Almost a decade on from its original launch in 2006, the Payment Card Industry Data Security Standard (PCI DSS) continues to generate heated debate regarding its precise application and interpretation. Many of the issues stem from the wealth of misinformation out there about the standard, perpetuated by individuals and groups who do not properly understand the principles behind it or why it was originally created. At the centre of this is a number of PCI DSS myths that have no grounding in fact yet continue to arise time and time again. Below are five of the most common of these…
Author: ISBuzz Team
According to recent research from Kaspersky Lab and B2B International, nearly half (48 per cent) of the companies surveyed believe they know the identity and motivation of those behind recent Distributed Denial of Service (DDoS) attacks against them, with many naming competitors as key culprits. Whilst criminals seeking to disrupt a company’s operations make up over a quarter (28 per cent) of the suspects, a surprising one in eight (12 per cent) companies believe that their competitors are responsible and have paid for DDoS attacks against them, making these cyber-threats even more harmful. This suspicion increases even more for those…
As we reach the end of 2015, security experts from Lieberman Software Corporation have gazed into their crystal ball to help predict what may lie ahead for the IT security industry in 2016 and beyond. Jonathan Sander, VP of Product Strategy, on 2016: Many antivirus and security product companies will discontinue their on-premises products due to reduced demand. Driven by platform improvements, such as Windows 10 adding many endpoint protection features to the core of the product, many antivirus and endpoint protection companies will be forced to pivot. These vendors will watch as a series of rolling service packs and…
It has been reported that 16 companies from around the globe have exposed credit card data during payments to their mobile websites and apps, including Aer Lingus, Chiltern Railways, EasyJet, San Diego Zoo, Air Canada, Sistic and AirAsia. Reports suggest the leakages seem to be being caused by not using HTTPS secure protocol to secure and encrypt data connections between the mobile device and the company’s website, mobile website or backend web services. Instead, the data is being transmitted unencrypted or ‘in the clear’ and available for anyone to intercept. IT Security experts from Imperva and ESET explain what happened…
Imperva Incapsula’s annual Bot Traffic Report, now in its fourth year, is a statistical study of the typically imperceptible bot traffic landscape. Much has changed in the general understanding of bots since we first revealed them to be responsible for the bulk of all website traffic. Today, it is not uncommon to find entire articles (including our own) dedicated to the study of individual bots: their HTTP footprints, points of origin and the nuances of their behavior. Collectively, however, these non-humans are still discussed in terms of two archetypes: Good Bots and Bad Bots. Good bots are the worker bees…
With the increase of breaches, there is a common theme amongst many of the targets: the point of entry for the breach was caused by a phishing attack. So what exactly is phishing? Phishing is a type of social engineering that commonly uses email or websites to trick the user into revealing personal information or to install a virus that compromises the victim’s computer and allows the attacker to create a beachhead into their company’s network. These messages can look like a notice from a bank or other financial institution; the messages can also be crafted in a way that…
2015 Data Breach Investigations Report found that two-thirds of all cyber-attacks against the finance industry over the last year followed just three basic patterns. Denial of Service attacks – which are designed to cause disruption or steal data by flooding online systems with data (accounting for 32% of incidents) Crimeware – which uses malicious software and phishing techniques to steal data such as passwords that allow them to take money (accounting for 16%) Web app attacks where attackers use stolen credentials or exploit vulnerable web apps to steal data (accounting for 14%). Comment from David Flower, Managing Director Europe, Bit9 +…
As 2015 draws to a close, researchers from Proofpoint have analysed some of the key threats of 2015 and made predictions on what may lie ahead in 2016. Proofpoint believes that in 2016 cybercriminals will build on their 2015 successes by developing campaigns and exploiting vectors that target user willingness to click across email, social media and mobile applications. Media statement: “Next year we will see cybercriminals cast a wider net, move away from malicious document attachments and increasingly leverage emerging vectors such as mobile applications and social media platforms. Our six 2016 predictions all have one theme in common—cybercriminals…
The Juniper issue that Administrative Access (CVE-2015-7755) allows unauthorized remote administrative access to the device. Péter Gyöngyösi, product manager of blindspotter at Balabit have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Péter Gyöngyösi, Product Manager of Blindspotter, Balabit : The recent news of the backdoor inserted into the authentication methods of certain Juniper devices once again highlights the importance of a multi-layered, defense-in-depth approach to security. Software running on hundreds of thousands of appliances will always be an attractive target to attackers: if you manage to insert a backdoor unnoticed, you are gaining access to a large number of devices…
The tools used by cyber-criminals against businesses in 2015 were different to those used against consumers, according to Kaspersky Lab’s review of corporate threats in the last twelve months. They included greater exploitation of legitimate software programs and malware being signed with valid digital signatures to keep malicious files hidden for longer. Kaspersky Lab’s experts also observed a steady rise in the number of corporate users attacked by ransomware. Kaspersky Lab’s experts found that in 2015 well over half (58 per cent) of corporate PCs were hit with at least one attempted malware infection, up three percentage points on 2014.…