We all know that Confidentiality, Integrity and Availability, also known as the CIA triad, is simple and widely applicable security model. But is this simple security model is sufficient to address security challenges pose by new technologies such as Big Data and Internet of Things? Big Data poses extra challenges to this triad because of (1) enormous amount of data to be secured, (2) number of sources sending data and (3) variety of data formats. Similarly, Internet of Things (IoT) allows physical objects or “things” to collect and exchange data and thus will present different type of security risk such…
Author: ISBuzz Team
Survey Commissioned by DomainTools Reveals Threat Intelligence Investment Continues to Lag Behind the Needs of Embedded Security Teams DomainTools, the leader in domain name and DNS research, announced its 2015 Value of Threat Intelligence Report, conducted by Osterman Research, Inc. The research found that when it comes to understanding how a hacker penetrated the corporate network, nearly a quarter (23 percent) had no insight on which channel a breach occurred. Despite the 66 percent year-over-year increase in cyberattacks since 2009, nearly 50 percent of respondents do not currently have a Threat Intelligence solution. In fact, a number of the organizations…
OS X El Capitan is now available, and it’s time to upgrade your Mac to Apple’s new operating system, if you so desire. El Capitan will run on all Macs that can run Yosemite, so if you’re running OS X 10.10, you should consider upgrading to OS X 10.11. If you have older hardware, you may hesitate, thinking that El Capitan might slow down your Mac. Keep in mind that, historically, when Apple released a “revision” version of OS X, such as Mountain Lion or Snow Leopard, these newer operating systems were as fast, or even faster than their predecessors.…
Nathan Wenzler commented on the latest IT security business news that LogMeIn acquired LastPass. [su_note note_color=”#ffffcc” text_color=”#00000″]Nathan Wenzler, Executive Director of Security, Thycotic : It’s no surprise that LogMeIn bought LastPass. Companies across industries are increasingly realizing that proper password management must play a central role in their IT security strategy. While LogMeIn clearly sees a big market in the end-user password market, it’s important to remember that hackers are in fact more interested in gaining access to the organizations’ privileged IT admin passwords. LastPass has the functionality IT Pros need for basic password storage, but they don’t really have the active,…
IT security company High-Tech Bridge’s Research Team has identified high risk vulnerabilities in WordPress and open source collaboration suite, Horde Groupware. [su_note note_color=”#ffffcc” text_color=”#00000″]Ilia Kolochenko, CEO of High-Tech Bridge : High-Tech Bridge’s research team has identified two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin, which can influence the execution of code and open back doors into 10,000+ live WordPress websites for hackers to exploit and steal personal data. Vulnerable versions are 2.4.3 and probably prior. InboundNow, the developer of the plug-in has been notified of these vulnerabilities. Details of this research can be found HERE. Impact : personal data theft…
AT&T has reported a 62% increase in the number of Distributed Denial of Service attacks, or attacks that disrupted company operations, over the past 2 years. These statistics were released in their new Cybersecurity Insights Report titled “What Every CEO Needs to Know About Cybersecurity – Decoding the Adversary” on a variety of issues including IoT, insider and outsider threats. Security expert from Imperva and STEALTHbits have the following comments. [su_note note_color=”#ffffcc” text_color=”#00000″]Jeff Hill, Channel Marketing Manager for STEALTHbits Technologies : “The new AT&T report delivers more evidence that cyber security mindshare is rapidly climbing the corporate ladder, and is…
Thousands of critical medical systems – including Magnetic Resonance Imaging machines and nuclear medicine devices – that are vulnerable to attack have been found exposed online. Security researchers Scott Erven and Mark Collao found, for one example, a “very large” unnamed US healthcare organization exposing more than 68,000 medical systems. Tim Erlin, director of security and product management at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire : “The Internet of Things is already here, and some of its denizens are already in critical condition. Embedded devices are nothing…
October is European Cyber Security Month, and ESET Ireland thinks this is a perfect opportunity to pick up some new cyber security habits. It can happen to anyone. You’re browsing through your work emails and spot one with an unusual subject. In the message, the sender is politely asking you to sign into your work account again because of some technical issues, and has kindly provided you with a specific link for this purpose. As the address appears to have come from inside the company, you click it and try to sign in. The process however, does not seem to be working, even after you…
Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads – they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, ads can often become downright dangerous. Where is the balance between the desires of publishers and the safety of users? Malvertising is the way that criminals leverage ad delivery networks to push their malware onto end users. This is made possible by both the multiple…
Internet of Things (IOT) Working Group Provides Easily Understandable Recommendations for Securely Implementing and Deploying IoT Solutions The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced that its Internet of Things (IoT) Working Group (WG) has released a new summary guidance report titled “Identity and Access Management for the Internet of Things.” The Internet of Things (IoT) has been experiencing massive growth in both consumer and business environments. In response to this emerging market and the particular security requirements of these connected…