Length of investigations, limited resources, and lack of context put security professionals at a disadvantage when responding to security incidents Rapid7, Inc. (NASDAQ: RPD), a leading provider of security data and analytics solutions, today released the results of its 2015 Incident Detection and Response Survey. The survey includes findings from hundreds of security professionals at organizations of varied sizes across the globe on their biggest security concerns and planned initiatives for 2016. Punctuating the results were two key points: (1) 90% of organizations are worried about compromised credentials, though 60% say they cannot catch these types of attacks today; and…
Author: ISBuzz Team
Video-streaming giant Netflix has said it is going to stop subscribers from using internet proxies to view content not available in their home countries. Due to licensing agreements, Netflix content varies between countries – many users have a virtual private network (VPN) or other proxy to get round this. The firm said it would increase efforts in the next few weeks to block the use of such proxies. Mark James, security specialist at ESET have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Specialist at IT Security Firm ESET : “Restricted content has always been a lure for some people…
Rapid7 will disclose a vulnerability in Advantech’s EKI-1322 serial device server. The team found that the Dropbear SSH daemon did not enforce authentication, and a possible backdoor account was discovered in the product. Due to heavy modifications of the Dropbear daemon, it does not actually enforce authentication, and allows any user to bypass authentication by using any public key and password. But there’s good news: The authentication bypass issue is resolved in EKI-1322_D2.00_FW, which was made available from the vendor’s website as of December 30, 2015. [su_note note_color=”#ffffcc” text_color=”#00000″]Team at Rapid7 : R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938) While looking into the…
How to protect business data without imposing onerous authentication processes on employees is a challenge that most businesses have or will face. Single Sign-On (SSO) solutions help to alleviate this by managing access to multiple applications using a single login and password. However, choosing the right SSO solution is not a simple decision and depends on the company’s existing IT environment, objectives, risks and investment priorities. Often, companies have to maintain, operate, supervise and audit multiple solutions and for historical reasons, may already have separate SSOs already in place to cover different environments, such as Enterprise SSO (eSSO), Web Access…
Last month, the Norwegian police arrested five men in a joint effort with Europol as part of the OP Falling sTAR. Very little is known about the details of the operation and who and what these miscreants did, but Norway’s Kripos national criminal investigation service noted that they were charged with possessing, using and selling malware, including RATs (Remote Access Trojans). [su_note note_color=”#ffffcc” text_color=”#00000″]Loucif Kharouni, Sr Threat Researcher at Damballa : Damballa’s Threat Discovery Center worked in cooperation with the Norwegian police over the last few months to track and identify the author of the malware called MegalodonHTTP. We published a blog about…
Global Leader in Next-generation IT Security Solutions Increases Total 2015 Revenue by Over 50%; Exceptional Q4 With 77% Revenue Increase Marks Ninth Consecutive Quarter of Record Growth Thycotic, a provider of privileged account management (PAM) solutions for over 3,500 organizations world-wide, has extended its record of stellar growth throughout 2015, capping the year with a total revenue increase of more than 50% over 2014 and wrapping-up a remarkable Q4 with a 77% quarterly revenue increase. The company’s growth strategy, which has now produced nine consecutive quarters of record revenues, resulted in the addition of a significant number of new customers, considerable…
ENITSE Enterprise IT Security Conference & Exhibition will be held on 17-18 May 2016 in Istanbul, Turkey. ENITSE is one of the most important events in EMEA in its category. IT Security, Network Security, Big Data Security, Mobile Security, Cloud Security, IT Risk Management, Application Security, Identity and Access Management, Web Security, End User Security and Database Security are key topics of the conference. The Conference Program (Agenda) of ENITSE 2016 Conference is published on the conference website. Sponsorship and delegate registrations are open. There is an early bird pricing on delegate registration which is valid until 04 March 2016.…
While 84 percent of consumers and IT execs believe their mobile health and finance apps are secure, 90 percent of mobile health and finance apps test positive for two critical security risks Arxan Technologies, the leading provider of application protection solutions, announced the publication of its 5th Annual State of Application Security Report. The new research is based on the analysis of 126 popular mobile health and finance apps from the US, UK, Germany, and Japan, as well as a study examining security perspectives of consumers and app security professionals. Arxan discovered a wide disparity between consumer confidence in the…
MP Dr Liam Fox call for companies to come clean after cyber attack. Chris Wysopal, CTO and CISO at Veracode have the following comments on it. Chris Wysopal, CTO and CISO at Veracode : “There is no question that responsible disclosure is a good policy, however globally there remains limited precedent for it. In the US, companies listed on the NASDAQ Stock Market or the New York Stock Exchange are required to notify the public if the leaked information would “reasonably be expected to affect the value of a company’s securities or influence investors’ decisions.” While in Europe, the General…
When it comes to staying safe online, consumers aged 45 and over are more cautious than younger Internet users about sharing information, but can lack the knowledge to spot a damaging scam or imminent threat. According to recent consumer surveys* from Kaspersky Lab, those aged 24 and under are more willing to reveal information about themselves online and take fewer steps to protect themselves, but understand potential threats better and can recognise them more easily. The research found that for younger people, sharing data online is an everyday occurrence, with 83 per cent undertaking private messaging online, compared to just…