A unique malware targeting mass media agencies in Hong Kong hides its C&C (command and control) server inside Dropbox accounts. According to FireEye’s threat analysis, the campaign seems to be part of a Chinese state-sponsored attack, carried out by a group previously known as admin@338. Craig Young, security researcher at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire : “This is not a threat toward Dropbox users but rather the attackers are relying on Dropbox to help stay under the radar. Many security departments would recognize command and control traffic because the communication…
ISBuzz Team
Fans buying tickets for Adele’s tour have told the BBC they were shown the address and credit card details of customers other than themselves. Advance tickets were made available to members of Adele.com this morning. Ticketing company Songkick said due to the “extreme load” on the site some customers could see others’ account details. It apologised for any “alarm”. Security experts from ESET, Lieberman Software and Veracode have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Jonathan Sander, VP of Product Strategy at Lieberman Software : What can go wrong even without hackers involved? What should companies do to prevent details…
The ubiquitous authentication methodology Two-factor authentication (2FA) has been about for much longer than you think. For a decade or more we have been used to being issued with a card reader (in essence a hardware token device) to use with our bank card and Personal Identification Number (PIN) when looking to complete our internet banking transactions. 2FA technology has also, over the past year or so, been employed by seven of the ten largest social networking sites (including Facebook, Twitter and LinkedIn) as their authentication measure of choice. Because of this, the use of the technology has become widespread…
Advanced Persistent Threats as we know them will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts. In their Predictions for 2016, the experts reveal that while the ‘Threat’ will remain, the concept of ‘Advanced’ and ‘Persistent’ will disappear to reduce the traces left behind on an infected system. They will also rely more on off-the-shelf malware to minimise their initial investment. Kaspersky Lab’s Predictions for 2016 are based on the expertise of the Global Research and Analysis Team, the company’s 42 top…
As enterprise perimeters expand, so will security vulnerabilities It’s no secret that cyber threats are getting smarter and penetrating deeper across devices and different levels. As global enterprises push to scale their businesses through initiatives like cloud and social, information that previously resided in internal hardware will now be strewn across various devices and levels like on-premises, public clouds, social media and mobile. This will leave consumers, businesses and governments on constant high alert for increased risk, vulnerability and exposure. Cloud security will increase in scale, and decrease in complexity In 2016 we’ll see cloud security evolve into simpler, virtualized…
In response to the news that a group of hackers have threatened to collapse the websites of three banks in Greece if they do not pay 20,000 Bitcoins, Amichai Shulman, CTO of Imperva have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Amichai Shulman, CTO of Imperva : “These kind of threats should be handled full force by authorities up the point where individuals involved in the activity are apprehended and indicted. I’m not suggesting that banks and other organizations do not take any measures to protect their data assets and online presence (much like I don’t suggest people to stop…
Security experts from Lastline and Balabit have the following comments on SQL Injections. [su_note note_color=”#ffffcc” text_color=”#00000″]Péter Gyöngyösi, Product Manager of Blindspotter, Balabit : “The VTech breach: sneak peek into the IoT security nightmare “As it was reported by multiple sites, the Hong Kong-based toy manufacturer VTech was breached and a massive data dump containing the personal information and passwords of 4.8 million parents and their children became public. On top of being a massive security breach that involves under-aged kids, this incident showcases two things that can possibly go wrong if security does not evolve as the Internet-of-Things becomes more…
Tod Beardsley, Security Engineering Manager, Rapid7 have the following comments on OpenSSL Vulnerability. [su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 : “IT folks should prioritise applying the announced patches against their usual business needs; after all, the highest rated OpenSSL vulnerability is merely “moderate,” and I’d expect the OpenSSL Project to err on the side of more severe than less. While online retailers are going to be particularly sensitive to downtime this week, anyone who can afford the time it takes to test and push patches to production should do so. Having these issues buttoned up well before the holidays…
JC Gaillard of Corix Partners shares his top 4 tips for CIOs to effectively and efficiently deal with the matter of Shadow IT. Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security. Shadow IT is a…
Research from Kaspersky Lab unveils a nation of phone snoops, as Brits clamp down on their partners’ secrets With the office Christmas party on our doorstep, more of us will be tempted to send a flirty message to a colleague after a glass or two. However, the latest research from Kaspersky Lab warns our smartphones are more likely than ever to expose our secrets. According to its study of 2,000 UK adults,[1] 41 per cent admitted they know the PIN to their partner’s phone and 40 per cent said they would snoop through their partner’s phone if they suspected them…