Kaspersky Lab’s Global Research and Analysis Team has spotted new attacks by the Sofacy group which make use of several upgraded techniques designed for aggressive persistency and greater invisibility of malicious activity in the attacked system. Sofacy (also known as “Fancy Bear”, “Sednit”, “STRONTIUM” and “APT28”) is a Russian-speaking advanced threat group that has been active since at least 2008, targeting mostly military and government entities worldwide. Since appearing on the public radar in 2014, the group hasn’t stopped its activities. Moreover, Kaspersky Lab experts have discovered new, even more advanced tools in Sofacy’s arsenal. New toolset: Interchangeable: The attackers…
Author: ISBuzz Team
In what appears to be a bold attack on net freedom, the government of Kazakhstan will reportedly attempt to spy on all encrypted internet traffic going in or out of the country by introducing a “national internet safety certificate” in January 2016. Brian Spector CEO of MIRACL (previously known as CertiVox) discusses: How exactly does this work? “This exploits a fundamental architectural flaw inherent to the design of PKI, which is the security infrastructure that uses digital certificates; the fact that whoever holds a certificate authority’s root key can issue a legitimate certificate to perform a man in the middle…
End of support for Windows XP puts national cash network at risk Many of the 65,000 ATMs in the UK could be at risk from cyber attack in the New Year when Microsoft ends extended support for the embedded version of its Windows XP operating system, warn researchers at UK IT security firm Abatis. From January 2016, Microsoft will be issuing no further security patches or updates for the OS still used in the majority of ATMs to deliver cash to customers in the UK and in many other counties around the world. “The desktop version of Windows XP ceased…
A number of Touchdown Clients have Predictions for 2016 Adapt – Kevin Linsell, Director of Strategy and Architecture Tighter security control and potential fines for security lapses. 2015 has seen no reduction in the number of high profile security breaches and exploits. In fact quite the opposite: the quantity and severity of attacks have reached new heights, with losses now reaching far beyond financial impact. I believe 2015 may be seen in retrospect as the ‘watershed’ year and in 2016 governments will be forced to act and finally mandate common sense security measures. This could include encrypting all data pertaining…
If your files could talk, I guarantee that they would have a lot to say. With larger quantities of data being shared across more devices than ever before, we often mismanage our files and lose critical information. Nearly half (42 percent) of IT professionals report their organisation does not mandate secure methods for transferring corporate information according to an Ipswitch survey. In addition, 18 percent of IT professionals admit they have lost a critical file and 11 percent have spent more than an hour trying to retrieve that file. Organisations need to re-evaluate their file transfer strategy because let’s face it…
Andrew tang, Service Director, Security at MTI Technology predicts the biggest cyber-security threats that will emerge in 2016. What will be the emerging IT security threats in 2016 and do you expect as many or even more attacks as 2015? Although Ransomware attacks have been talked about a lot in 2015, the number of attacks has risen significantly during Q4 2015. Ransomware attacks are so effective that the number of attacks will rise, as well as the level sophistication behind the attack. Especially as corrective measures to protect from the attack are rarely in place. DDoS (distributed denial-of-service) attacks aimed at…
Veracode’s Supplement to the 2015 State of Software Security: Focus on Application Development report benchmarks application risk profiles by type of programming language Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, released a supplement to the 2015 State of Software Security: Focus on Application Development, a report based on benchmarking analytics from its cloud-based platform. The report shows that four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode during the period covered by the report failed at least one of the OWASP Top 10, an industry-standard…
Nearly half of IT and IT security professionals across global businesses and government agencies have suffered a security breach in the last 24 months. Headline grabbing hacks such as Talk Talk and Sony are putting both personal and corporate data increasingly at risk as growing numbers fail to keep personal information secure. Recent news has seen data breach after data breach including those of communications giant TalkTalk, whose customer information was compromised due to a data breach by a third party, and even the Sony hack, where a lack of secure computer systems led to a release of confidential data.…
F-Secure researcher authors new report exploring how hackers are using third party services to spread malware and extract stolen data from victims. A researcher from F-Secure Labs has written a new report examining how hackers use third party services to coordinate malware campaigns. The paper was published by Virus Bulletin for its VB2015 conference and examines how the encryption used by online services like Twitter enable attackers, such as the state-sponsored group The Dukes, to spread malware and steal data. “If I had to put it in a nutshell, I’d say that attackers are using certain third party services to…
Employee behaviour is one of the biggest risks facing IT security in organisations today. The enormous uptake of the Internet of Things (IOT), wearable technology, Bring-Your-Own-Device (BYOD) and office-based cloud applications have created many potential vulnerabilities in organisations’ IT security. Ensuring that employees use this technology securely must therefore be a top priority for organisations when implementing and reviewing their security procedures. The loss of confidential business information and devices can be catastrophic and is most commonly caused by employee misbehaviour, whether that is a result of carelessness, ignorance or malice. In fact, in response to an ITIC Security Deployment…