Researchers from Cylance have outlined a sustained 5-year APT campaign targeting Japanese Critical Infrastructure using dynamic DNS domains and customized backdoors. The attacks have also occurred in the US, South Korea, and Europe. The campaign used custom Android backdoors in 2015 with a Trojan forwarded by SMS messages, and later through specific files, from infected devices to C&C servers. Tim Erlin, Director of IT Security and Risk Management at Tripwire have teh following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “The more connected our critical infrastructure becomes, the more attractive a target…
Author: ISBuzz Team
The BBC has reported that “some of Nissan’s Leaf cars can be easily hacked, allowing their heating and air-conditioning systems to be hijacked, according to a prominent security researcher. Troy Hunt reported that a flaw with the electric vehicle’s companion app also meant data about drivers’ recent journeys could be spied on.” Experts from AlienVault, ESET and Tripwire provide insight into this vulnerability and what users can do to stay safe. [su_note note_color=”#ffffcc” text_color=”#00000″]Richard Kirk, Senior Vice President, AlienVault: Any insight into the vulnerability? According to the research done by Troy Hunt, this is one of the most basic security mistakes that…
Researchers from Bastille Security* have discovered vulnerabilities in wireless keyboards and mice in which hackers could target from 100 meters away. The vulnerabilities are found in the dongles because they accept unencrypted packets. Researchers were able send a fake mouse packet to inject keystrokes into a computer without the encryption key. Researchers believe that many non-bluetooth devices may be at risk. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “We’re often so focused on network-based attacks that we forget these peripheral devices provide input to our computers as well. That wireless keyboard is another potential…
Trustwave has discovered the popular Extendoffice.com Microsoft product site has begun redirecting people to the Angler Exploit Kit again, leaving many users still exposed to the TeslaCrypt ransomware. The exploit was initially closed last week after Trustwave discovered it, but has reappeared. According to the Google analytics tool VirusTotal, only one URL scanning engine (Trustwave SWG) is flagging the URL as malicious at the moment. [su_note note_color=”#ffffcc” text_color=”#00000″]Trustwave: They say that with great power comes great responsibility. In the world of websites the more popular your website is the greater your responsibility, and being responsible means, amongst other things, keeping your systems…
Proofpoint is releasing its annual Human Factor Report, which looks at the latest cyber security issues in email, social media and mobile apps. One of the most significant findings from the study is that in 2015 people were the targets: from email and web to social media and mobile apps, rather than relying on expensive exploit kits, attackers relied on human frailty to carry out their dirty work. Essentially, 2015 was the year Machine Exploits were replaced by Human Exploitation. Rather than purchasing expensive technical exploit kits, attackers opted for high volume attachment-based campaigns and relied on social engineering to…
Cyber Essentials eases path to cyber insurance for UK’s SMEs Cyber insurance is critical to helping businesses view their cyber security defences holistically, but remains a missing piece of the puzzle for too many businesses, APMG International has warned. By achieving the UK Government’s Cyber Essentials, businesses automatically qualify for cyber insurance policies, providing a safety net in case they are affected and helping them recoup their losses. Cyber Essentials is a checklist of the fundamentals that an organisation needs to get right, before it can be considered adequately protected against possible cyber threats. By certifying against Cyber Essentials with…
Cybersecurity is growing too dangerous and powerful to ignore and a head-in-the-sand attitude to this once nascent, now pervasive threat is no longer an option, according to a new study by IMA (Institute of Management Accountants) and ACCA (Association of Chartered Certified Accountants). The joint study, “Cybersecurity – Fighting Crime’s Enfant Terrible,” is an assessment of the cyber-threat landscape across the globe, tracks current and future cybersecurity trends and highlights particular areas that are likely to have a direct impact on the future of the accountancy profession. “Exploitation of the myriad weaknesses within Cybersecurity is now being perpetrated by a…
325Gbps / 115 Mpps SYN flood mitigated. The attack occurred in mid-December and is one of the largest to ever be documented. 25.3 % increase in network layer attacks from prior quarter. A result of perpetrators preferring repeated short bursts for network layer attacks. Longest application layer attack lasted for over 101 days. However, the vast majority of application layer attacks lasted under 12 hours. Increase in attacks against UK and Japanese websites. 20.7 percent increase in attacks targeting UK-based websites and a 7.4 percent increase targeting Japan-based sites. During the second half of 2015 we witnessed a surge in…
New Flexera Software report explains why some dating apps employees use on corporate and BYOD devices to find love – may be risky As Valentine’s Day approaches, thoughts turn to cupid. So in this age of Bring Your Own Device (BYOD) and high-tech dating, CIO’s must consider a novel question: do the dating apps employees might be using on their corporate-issued or BYOD phones present a potential security risk to the organisation? According to a new report from Application Readiness expert, Flexera Software, the functionality and behaviour of many popular dating apps could violate organisations’ BYOD policies. The report found…
According to a new report, “the healthcare sector is a good 10 to 15 years behind the retail sector when it comes to security.” “We can’t accept what we have now. If we assume a loss of life scenario, the consequence of failure is too high.” Said Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit. Following this news, security experts from AlienVault and Lieberman Software discuss whether there genuinely is a possibility of death due to vulnerabilities in medical devices, as well as what should be done to protect them. [su_note note_color=”#ffffcc” text_color=”#00000″]Javvad…