More than 80 percent of mobile devices have encryption flaws, while an application written in any of a trio of scripting languages—including PHP, ColdFusion and Classic ASP—are more likely to have serious flaws. Craig Young, security researcher at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire : “SSL implementation flaws are incredibly prevalent in mobile apps and present grave risks due to the tendency of these devices to use untrusted wireless networks. I believe that a common source of this problem is that developers add logic to specifically disable certain SSL features (namely…
Author: ISBuzz Team
Following speech from Barack Obama appealing for tech firms to help fight extremism, Dr Nithin Thomas, an expert in encryption and CEO of a cybersecurity technology firm, SQR System have the following comments on this debate. [su_note note_color=”#ffffcc” text_color=”#00000″]Dr Nithin Thomas, Founder and CEO of Cybersecurity Firm SQR Systems : “President Obama’s plea for tech leaders to “make it harder for terrorists to use technology to escape from justice” is the latest call from a government to suggest encryption is a major barrier in the fight against terrorism. However, it is dangerous to pursue the idea of creating back doors…
You may have seen news that security researchers say they have uncovered further vulnerabilities on TalkTalk’s website and email services that could allow hackers to steal email address, password and financial data due to basic oversights. Paul Farrington, senior solution architect at Veracode have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Paul Farrington, Senior Solution Architect at Veracode : “It is completely unacceptable that after being breached using a common vulnerability, Talk Talk has not taken sufficient steps to remediate the remaining vulnerabilities in its website and email services. The SQL injection, by which the last attack was achieved, has…
According to SC Magazine, The Node.js Foundation has revealed a couple of bugs within its JavaScript software that could lead to major denial of service attacks against websites using the code. The issues affect versions of Node.js from version 0.12 up to version 5. [su_note note_color=”#ffffcc” text_color=”#00000″]Or Wilder, Security Researcher at Imperva : What is Node.JS? “Node.js is very popular among new startups and companies that chose to use a “FullStack” based web-environment. It allows companies to accelerate web applications development. Node is becoming more popular in large-scale organisations, its usage increased by 240% in the last year, however, according…
The Register has reported that “one of the most prolific and capable Russian malware groups is using a rare module to infect USB sticks and hose air-gapped machines in defence industry organisations. The group, known as “Sofacy” or “Pawn Storm” has been ripping into air gap defence organisations since at least August, demonstrating its skills using zero day vulnerabilities to foist malware, Kaspersky researchers say.” Tim Erlin, director of decurity and product management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “The USB port has been the…
This season cybercriminals take advantage of online shoppers. Below are four tips from Proofpoint cybersecurity experts on how to stay cyber safe this season. Don’t let your guard down—and don’t click. Holidays are a time when consumers want the fastest route to their end goal, and as a result, they don’t slow down to really pay attention to what they are clicking or what website they are writing into the search bar. This might seem obvious, but it’s surprising how many people open an email that appears to be from a retailer or type a website address too quickly—only to…
A rise in stolen DNA and fingerprints to commit fraud and identity theft If 2015 is to be considered “the year of the breach” with almost weekly compromises becoming the norm, 2016 will be considered to be the “year of the exploit”. We will see the stolen Personally Identifiable Information (names, addresses, financial data and even biometrics like DNA and fingerprints) and Intellectual Property (IP) of organisations exploited to commit fraud, replicate identities and compromise consumers, commercial organisations and intelligence activities. This will increase the hacking of organisations that hold DNA and other data like fingerprints as these unique signatures…
Legal professionals are ignoring best practice by using insecure methods when sending and sharing sensitive information A recent survey* by Brainloop reveals that the legal sector’s most sensitive and confidential data is commonly distributed using insecure methods, with less than one in ten professionals using a business-grade file sharing tool to send classified documents and information to colleagues. In addition, despite confirming that the information shared by legal professionals is often highly sensitive, the majority of respondents also admitted that they have sent documents or information to the wrong recipient in the past. Email is the distribution method of choice…
Cyber attackers are repurposing penetration testing tools to break into the networks of small and medium-size businesses worldwide with the goal of infecting Point-of-Sale systems with malware. The new attack campaign started in September and has been dubbed operation Black Atlas by researchers from antivirus vendor Trend Micro. Travis Smith, senior security research engineer at Tripwire provided the following comments. [su_note note_color=”#ffffcc” text_color=”#00000″]Travis Smith, Senior Security Research Engineer for Tripwire : “Using existing penetration tools for malicious intent is not a new technique. Since they are already widely used, many security tools have built in detections for these types of…
It has been reported that pub chain JD Wetherspoon has been hit by a data breach that has affected more than 650,000 customers. While JD Wetherspoon has not confirmed the details of the breach, it suggests that an ‘old database’ used by the company’s previous website was attacked and personal information, such as customer names and email addresses, has been compromised. JD Wetherspoon CEO John Hutson said in a statement released to the market today: “Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and…