Security experts offer cyber security advice for Internet Explorer 8, 9 and 10 users Beginning on Tuesday, January 12, 2016, Microsoft will no longer support Internet Explorer (IE) 8, 9 and 10. Users of IE 11 will continue to receive technical support and security updates, leaving users of legacy versions of IE more vulnerable to malware. According to Computerworld, only 55 percent of IE users – more than 340 million people – are using the latest version of the browser. [su_note note_color=”#ffffcc” text_color=”#00000″]Security Experts at Tripwire : “It is safe to assume that cybercriminals have been stockpiling IE vulnerability information…
Author: ISBuzz Team
Direct marketing companies will have to legally display their telephone number on caller ID Consumers will find it easier to report unsolicited calls to the regulators Around one in five marketing calls fail to display valid number Direct marketing companies will have to display their telephone numbers under plans Government has set out in the bid to tackle the scourge of nuisance calls. Unsolicited direct marketing calls can cause significant stress and anxiety, particularly to those people who rely on the telephone as their main means of keeping in touch with friends and loved ones. At best these calls are…
The attack permits the malware to jump onto computers in a unique manner, using the ‘Range’ HTTPS header. The Ursnif malware is retrieved from the command and control server when the malware requests the file, but should a user browse to that location they see this JPG of the kangaroo below. The email uses a macro-laden Microsoft office document attachment, purporting to be from the Australian Taxation Office; with taxation proving to be a popular lure in 2016. The researchers also found that the malware authors made a mistake in their encryption routine, unintentionally making it easier for researchers to understand…
High-Tech Bridge, a leading provider of web application security, has opened a free to use API for the company’s SSL security testing service, which verifies the security and reliability of SSL/TLS implementation on any website or web app according to PCI DSS requirements, NIST guidelines and industry best-practices. The free SSL/TLS security testing service was launched by High-Tech Bridge in October 2015, enabling the test of any server or service working over SSL-encrypted protocol (e.g. HTTPS, POP3S, IMAP3, SMTPS, LDAPS, FTPS, etc). Since then, almost 75,000 people have tested their servers and significantly improved reliability and security of their data encryption,…
Not sure if you’ve seen, but cloud software company Citrix has been hacked by an organisation called w0rm which exposed vulnerabilities in its network, allegedly for ‘altruistic’ reasons to raise standards of cybersecurity. Tony Pepper, CEO, Egress Software Technologies said why companies need to protect all customer data, especially in the face of new penalties from the European Union. [su_note note_color=”#ffffcc” text_color=”#00000″]Tony Pepper, CEO, Egress Software Technologies : “Another week, another hack – and with well-known names such as TalkTalk and now Citrix hitting the headlines, it prompts questions about organisations’ ability to effectively deploy information security measures across their…
Researchers have discovered a new data stealing Trojan called Spyumel thatemploys real certificates to evade security tools. Hackers using Spymel are using a certificate issued by DigiCert and given to SBO Invest. Since Hackers got their hands on the first certificate, DigiCert has issued another certificate but hackers are now using another certificate from SBO Invest. Tim Erlin, Director of IT Security and Risk Strategy from Tripwire says : [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “Why break in when you can steal a key? Compromising authentication, from passwords to certificates, is a tried…
The Star Wars BB-8 toy can be hacked via a firmware update hijack. Security researchers claim that the firmware update process is flawed because it takes place via HTTP. Paul Farrington, senior solution architect at Veracode, the application security specialist have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Paul Farrington, Senior Solution Architect at Veracode : While news that the Star Wars BB-8 toy can be hacked is significantly less serious that the Vtech breach, due to the lack of data collection features, this case once again demonstrates the vulnerable nature of connected devices in the home. As we are seeing…
In the Rapid7 survey of 250+ global security pros, a majority of respondents report increased spending and focus on incident detection and response (IDR), yet the findings expose staggering gaps when it comes to security teams putting IDR theory into practice – and doing it in the right way. Critical challenges include: Too many alerts, too little time for security teams means risk goes undetected Today security programs, and specifically IRD solutions, are not yet helping to stop users from being the weakest link All the while, cybercriminals are evolving their strategies, tactics and techniques with speed and determination.In advance…
In 2016 we will continue to see the line between personal and work blur, with an increasing amount of devices being used for both. The drive for internet attached devices in the home will see a rise in increasingly complex home networks – which risk providing an easier route for attackers that can then be used against individuals and as a portal to corporate networks. Network tools have been available to organisations since networks began, but in the home it is a new phenomenon. Friends and visitors also connect to the home wifi, and of course there is still the…
Following a successful first year supporting Northern business transformation, IP EXPO Manchester 2016 is now open for registration IP EXPO Manchester, part of the UK and Europe’s number one enterprise IT event series, today announces that the second annual IP EXPO Manchester event is now open for registration. The free-to-attend event, taking place on 18-19 May at Manchester Central, brings together a broad range of technologies across the entire IT spectrum that enable enterprises to embrace digital transformation and reap the business benefits. The event caters to IT directors, sysadmins, engineers, business owners across the Midlands and North of England,…