A new report by Imperva has revealed that Cryptowall 3.0 is the most successful ransomware in history, causing an estimated $325 million in damages. Jonathan Sander, VP of product strategy at Lieberman Software have the following comments on it. Jonathan Sander, VP of Product Strategy at Lieberman Software: Is it true that police aren’t investigating these crimes? “It’s not that local law enforcement doesn’t want to help with Cryptowall, they can’t. A friend works with cybercrime efforts of local police here in the states, and recently told me that since Cryptowall most often crosses international boundaries there’s not much the…
ISBuzz Team
In light of the news that The White House will be rolling out a substantial Cybersecurity National Action Plan (CNAP), Harley Geiger, Director of Public Policy, at Rapid7 have the following comments on it. Harley Geiger, Director of Public Policy, at Rapid7: “The President’s Cybersecurity National Action Plan aims to modernise agencies’ technology and user behaviour and we believe it is a broadly positive step forward. If implemented, the proposal will help support federal agencies that are very much in need of more secure IT to help prevent or mitigate more serious breaches. We hope Congress and the Administration will collaborate to execute this…
ESET finds Remtasu malware, spread via piracy websites, expanded from compromising online banking, to stealing Facebook passwords. [su_note note_color=”#ffffcc” text_color=”#00000″]ESET: ESET has been tracking the cunning Remtasu malware for well over a year now. What was initially malware that mainly targeted digital certificates, in many cases those used by online banking, has now also been found snooping after peoples’ Facebook login details. Win32/Remtasu is a Trojan that steals sensitive information, notably using a keylogger. The latest variant also has the specific feature of opening and obtaining information the user has in their clipboard. As well as being able to access…
Network Security as a Service will change the way security is delivered, managed, and evolved Cato Networks (Cato), which is rethinking network security from the ground up and into the Cloud, announced today the launch of its Network Security as a Service (NSaaS) platform. The groundbreaking Cato Cloud makes network security simple and cost-effective for the distributed, Cloud-centric and mobile-first enterprise. The dissolving perimeter challenges appliance-based network security For decades, the increasingly distributed enterprise network has stretched IT security resources to protect all business locations, applications, and users. Complicating matters even further is the widespread adoption of Cloud, mobility, bring your…
Snapchat, eBay, JP Morgan, Sony Pictures and even the White House. The widespread data breaches over the past few years confirms the fact that even large multinational companies and government organisations with huge security budgets are unable to completely defend themselves against the latest threats and smartest cyber criminals. Offenders can obtain data they are looking for by targeting their attacks and increasingly, it seems they are targeting the weakest link of the chain: the user. In most cases this can be stolen credentials, an un-patched desktop or just a careless employee. And once cyber criminals successfully acquire that, they…
Massively Scalable, Compact, Zero-Knowledge Platform Makes Keys Invisible to Senders, Receivers, Would-Be Hackers. Creates and Validates Identity for Cloud, IoT, and M2M for Extremely Robust, Accelerated and Low-Power Security. Rubicon Labs, Inc., developers of advanced secure data protection and identity technologies for cloud-based data center applications and the Internet of Things (IoT), today introduced TLS Armor™, a hardware security platform to protect and accelerate the execution of high-value cryptographic SSL (Secure Socket Layer)/TLS (Transport Layer Security) keys in untrusted data centers. Built upon its “Zero Knowledge” platform and product family, the TLS Armor product is a breakthrough that couples device-level…
The Payment Card Industry Data Security Standard (PCI DSS) is intended to help organisations ensure the safe handling of sensitive payment card data. But it can also present significant (and potentially expensive) regulatory hurdles. Matthew Bryars, CEO of Aeriandi explains what PCI DSS means to businesses and the various ways in which compliance can be achieved, without breaking the bank in the process. PCI DSS was originally conceived by the world’s major payment card brands (Visa, Mastercard, American Express) as a way to standardise security practices across all organisations that take, process and store sensitive payment card data. It has…
Ronnie Tokazowski, senior researcher at PhishMe, has warned that Dridex is experimenting with new attack vectors. [su_note note_color=”#ffffcc” text_color=”#00000″]Ronnie Tokazowski, Senior Researcher at PhishMe: “When one threat actor starts shifting TTP’s, it’s usually a big deal. Attackers get comfy in their infrastructure, some survive sinkholes, and they continue spamming or stealing money. One shift takes time, effort, and money on the attackers part. The part that people often forget is that attackers need people to maintain backends, code the malware, code panels, and patch exploits as researchers find them, or else they are going to be exploited by said researchers. Over…
Many children these days play games online and as harmless as this may seem, they are probably unaware that they are potential targets for cybercriminals. This is all thanks to the lure of online accounts full of parent’s credit card details and other less obvious information which can be monetized. Although your son or daughter may be using secured gaming platforms like Steam marketplace, this is not enough. They can still be duped by scams such as infected screensaver files or “cheats” poisoned by malware. This applies to gaming forums as well. It is highly likely that your child is…
The Internal Revenue Service (IRS) in the US was the target of an attack that used stolen social security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically. The attack occurred in January and targeted an IRS Web application that taxpayers use to obtain their so-called Electronic Filing (E-file) PINs. The app requires taxpayer information such as name, Social Security number, date of birth and full address. Attackers attempted to obtain E-file PINs corresponding to 464,000 unique SSNs using an automated bot, and did so successfully for 101,000 SSNs before the IRS blocked…