The combined effect of the 2008 financial crisis and security breaches has decreased consumer trust more than ever before. The payments industry as a whole must work to increase consumer trust in new payments innovations in order for new systems to be adopted by the banks and card issuers alike – only then will consumers have the opportunity to take advantage of new innovations. It is up to the banks and card issuers to educate the consumer, and this is imperative if we are to see consumer uptake of new innovations that will work to decrease security risks. Ultimately this…
ISBuzz Team
Microsoft’s storage of Windows encryption keys could expose users to hackers or government surveillance. Disk encryption is a built-in feature for smartphones and other devices that sends a backup copy of the recovery key to Microsoft when a user logs in through a Microsoft account. As soon as the double is created, it can allow backdoor access for hackers or government agencies. Craig Young, a cybersecurity researcher for Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire : “While this key backup behavior certainly presents an increased risk that someone may be able to…
Researchers from ESET have just discovered that the BlackEnergy trojan was recently used as a backdoor to deliver a destructive KillDisk component in attacks against Ukrainian news media companies and against the electrical power industry. [su_note note_color=”#ffffcc” text_color=”#00000″]ESET Researchers: On December 23 2015, around half of the homes in the Ivano-Frankivsk region in Ukraine (population around 1.4 million) were left without electricity for a few hours. According to the Ukrainian news media outlet TSN, the cause of the power outage was a “hacker attack” utilizing a “virus”. Looking at ESET’s own telemetry, we have discovered that the reported case was…
With CES this week, the connected home and future of what our homes will look like will take centre stage. Analysts project that 10 billion devices will be connected to both home and increasingly government and enterprise networks in 2016. [su_note note_color=”#ffffcc” text_color=”#00000″]Phil Bosco, Security Consultant at Rapid7 : Phil and his team discovered that by causing a failure condition in the 2.4 GHz radio frequency band, the security system does not fail closed with an assumption that an attack is underway. Instead, the system fails open, and the security system continues to report that, “All sensors are in-tact and…
IT and security professionals are already well aware of the consequences of not having a firewall or anti-virus software as part of their infrastructure. And similarly, businesses have now matured to a point where they understand the risks that they are exposing to their business if they are only authenticating users with a password. Concurrently, consumers are becoming accustomed to using two factor and multi-factor authentication on Facebook, online banking, web mail, online gaming, etc., and prefer services that have these steps in place to secure their online accounts. This adds pressure on organizations as they cannot ignore this demand…
Beginning October 1, 2015, newly issued credit cards must be equipped with EMV-compliant chips. There is a lot of misinformation surrounding these new chips, ranging from inaccurate representation of the requirement drivers to all-out conspiracy theories that this is the beginning of the end of Western culture. The facts on the new EMV requirements are much more mundane with almost no tangible effect on the consumer. Here are just a few of the changes: More of a Shift Than a Requirement There is no government entity mandating new or updated policies for credit card safety. Instead, this shift is coming…
By this stage, Cloud computing is no longer something that most medium to large businesses are considering implementing – rather they are now looking at how they can best use it to their advantage. One survey posited that Cloud take-up in the UK has increased 15% in the year to August 2015, and investment bank Goldman Sachs is predicting serious growth for Cloud platforms and software in 2016. So what are the emerging trends to watch out for over the next 12 months? Increased Reseller Hosting When you buy a Reseller package from your hosting company, you are allowed to…
In this video, Peter Silva, Technical Marketing Manager at F5 Networks list the top five information security new year’s resolutions for improving cyber security in 2016. [su_box title=”About Peter Silva” style=”noise” box_color=”#336588″]Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He’s also produced over 350 videos and recorded over 50 audio whitepapers. Prior to joining F5, he was the Business Development Manager at Pacific Wireless Communications.[/su_box]
Google has announced that its Chrome browser will stop supporting SHA-1 certificates by 2017. Google hasn’t had confidence in SHA-1’s — the algorithm used for encryption by most SSL certificates, which add the “s” to https:// — ability to keep your information safe for a long time. Prof. Michael Scott, Chief Cryptographer and Co-Founder of MIRACL explains: “SHA-1 has been holed beneath the water-line for years, and has been slowly sinking ever since. However the security industry has displayed its astonishing capacity for lethargy by essentially doing nothing about it. The only way to get these people to act is…
Major data breaches make headlines too frequently, reinforcing the fact that even if organizations deploy top of the line security products, threat agents can still find a way to infiltrate. By bypassing common security solutions, there are four standard ways attackers can still “Infiltrate by Design”: Leveraging Design Vulnerabilities: An attacker can leverage an unexpected software’s functionality flow in order to compromise the underlying system. A perfect example is Sandworm, a design vulnerability found in a component of Windows which enabled a threat actor to abuse its functionality in order to download files and execute malicious code. Many major targets…