ISBuzz Team

Graham Cluley is reporting that researchers have uncovered two critical vulnerabilities in the TV-streaming EZCast device that can lead to remote code execution, and point to more general weaknesses in Internet of Things (IoT) security. EZCast is an HDMI dongle-based TV streamer that is both remote-free and cross-platform (running on Android, iOS, Mac, and Windows). The device enables a user to stream media content from the web or their mobile device onto a television. Travis Smith, senior security research engineer at Tripwire explains: [su_note note_color=”#ffffcc” text_color=”#00000″]Travis Smith, Senior Security Research Engineer for Tripwire : “Consumers are not quite aware of…

A malvertising campaign has been using a free digital certificate it acquired from certificate authority, Let’s Encrypt. The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend. Brian Spector, CEO of MIRACL have the following comments on this issue. [su_note note_color=”#ffffcc” text_color=”#00000″]Brian Spector, CEO of MIRACL : “Let’s Encrypt has its heart in the right place. The intention to make certificates free so that transport encryption, i.e. TLS, could become ubiquitous on the Internet is the right idea. Using PKI based TLS…

How often do you think about your own cybersecurity? Unless you work in the IT department of a major enterprise or government agency, there’s a good chance you’re not thinking about it as often as you should be. Maybe you’re careful about what you share on social media, or have rewritten your passwords to use more complex character strings. But, do you use two-factor authentication, or password managers, or sandboxing services to scan inbound emails? Maybe you think you don’t necessarily need to go this extra mile, and that these precautions are only optional. But, that would be a serious…

41% of mobile users are “reluctant sharers” of their personal data Globally, 47% of consumers would pay extra for a privacy-friendly app 21% of mobile users currently take no action to secure their device Global mobile trade body Mobile Ecosystem Forum (MEF) today unveiled the results of its Global Consumer Trust Report in association with AVG Technologies at the Consumer Electronics Show (CES). The third annual report studies the attitudes and behaviours relating to privacy and security of over 5000 mobile media users in Brazil, China, France, Germany, India, South Africa, UK and USA. The MEF report reveals that over…

If your business has ever been affected by an event such as the current flood crisis and recent closing of the Forth Road Bridge, you likely wouldn’t argue that it’s crucial to have an effective disaster recovery (DR) strategy in place. However, while creating a DR plan is a great start to minimising financial loss and threats to your company’s survival in case of a business interruption, that’s only step one. If you create your plan and then neglect to test, adapt and review it, you risk overlooking defects in your DR strategy that, like the Forth Road Bridge, crack…

The CIA is looking into whether Russian Hackers were to blame for the cyber attack on the Ukrainian power grid.  Experts say this is a first of a kind and may be a bad omen for attacks on other power grids around the world including our own. Tim Erlin, director of security and product management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “Industry experts have been talking about how cyberattacks could directly affect the power grid for a long time, so it shouldn’t be a surprise that it’s…

You may have seen news that potentially millions of Drupal users are at risk of cyber attacks after issues with the Drupal update process have mean that its installations could be out of data and listing unpatched platforms as current. John Smith, principal solution architect at Veracode have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]John Smith, Principal Solutions Architect at Veracode : “It is highly concerning that potentially millions of sites have been left vulnerable to attack through issues with Drupal’s update process. Applying security patches to software in a timely fashion is an essential part of any good security…

Data security expert Mark Bower commented on yesterday’s announcement by The Federal Trade Commission (FTC)  that dental software provider Henry Schein Practice Solutions has agreed to settle with the FTC over charges it misled customers on the level of encryption its software provided to protect sensitive patient data. Mark Bower, Global Director Product Management for HPE Security – Data Security, explained: “This is a classic case of a business making headlines for bad security practices. In this case, the FTC specifically cited the business in the areas of data masking and encryption, pointing out an overall poor and non-secure approach…

A Quiz from Kaspersky Lab has found that almost a third (30 per cent) of social network users share their posts, check-ins and other personal information, not just with their friends, but with everybody who is online. This is leaving the door wide open for cyber-criminals to attack, as users remain unaware of just how public their private information can be on these channels. Despite over three quarters (78 per cent) of Internet users having a social media account, the quiz showed a distinct lack of awareness amongst social media users. One in ten (9 per cent) quiz respondents didn’t…

Will 2016 be the year that businesses finally stop being their own worst enemies when it comes to data security? In 2015, incident after incident demonstrated that management and IT staff are largely oblivious to bad employee practices, such as the use of unsanctioned, consumer-grade file sharing apps. And, if they are aware of the behaviors, they’re often unaware of the associated risks. A Ponemon Institute  report found that more than 60 percent of C-level executives – including IT leaders – confessed to accidentally forwarding documents to people not authorized to see them and the same number acknowledged failing to delete…