Report by Checkmarx and AppSec Labs Shows Each Mobile App Exposed to More than 9 Vulnerabilities Checkmarx, a global leader in software security testing and protection solutions, and AppSec Labs, mobile application security experts, released a report entitled The State of Mobile Application Security 2014-2015. The report showed the alarming rate of mobile application vulnerability finding that each app is exposed to an average of 9 different vulnerabilities. The report also casts doubt on the common myth that iOS is more secure than Android by highlighting that in the field of vulnerabilities built into the code or application logic, the…
Author: ISBuzz Team
Cyber security expert Branden Spikes with Spikes Security (he’s the former tech lead of SpaceX, Tesla and Paypal) responds to today reports of a new ad fraud botnet now turned loose on enterprises and universities, which exploits the Amnesia bug in the Open RBT 2.3 protocol. [su_note note_color=”#ffffcc” text_color=”#00000″]Branden Spikes, CEO, CTO and Founder Notes at Spikes Security : “Traditional antivirus has become irrelevant in today’s cybersecurity industry. The digital advertising channel is the missing link to identifying new, emerging threats in cyber security.Until traditional anti-virus companies incorporate this channel, threats such as Xindi will continue to be overlooked. “Xindi’s…
A Belfast man fears he has had his personal information compromised by a data breach at online takeaway service Just Eat. A number of people registered to the site have received a scam email that is not from the company, yet still includes their personal details. This email asks customers to fill out a survey, for which they will be paid £10. When the survey is complete the customer is asked to enter personal bank details – on a page that looks convincingly like the real Just Eat site. Richard Beck, head of cyber security at QA have the following…
The Ponemon Institute surveyed 692 IT and IT security professionals and found that 47% of the participants said their companies were breached in the past two years. The survey also revealed that 65% of respondents believe threat intelligence could have prevented or minimized the impact of a breach. Respondents also said they used free sources of threat intelligence, but had no way to prioritize those threats and 39% said they had no confidence in them at all. Tim Erlin, director of IT security and risk Management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of…
9 Out of 10 Respondents Believe Regulators Should Hold Businesses Liable if They Don’t Make Reasonable Efforts to Secure Data Veracode, a leader in protecting enterprises from today’s pervasive Web and mobile application threats, today issued findings from a joint NYSE Governance Services/Veracode survey of 276 board members revealing how cybersecurity-related corporate liability is being prioritized in the boardroom. Nine out of 10 of those surveyed believe regulators such as the Federal Trade Commission (FTC) should hold businesses liable for cyber breaches if due care has not been followed, and more than 50 percent expect investors to demand more transparency…
In the latest AV-Test Self-Protection of Antivirus Software test ESET has repeated its success from last year and scored 100% with ESET Smart Security, being the only solution in its category to reach that score for a second time. Most of the malware now targets the IT security solution in order to disable it. Using self-protection technologies DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomisation) as a supporting measure reduces the risk and makes the solution more secure. In the key test of the self-defence capabilities of IT security software, AV-Test examined whether these protection technologies were implemented…
Any mention of hacking these days and most people will shudder at the thought. According to Kaspersky Lab 2015 Cyber Crime Predictions, the short-range prediction is that cyber-crime is getting worse. Hacking has been very dominant in the news of late, as soon as the public’s attention is diverted from one hacking/cyber-crime story another is ready to take its place. Looking at news headlines in the last two months, there is a noticeable increase in hacking and cyber-crime incidences or at least increased attention to hacking and cyber-crime in the news. Cyber criminals and hackers are becoming bolder and more…
Brian Krebs has reported on the latest cyber criminal innovation in ransomware, named “Linux.Encoder.1; which targets sites powered by the Linux operating system. Typically, the malware is injected into Web sites via known vulnerabilities in site plugins or third-party software — such as shopping cart programs. Once on a host machine, the malware will encrypt all of the files in the “home” directories on the system. The file currently has almost zero detection when scrutinized by antivirus products at Google’s Virustotal.com, a free tool for scanning suspicious files against dozens of popular antivirus products. IT Security Experts from Tripwire give insight into this…
The Crown Prosecution Service (CPS) has been fined £200,000 for failing to encrypt police interviews about violent and sexual crimes stored on laptops that were later stolen. Some of the 43 interviews with victims and witnesses related to historical allegations against “a high-profile individual”, said UK data watchdog the Information Commissioner’s Office (ICO), which handed down the penalty. Security Experts from Digital Guardian and QA have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Luke Brown, Vice President & GM, Europe Middle East Africa India & Latam at Digital Guardian : “This case highlights two separate failings made by the Crown…
Underground cybercrooks are selling digital certificates that allow code signing of malicious instructions, creating a lucrative and expanding cottage industry in the process, according to new research from threat intelligence firm InfoArmor. In one case, a hacker tricked a legitimate certificate authority into issuing digital certificates for malware before marketing a cyber-espionage tool called GovRAT. InfoArmor found posts promoting code-signing certificates in various underground marketplace. Hackers price these certificates at between $600-$900 depending on the issuing company. Code-signing certificates issued by Comodo, Thawte DigiCert and GoDaddy – firms well known for supplying digital credentials to legitimate software developers – are…