Intel Security has launched its quarterly McAfee Labs Threats Report, revealing key cyber-attack developments over the third quarter of 2015. Key threat areas outlined in the report include: Weak security coding practices for mobile apps can expose data: Malware strains are being designed to take advantage of poor mobile app coding connecting mobile apps to back-end service providers – two mobile banking Trojans were able to intercept over 170,000 SMS messages of more than 13,000 banking customers, stealing credit card numbers and executing fraudulent transactions Fileless malware becoming more stealthy: The report looks at how malware which leaves only the…
ISBuzz Team
Organisations invest a lot of time, resources and money into ensuring the security of their back office systems but this can often be in vein if they fail to account for the external threats impacting their business. The security of your DNS provider is arguably one of the biggest examples of this. Recently, it was revealed that webhosting company Easily had emailed its customers to inform them that it had fallen victim to a malware attack. While it was quick to reassure customers that there was no evidence that account details, passwords or any personal information which could identify the customer had been accessed, Arean suggests it is imperative that…
Netwrix 2015 Cloud Security Survey reveals unauthorised access and account hijacking are the leading security risks associated with the cloud Netwrix released the results of its global 2015 Cloud Security Survey that show when it comes to migrating to the cloud, 65% of companies are concerned with security and 40% worry about their loss of physical control over data in the cloud. In particular, 69% of companies are afraid that migration to the cloud will increase the risks of unauthorised access, while 43% worry about account hijacking. Security is gaining increasing attention from cloud technology and service providers, but the…
You may have seen the news this morning that Moonfruit has taken websites offline following a cyber-attack threat. Thousands of business and personal websites have been taken offline with web host Moonfruit deciding to make its customers’ websites unavailable for “up to 12 hours” in order to make infrastructure changes. DDoS attacks are bad for businesses all year round but the timing of this attack could hugely affect any businesses hoping to make the most of the pre-Christmas rush, particularly for any companies selling Christmas cards and gifts on their website. Paul Heywood, Managing Director and VP of EMEA at…
Behavioural analytics applied to DNS traffic helps enterprises and services providers prevent data theft Infoblox Inc. (NYSE:BLOX), the network control company, introduced Infoblox DNS Threat Analytics, the first technology that applies behavioural analytics to DNS queries in real time to detect and actively block data exfiltration attempts using DNS as a communications pathway. Stealing proprietary information through DNS has recently become commonplace among cybercriminals, and Infoblox is uniquely positioned to help block loss of valuable data. This growing problem is creating concern among enterprises and service providers: Nearly half (46 percent) of large businesses have experienced DNS-based data exfiltration and…
The information created and processed by a business, whether about products, operations, customers or financial performance, can play a vital role in commercial success and even survival. And while every business keeps different types of information, some unique and some typical of its industry sector, it is widely believed that exploiting data sets to inform business decision-making can deliver measurable competitive advantage. You would expect businesses, therefore, to be making the most of emerging technologies and deploying resources suitably to exploit their information to its fullest. The truth is that, in most cases, they are not. In a recent study…
Following the news of the Twitter cyber attacks, please find below advisory comment from David Emm, principal security researcher at Kaspersky Lab, who provides insight on why Twitter believes these attacks were “state-sponsored”. [su_note note_color=”#ffffcc” text_color=”#00000″]David Emm, Principal Security Researcher at Kaspersky Lab : It has been revealed that Twitter has sent warnings to a number of users because their accounts may have been hacked by “state-sponsored actors”, who they believe have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers. This potential attack underlines the importance of not over-sharing in social networks: i.e. not posting…
Expands CTERA Enterprise File Services Platform to Feature Cloud-Agnostic Data Protection for Cloud Servers with Automated IT-as-a-Service Delivery CTERA Networks today announced a fully automated and secure in-cloud and cloud-to-cloud data protection solution that allows enterprises to protect any number of servers across any cloud infrastructure. CTERA Cloud Server Data Protection is designed for enterprise Cloud Operations (CloudOps) teams that have been forced to rethink data protection strategies as they migrate workloads natively within and across clouds in a new era of cloud services and IT-as-a-Service (ITaaS) delivery. The solution evolves the backup capabilities developed as part of the CTERA…
Open source: Security through transparency The contrast between proprietary and open source software is as old as the IT industry itself. Software in almost every category is available either from suppliers who develop and market their code by themselves or from developer communities who work with open code. Over the last decade the aversion to using open software, especially in the corporate field, has undergone a marked change. Managers realised that if even IT giants such as Facebook, Google and Amazon were relying on open source, ordinary companies should be able to do so too. The advantages of open source…
You may have seen news that, following the recent emissions scandal, carmakers seeking approval of new vehicles in Germany will be required to give the country’s regulators access to their software. Paul Farrington, senior solution architect at Veracode have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Paul Farrington, Senior Solution Architect at Veracode : “The German government should be congratulated for addressing the automotive emissions scandal problem at its core by ensuring that its regulators have full access to carmakers’ code. However, software checks should not be limited to testing for ethical issues such as software-based defeat devices that can…