspace above. Chances are good you have a drone or someone you know has a drone – they’re amongst the fastest growing technologies available. In just two years, the…
Following the news that Silicon Valley companies are planning to make further use of encryption, please find comment below from David Emm, Principle Security Researcher at Kaspersky Lab. David Emm, Principal Security Researcher at Kaspersky Lab The news that Silicon Valley companies are planning to make further use of encryption to increase privacy comes as no surprise. They have already shown support for Apple in its battle with the US government over encryption; and this demonstrates how important this is for them. Having a backdoor in a product or software is all well and good for law enforcement reasons, but it’s a bit like…
European IT decision makers cite budget, time and compliance as the biggest barriers to adopting new security technology, but over half of them said they were responsible for overcoming these obstacles Identity security company, Ping Identity, has announced research highlighting that 52% ofEuropean IT decision makers believe it’s their sole responsibility to overcome the multiple barriers that exist to adopting new security technology within their organisations. Nearly 60% of IT decision makers across Europe cited budget as one of the biggest barriers to adopting new technologies, with 23% stating compliance issues and 28% revealing that time was a significant barrier…
A hacker gang dubbed Anunak pulled off a high-profile attack against Energobank based in Kazan, the capital of the Republic of Tatarstan, Russia. This breach took place in February 2015, but its details surfaced lately in the respective report by Group-IB, a computer forensics firm hired to look into the incident. The fraudsters managed to deploy the Metel Trojan (the name is a transliterated Russian word for “Blizzard”) in the bank’s IT infrastructure. Also known as Corkow, this malware provided the hackers with unauthorized access to trading system terminals. Over the course of only 14 minutes, the offenders succeeded to…
ESET experts warn of Android banking malware that can steal credentials – and even bypass two-factor authentication. ESET researchers have discovered a strain of Android malware that can steal the login credentials of mobile banking users. The malware, detected by ESET security systems as Android/Spy.Agent.SI, presents victims with a fake version of the login screen of their banking application and locks the screen until they enter their username and password. Using the stolen credentials, the thieves can then log in to the victim’s account remotely and transfer money out. They can even get the malware to send them all of the…
Phishing is an increasingly devious, almost artistic, threat. The ultimate goal is to trick a target into either downloading malware or disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. Having snared an individual, there are a number of ways they can be exploited – from personal identity theft, to large scale corporate breaches. Phishing is thought to have originated around 1995, but it was in 2005 that it become more widely recognised as an attack vector. Ten years later and phishing is still an issue. Phishing Evolution ‘Phishers’ cast their nets wide, playing a…