Ars Technica reports that “more than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday.” Craig Young, Security Researcher at Tripwire explains what needs to be done. [su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Cybersecurity Researcher at Tripwire : “The continued use of obsolete cryptography tools needs to stop. Earlier this year we learned how the SLOTH attack could compromise privacy of TLS, VPN, and SSH services when the obsolete…
ISBuzz Team
The University of California, Berkeley, has admitted to a second data breach which may have exposed the data of 80,000 people to misuse. Current and former students, faculty members and vendors linked to the university are among those who have been warned about the incident, which took place through financial management software which contained a security flaw, allowing an attacker — or group — to access internal services. Lane Thames, software development engineer and security researcher at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Lane Thames, Software Development Engineer and Security Researcher at Tripwire: “Universities are fruitful targets…
Network security is currently high on everyone’s agenda, and with good reason. 2015 saw a deluge of high profile breaches, which reminded companies and the general public alike of what is at stake. Nearly 300 million records and $1 billion were stolen last year alone through cyber-attacks. The impact such an attack can have on the reputation of a company can be substantial, with a stigma of mistrust prevailing for many months – even years – after an incident. This, in turn, also profoundly affects a company’s bottom line. Some recent attacks have lost organisations hundreds of thousands of customers,…
SnapChat’s payroll department was targeted by an isolated email phishing scam in which a scammer pretended to be the CEO and asked for payroll information, Mártin Illés, Product Evangelist at Balabit have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Mártin Illés, Product Evangelist at, Balabit : “The snapchat breach is another example of where hackers become “insiders” using social engineering tactics – this is obviously much easier and beneficial for them than writing zero-day exploits. Although traditional access control tools and anti-malware solutions are necessary in today’s corporate cyber defences, these tend to only protect companies’ sensitive assets against external…
The IRS is now reporting that 724,000 taxpayer accounts were accessed in the breach in May 2015. The organisation first reported that 114,000 taxpayer accounts were accessed, then three months later, that number grew to as many as 334,000 which has almost doubled again. Tim Erlin, director of security and product management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “It’s not surprising to see the number of records increase as a breach investigation continues. It’s rare that anyone can identify the full scope of a breach when it’s…
Smart cities will provide businesses with unprecedented economic opportunities. However, cyber threat actors will be presented with an unprecedented attack surface in smart cities because of the significant increase in the number of interconnected devices. Securing these cities needs to be a joint project involving the local administrations and the private sector organisations with an immediate stake in the continuation of the city’s stable function. Ensuring that these cities are cyber secure will require the identification and prioritisation of critical assets, behaviour-based security – establishing a benchmark of normal operation of critical assets and continuously ensuring that all parts of…
Turkish hackers have claimed responsibility for the ransomware cyber attack which hit an LA hospital recently. The hackers boasted “So thanks to feebleness of weak-wiled Americans We became richer and earned $17k! If you read this message you must understand that Turkey is the great cyber-power whose might you have witnessed! If Washington keeps on supporting Kurdish terrorists Turkish hackers will become richer!”. IT security experts from Proofpoint discuss how credible these claims are. [su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Epstein, VP of Threat Operations at Proofpoint : “Attribution of cyberattacks is notoriously difficult. Cybercriminals routinely route data through multiple countries and servers within…
By impersonating the CEO of Snapchat in a phishing attack, hackers have revealed sensitive payroll information about a number of Snapchat employees. According to a Snapchat blog post, “the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally.” Security experts from Digital Guardian, Barracuda Networks, Lieberman Software, Tripwire and Proofpoint have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Epstein, VP of Threat Operations at Proofpoint : “Snapchat’s phishing attack should serve as yet another reminder to organizations and employees that people remain the weakest link in security. Phishing attacks have…
Email phishing and malware attacks are issues that plague today’s organisations, regardless of size, revenue, location or industry. Such attacks can cripple even the most well-established and high-grossing businesses, and even result in their downfall. Fraudulent cyber attacks are detrimental to revenue, to customers’ and employees’ safety, and to a brand’s reputation as a trusted organisation. To solve this issue for businesses, Cyber Security Partners (CSP), a subsidiary of Marketing Source, has recently launched a new real-time, data-driven, cyber threat detection platform called Zero. The launch of Zero means that users now have unrivalled protection from email phishing and malware.…
Research by Kaspersky Lab and B2B International shows that businesses don’t need to have external interfaces such as public websites, customer portals and transactional systems to be affected by a DDoS attack. Internal web services, operations and connectivity are just as vulnerable – manufacturing companies especially. In 2015, one in six (16%) companies worldwide suffered a Distributed Denial of Service (DDoS) attack, with the attack rate rising to one in four (24%) for enterprises. For most, these attacks focused on external activities. Just under half of those affected said their public websites had been hit, while around a third said…