As a reader of Information Security Buzz, you are probably already familiar with all the different points of access that hackers and other threats use to breach the security measures that enterprises have set up to protect their data, such as social engineering, cross-site scripting flaws and unpatched windows machines. One of the potential vectors that is often ignored or at least underestimated is remote access software which is used by various service providers and which is very often not secure enough. Remote Access Software 101 In order to understand why remote access software plays such a pivotal role in…
Author: ISBuzz Team
Kaspersky Lab’s Anti-Malware Research team has identified Asacub – a new malware that targets Android users for financial gain. When discovered, Asacub displayed all the signs of an information stealing malware; however, some versions of the Trojan are targeting users of online banking in Russia, Ukraine and the US. With millions of people using their smartphones worldwide to pay for goods and services, 2015 saw cybercriminals exploit this by focusing their efforts on developing malicious financial programs for mobile devices. For the first time ever, a mobile banking Trojan entered the Top-10 most prevalent malicious programs that target finances. The…
Ubiquitous Wifi and strong security provide safe online learning WatchGuard has successfully overcome 1.5 metre, rock-solid walls at Portsmouth Grammar School to deliver strong Wifi in over 300 rooms while maintaining robust protection, keeping pupils, staff and visitors safe online and ensuring private data is secure. This has allowed the school to offer an innovative digital educational experience by encouraging pupils to bring their own tablets, smartphones and other connected mobile devices into the classrooms. Founded in 1732, Portsmouth Grammar School (PGS) provides education for boys and girls, from nursery up to sixth form and is based in a former…
The most popular password of 2015 have been labelled “dangerous” by security experts because of their simplicity. The list of logins, put together by password management firm SplashData from lists of stolen passwords that appeared online, showed that the combination “123456” remains the most popular password among web users, followed by “password”. IT Security experts from AlienVault and MIRACL discuss the issue: Javvad Malik, Security Advocate at AlienVault: “These password lists illustrate how poor people typically are at choosing and remembering strong passwords. So, they will choose a simple to remember (and type) password and then reuse it on multiple…
As Managing Director of Layer 8 Ltd, a security company dedicated to using conversations to change culture, I often find myself being asked what the ‘return’ would be on investing in security culture – lots of security professionals still see it as a nice ‘add-on’ but not a priority. My reply is always that a proactive approach to security is a ‘must have’ in the current threat landscape, and that cultural values are the drivers which can transform passive employees into passionate security advocates. So what are Cultural Values? Think of the National Health Service. For UK citizens it’s personal: …
Research Paints Worrying Picture of State of Security of Mobile Devices in the Enterprise Duo Security, a cloud-based access security provider protecting the world’s largest and fastest-growing companies, has analysed data from its installed base of over 1 million mobile devices to discover over 90% of Android devices are running out-of-date versions of the Android operating system (OS). With the growing number of personal mobile devices in the workplace, IT professionals must be aware of the risks and how to quickly remediate them. Duo’s research reveals that 32% of Android devices in use in enterprises today are running version 4.0…
According to the ITRC (Identity Theft Resource Center), there have been 5,754 data breaches between November 2005 and November 2015 that have exposed 856,548,312 records. According to their data, there were 783 breaches in 2014, the largest number of data breaches in a single year to date. ITRC data also indicated that 29% of breaches involved hacking incidents in 2014, compared to just 14.1% in 2007. This shows an upward trend in the number of data breaches resulting from an outside cyber-attack. Although this data includes a comprehensive list of data breaches, whether large-scale or small, there are a few…
A zero-day vulnerability discovered in Adobe Flash Player / AIR 20 could possibly be used to exploit end of life version 19 – found on 78 percent of all private US PCs. Secunia Research at Flexera Software, a leading provider of software vulnerability intelligence, has published country reports covering Q4 2015 for 14 countries. The reports provide a status on vulnerable software products on private PCs in those countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers. Key findings in the UK Country Report include: 78 percent of UK users…
This can be a rather complicated process for businesses to optimise, but if a solid plan is in place and is implemented accordingly, the system will perform to a level that will enable the company to form reliable communications networks for future growth. The graphic outlines the steps that need to be taken in building a network infrastructure, detailing each part of the process, while also advising as to the benefits of having a top quality network infrastructure in place. [su_box title=”About Orla Forrest” style=”glass” box_color=”#336588″]Orla Forrest work as Marketing Executive with Exigent Networks, a network security solutions company based…
QinetiQ whitepaper warns of overlooked vulnerabilities in building management systems The systems which control heating, lighting and security in most buildings are particularly vulnerable to cyber attack, a QinetiQ whitepaper has warned. In analysis undertaken in late 2015, QinetiQ found that these systems create a route for serious damage and disruption to be caused to most major companies and organisations; capabilities now showcased in the real-world through the spear-phishing attack on a Ukrainian power network . Those that would suffer the most disruption include airports, stadiums, hospitals and government departments. Despite the dangers, such as no communications at an airport…