Survey reveals unmanaged credentials are the biggest security issue for organisations and IT professionals are unrealistic about time it takes to identify threats A new survey from Lieberman Software Corporation has revealed that 83 percent of IT professionals do not believe advanced persistent threats are over-hyped, however they are still very naïve about the length of time it would take to identify an advanced persistent threat on their own corporate network. The study was carried out at Black Hat Conference 2015 and looked at the attitudes of nearly 150 IT security professionals. It revealed that 10 percent of IT professionals believe it would take…
Author: ISBuzz Team
PhishMe has issued details of a malicious phishing campaign currently circulating, with an XORed payload that is capable of grabbing a ton of credentials, mostly FTP. Ronnie Tokazowski, PhishMe’s senior researcher, explains, ” When reversing malware samples, one of the things that we as analysts look for are places where the attackers slip up. This can be anywhere from using the same strings, to weak obfuscation routines, or re-using the same snippet of code. When we talk about the attackers, there is this misconception that they are these super villains who can only do evil, but keep in mind they…
Risk of Attack Increases Every Month According to Mobile Threat Intelligence Report On the eve of Halloween, Skycure, the leader in mobile threat defense, announced the results of its first Mobile Threat Intelligence Report, which found an increase in threats to both enterprise and personal mobile devices. By analyzing worldwide mobile data from Skycure and outside sources, the report found 41 percent of mobile devices are at medium to high risk on the Skycure risk scale. Nearly two in every hundred are high risk devices–already compromised or were under attack. Skycure ranks devices according to a proprietary Mobile Threat Risk…
News has broken this morning that a ThinkTank study found that the world’s biggest tech companies have failed to make the grade when it comes to data-privacy rights for their users. Please find below a comment from Richard Beck, head of cyber security at QA. [su_note note_color=”#ffffcc” text_color=”#00000″]Richard Beck, Head of Cyber Security at QA : “Today’s news that the world’s top tech companies are failing when it comes to privacy and freedom of expression unfortunately illustrates how vital it is that users understand what data they are giving away. All of the firms surveyed reportedly failed to offer their…
Google Play Store users are being warned of a malware disguised as a game which could be attacking their phones. The malware, which is said to appear as an application called “Brain Test,” has been infecting Android phones since August. Neurogadget reported that the malware may be more advanced than previously thought. Security exerts from Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “Ads appearing on you Android phone outside of a specific application are a clear warning sign that something is wrong. The Google and Apple app stores…
Police have made a second arrest, a 16-year-old boy from west London, in connection with the TalkTalk hacking. Richard Beck, head of cyber security at QA have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Richard Beck, Head of Cyber Security at QA : “With the latest arrest in relation to the TalkTalk breach, it’s unnerving to see the ages of those involved, but perhaps not surprising. With hacking tools and tutorials available freely online, anyone with enough time and inclination can teach themselves how to breach even the largest of companies. Businesses are in an era where a cyber attack…
The government will publish the Draft Investigatory Powers Bill, which will re-set the legal framework that governs the actions of the UK’s security services. Commenting ahead of the bill, Antony Walker, deputy CEO of techUK said : “Privacy and security must not be seen as irreconcilable objectives. This unique opportunity to set the global Gold Standard will only be achieved through constructive engagement with the views and concerns of the tech sector. “Next week we expect Government to present a draft bill that sets out and codifies more clearly than ever before the powers available to our security services and…
Maximize your investment in data protection and recovery solutions with true global source-side deduplication “Too much data, not enough storage space, not enough time and not enough budget” are familiar statements among small and medium-sized businesses. Protecting and ensuring recovery for an ever-increasing volume of data while managing costs is a serious concern for companies that may not have the IT resources, infrastructure or personnel of a large, enterprise-level organization. Backups may fail, take up too much space or cost too much, all of which can have a significantly negative impact on an SMB’s ability to recover and operate in…
ENITSE Enterprise IT Security Conference & Exhibition will be held on 17-18 May 2016 in Istanbul, Turkey. ENITSE is one of the most important events in EMEA in its category. IT Security, Network Security, Big Data Security, Mobile Security, Cloud Security, IT Risk Management, Application Security, Identity and Access Management, Web Security, End User Security and Database Security are key topics of the conference. ENITSE Conference presents a perfect platform at where speakers share their experience, knowledge, visions and future forecasts with the visitors. The conference speeches will be either in Turkish or English and simultaneously will be translated to…
Efficient and effective data encryption becomes a vital part of our daily life. We use various web applications every day to pay our bills, send and receive our emails and share private information or photos with friends on social networks. Each time we send a data to a web server from our computer or a mobile phone, we want it to stay private and confidential relying on HTTPS encryption. At the beginning of the year, 74% of companies in the Global 2000 were still vulnerable to critical Heartbleed vulnerability. A week ago, a new research from Netcraft revealed that 1…