The German Government is contemplating an assessment of the security of consumer routers in a bid to lift current abysmal standards and help inform buyers. Berlin’s Ministry of the Interior IT security office says it wants to test routers for support of security features like WPS, encryption, and brute force protection of passwords. MAC address filtering and firewalls will also make the list. The agency points out in a draft document that poorly-secured routers can lead to mass compromise of users. Tim Erlin, director of security and product management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin,…
Author: ISBuzz Team
In response to the news that Aria Technology suffered a Bitcoin-based DDoS attack, where the firm’s website went down as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), Following are comments from Igal Zeifman, senior digital strategist at Imperva. [su_note note_color=”#ffffcc” text_color=”#00000″]Igal Zeifman, Senior Digital Strategist at Imperva : “By refusing to pay the ransom and instead posting a bounty, Aria is taking similar steps to other organisations who have fallen victim to DDoS extortionists. Striking back against these attackers is definitely the right thing to do. Despite the frightening threats, our experience has showed us that…
TalkTalk is continuing to confuse experts with its latest assessment of the root cause of a high profile breach on its systems last week, which may have exposed the bank details including bank information of up to four million customers. The under-fire telco is saying that it has become the victim of a “sequential attack” when in reality it is talking about a SQL injection attack and not a follow-up assault. Security experts from Tripwire, Imperva and MTI Technology have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Foster, Testing Services Manager at MTI Technology : “Although reports indicate that Talk…
Private PCs are rife with unpatched vulnerable applications from vendors like Apple, Adobe and Oracle. The 76 applications on the average US PC come from 27 different vendors – that’s how many update mechanisms you need to stay on top of! Secunia Research (now part of Flexera Software), a leading provider of software vulnerability intelligence, has published its latest country report, which reveals the state of security for PC users in a total of 14 countries, including the US. The report shows that: One in 20 applications on private US PCs are end-of-life; 12 percent of Windows operating systems are…
Trustwave Launches New Managed Application Control Service Based on Bit9 Endpoint Security Technology, Welcomes Bit9 Managed Security Service Customers Trustwave® and Bit9® + Carbon Black® announced a new alliance whereby Trustwave will become a global managed security services provider of the Bit9 Security Platform which includes application control. As part of the alliance, Bit9 + Carbon Black will transfer existing managed application control service (known as Bit9 Managed Administration Service) customers to Trustwave. Trustwave will also offer a Managed Application Control service—based on the Bit9 Security Platform—as part of its comprehensive portfolio of enterprise-grade managed security services. Tom Barsi, vice…
Regardless of geography, company size or industry sector, business leaders can be remarkably unanimous about their strategic priorities. When it comes to the strategic significance of digital technologies, for example, 80[i] per cent of the respondents to PwC’s recent CEO survey ranked the need to extract value from information through data mining and analysis as strategically important, second only to mobile technologies (selected by 81 per cent). Perhaps, as suggested by Forbes, CEOs have simply had enough of listening to colleagues present business ideas unsubstantiated by data and evidence[ii]. Or they are tired of having to make decisions based on…
Firebox T30 and T50 appliances deliver high-performance, enterprise-grade security from an easy to configure, deploy, and manage tabletop appliance that is perfect for franchise environments WatchGuard® Technologies, a leader in multi-function integrated security appliances, announced the release of the Firebox T30 and T50 family of powerful, enterprise-strength Unified Threat Management (UTM) appliances engineered specifically to address the rapidly changing security threats faced by small- and medium-sized businesses (SMBs) and Distributed Enterprises. Faster, more widely accessible connectivity is enabling organisations to be more distributed than ever before. In addition to securing the communications between a traditional corporate headquarters and remote employee…
Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Joomla had a 6.6 percent share of the market for website CMSs as of October 20, 2015 according to W3Techs—second only to WordPress. Internet services company BuiltWith estimates that as many as 2.8 million websites worldwide use Joomla. CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858 cover the SQL injection vulnerability and various mutations related to it. CVE-2015-7857 enables an unauthorized remote user to gain administrator privileges by hijacking the administrator session.…
Google recently announced that they are stepping up their commitment to DMARC. Starting in June 2016 gmail.com will reject any messages that don’t pass the authentication checks spelled out in the DMARC specification. Google’s adoption of DMARC is a huge step in right direction for global DMARC deployment and a mark of stability in DMARC in general. While Yahoo previously announced this same policy, having Google, as the largest email provider in the world, moving to “reject” is a huge endorsement. What does this mean for financial services and other companies, looking to ensure they are not adversely affected by these changes? Based on our experience…
The threat of being targeted online is unfortunately becoming ever more prevalent, as our ‘digital footprint’ grows larger. We have to accept that we will never be 100% safe whilst online, but there are many steps we can take to limit our exposure and decrease our vulnerability. Digital footprint In order to operate the devices we use to access the Internet we transmit additional information prior to, during, and after we send and receive our data. Nefarious sources are able to identify the devices and networks we communicate on as well as the software and hardware being used. Collectively, this…