In what appears to be a bold attack on net freedom, the government of Kazakhstan will reportedly attempt to spy on all encrypted internet traffic going in or out of the country by introducing a “national internet safety certificate” in January 2016. Brian Spector CEO of MIRACL (previously known as CertiVox) discusses: How exactly does this work? “This exploits a fundamental architectural flaw inherent to the design of PKI, which is the security infrastructure that uses digital certificates; the fact that whoever holds a certificate authority’s root key can issue a legitimate certificate to perform a man in the middle…
ISBuzz Team
End of support for Windows XP puts national cash network at risk Many of the 65,000 ATMs in the UK could be at risk from cyber attack in the New Year when Microsoft ends extended support for the embedded version of its Windows XP operating system, warn researchers at UK IT security firm Abatis. From January 2016, Microsoft will be issuing no further security patches or updates for the OS still used in the majority of ATMs to deliver cash to customers in the UK and in many other counties around the world. “The desktop version of Windows XP ceased…
A number of Touchdown Clients have Predictions for 2016 Adapt – Kevin Linsell, Director of Strategy and Architecture Tighter security control and potential fines for security lapses. 2015 has seen no reduction in the number of high profile security breaches and exploits. In fact quite the opposite: the quantity and severity of attacks have reached new heights, with losses now reaching far beyond financial impact. I believe 2015 may be seen in retrospect as the ‘watershed’ year and in 2016 governments will be forced to act and finally mandate common sense security measures. This could include encrypting all data pertaining…
If your files could talk, I guarantee that they would have a lot to say. With larger quantities of data being shared across more devices than ever before, we often mismanage our files and lose critical information. Nearly half (42 percent) of IT professionals report their organisation does not mandate secure methods for transferring corporate information according to an Ipswitch survey. In addition, 18 percent of IT professionals admit they have lost a critical file and 11 percent have spent more than an hour trying to retrieve that file. Organisations need to re-evaluate their file transfer strategy because let’s face it…
Andrew tang, Service Director, Security at MTI Technology predicts the biggest cyber-security threats that will emerge in 2016. What will be the emerging IT security threats in 2016 and do you expect as many or even more attacks as 2015? Although Ransomware attacks have been talked about a lot in 2015, the number of attacks has risen significantly during Q4 2015. Ransomware attacks are so effective that the number of attacks will rise, as well as the level sophistication behind the attack. Especially as corrective measures to protect from the attack are rarely in place. DDoS (distributed denial-of-service) attacks aimed at…
Veracode’s Supplement to the 2015 State of Software Security: Focus on Application Development report benchmarks application risk profiles by type of programming language Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, released a supplement to the 2015 State of Software Security: Focus on Application Development, a report based on benchmarking analytics from its cloud-based platform. The report shows that four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode during the period covered by the report failed at least one of the OWASP Top 10, an industry-standard…
Nearly half of IT and IT security professionals across global businesses and government agencies have suffered a security breach in the last 24 months. Headline grabbing hacks such as Talk Talk and Sony are putting both personal and corporate data increasingly at risk as growing numbers fail to keep personal information secure. Recent news has seen data breach after data breach including those of communications giant TalkTalk, whose customer information was compromised due to a data breach by a third party, and even the Sony hack, where a lack of secure computer systems led to a release of confidential data.…
F-Secure researcher authors new report exploring how hackers are using third party services to spread malware and extract stolen data from victims. A researcher from F-Secure Labs has written a new report examining how hackers use third party services to coordinate malware campaigns. The paper was published by Virus Bulletin for its VB2015 conference and examines how the encryption used by online services like Twitter enable attackers, such as the state-sponsored group The Dukes, to spread malware and steal data. “If I had to put it in a nutshell, I’d say that attackers are using certain third party services to…
Employee behaviour is one of the biggest risks facing IT security in organisations today. The enormous uptake of the Internet of Things (IOT), wearable technology, Bring-Your-Own-Device (BYOD) and office-based cloud applications have created many potential vulnerabilities in organisations’ IT security. Ensuring that employees use this technology securely must therefore be a top priority for organisations when implementing and reviewing their security procedures. The loss of confidential business information and devices can be catastrophic and is most commonly caused by employee misbehaviour, whether that is a result of carelessness, ignorance or malice. In fact, in response to an ITIC Security Deployment…
The benefits of hospital device connectivity According to the Royal College of Nursing, nurses in the UK spend an estimated 2.5 million hours a week filling out “non-essential” paperwork. By implementing IoT-enabled medical devices, data on a patient’s vital signs and intake of medication can be collected and monitored in real-time. Not only is the safety of care improved, the time and cost required to collect and chart data is greatly reduced. IoT-enabling medical devices can allow nurses to spend more time on direct care and interaction with patients, helping to improve the quality of nursing . Electronic Medical Record…