The Internet of things (IoT) has everyone giddy. You can record shows with your phone that you forgot to set on your digital TV box before you left the house. You can unlock your house without a key or turn on your lights before you get home. You can turn on the heater remotely so it’s nice and toasty before you step in the door. Much more is to come; there’s buzz about the connected car, healthcare devices, and the endless possibilities. Analysts at IDC predict IoT spending will exceed $7.3 trillion by 2017. While all this is great for…
Author: ISBuzz Team
Data breaches are becoming a regular occurrence and are now increasingly high profile, covered heavily within the media. Not only are such breaches causing businesses excessive financial loss, they are also causing great reputational damage, which is arguably more detrimental to a company’s overall success. Take for example the recent data breaches on large organisations such as online dating site Ashley Madison and holiday firm Thomson, both of which heavily affected the already dwindling trust consumers have in businesses. The level of security businesses are applying to our all-important data is more in doubt than ever. In fact, a recent…
Following the warning from The National Crime Agency that internet users are being targeted by a new version of the Dridex malware, and that some £20m has already been stolen by the gang in the UK alone. Security experts from Tripwire and Raytheon|Websense, commented on the news and discussed how it’s not just a UK threat but a worldwide one. [su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Senior Security Analyst at Tripwire : “The sophistication and scale of the infection of Dridex, not to mention the amount of money made by the cyber criminals involved, shows that cybercrime is a big business. This…
Security experts from Splunk and HP Data Security commented on the latest news that Chinese hackers breached LoopPay, a subsidiary of Samsung that contributes to its new mobile payment system. The hackers had been inside LoopPay’s system for five months before the company discovered them in late August. [su_note note_color=”#ffffcc” text_color=”#00000″]Mark Bower, Global Director of Product Management for HP Data Security : “No one is free from breach risk. If you store, process and collect sensitive data, especially payments and personal data, your business is on the radar of attackers, period. Forensics are a powerful tool to discover the extent…
The risk of a “serious cyber attack” on nuclear power plants around the world is growing, warns a report. The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks. Many of the control systems for the infrastructure were “insecure by design” because of their age, the report said. Published by the influential Chatham House think tank, the report studied cyber defences in power plants around the world over an 18-month period. Tim Erlin, director of security and product management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security…
The highly publicised recent hack of the Hacking Team, the company that provides spyware and surveillance technology to governments and law enforcement agencies, has put the issue of malware detection into the spotlight. Widely criticised by privacy advocates for providing spyware to governments with poor human rights records, in July the Hacking Team itself became a target when unknown hackers spirited away 400 GB of data. The leaked cache of files included details of client dealings and the working source code of the company’s Remote Control Software (RCS) snooping tool. This should represent a major red light for enterprise security…
One of the most common ways to spread Android malware, including malware found on the official Google Play Store, is by masquerading as a legitimate popular application. The last such example that we blogged about on WeLiveSecurity was a fake Dubsmash app and Android/TrojanDropper.Mapin compromising tens of thousands of users’ devices. In order to help make Google Play a safer place for Android users, ESET continues to monitor the official Android app market for malicious or potentially unwanted applications. Another threat that has also been installed more than 200,000 times, having been available on Google Play for more than a…
With more than two-thirds of cyber-attacks targeting applications, run-time application self-protection for mobile, IoT and desktop apps increasingly essential Arxan Technologies, the leading provider of application protection solutions, today announced that applications running on more than a half billion devices are being protected by Arxan’s security solutions. Arxan technology is protecting mobile, desktop, and embedded applications across a variety of industries, including Financial Services, Healthcare and Medical Devices, High Tech, Internet of Things (IoT), Digital Media, and Gaming. Arxan’s adoption footprint was pushed beyond the half billion milestone with the customer addition of a popular mobile social media company using…
Phishing scams have been circulating for almost 20 years, yet they are still responsible for most breaches occurring today. Anthem, Target, JP Morgan, Sony Pictures – all can be traced back to an employee falling for a spear phishing message and unleashing malicious code into the enterprise. As the poorly worded, suspicious .exe files stopped fooling people, criminals changed tact instead creating malicious sites and sending links to invite individuals to stop by. Technology caught on, spam filters increasingly detected these ploys, and once again scammers evolved to ply their trade. The reason these scams still work is simple –…
High-Tech Bridge’s Research Team has identified a critical vulnerability in WordPress’ Gwolle Guestbook plugin, which has over 10,000 active installations. The vulnerability, a PHP File inclusion, could result in an attacker controlling a filename or reading and writing files, and arbitrary code on the target systems, with web server privileges. Marcel Pol, the vendor, has been notified of the vulnerability. Ilia Kolochenko, CEO of High-Tech Bridge, comments: “Vulnerabilities in well-known web application are becoming more and more difficult to detect and to exploit, and usually they have medium risk assigned due to complexity of exploitation or some special conditions required for successful…