You may have seen the news that Oracle shared a blog post (cache version here – Oracle took it down) in which the CISO essentially told the world to not help them make their software better, that the world should trust them to do it.Chris explains how they are violating license agreements by reverse engineering code, is an attempt to turn back the progress made to improve software security. Chris Wysopal, CTO and CISO at Veracode : “We now rely on software for everything – health, safety and wellbeing – and crafting a policy of ‘see something, say nothing’ puts…
ISBuzz Team
A new story about fraud experts in Mexico who have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine’s card acceptance slot and used to read data directly off of chip-enabled credit or debit cards. John Gunn, VP at VASCO Data Security commented on the chip card ATM ‘Shimmer’ found in Mexico. John Gunn, VP at VASCO Data Security : “ATMs are designed for magnetic stripe cards and PINs, which are severely outdated and about as secure as a user name and password. This is why ATM skimming remains one of the…
Microsoft issued its monthly Patch Tuesday update, with nearly half of its 14 security bulletins addressing vulnerabilities in its newest operating system, Windows 10. Two of the four “critical” vulnerabilities impact Windows, while one primarily affects the company’s Office offerings.Security experts at Tripwire think of the severity of this month’s Patch Tuesday update. Craig Young, Security Researcher at Tripwire : “August’s Patch Tuesday releases are full of scary sounding bulletins like ‘Vulnerability in Mount Manager Could Allow Elevation of Privilege’ and ‘Vulnerabilities in RDP Could Allow Remote Code Execution,’ but when reviewing the details it becomes clear that they are…
Web-based Solution Helps Find Security Weakest Links to Prevent Phishing, Malware and Drive-By Attacks To find the weakest security link in your organization, you need to think like a hacker. Thanks to a new phishing solution called LUCY, companies can now measure and improve awareness towards phishing, malware and drive-by attacks by launching their own realistic phishing campaigns. Malware and phishing attacks can be devastating for companies in terms of legal liability, reduced sales and bad publicity. Attacks that seem to make headlines daily highlight both the missing technical security precautions and lack of awareness that are a risk for…
From tooth brushes that can schedule checkups with dentists to yoga mats that can analyze poses in real-time, one thing is abundantly clear—we are entering a new era of connected devices. Collectively referred to as the Internet of Things (IoT), Gartner predicts that the number of Internet-connected devices will rise to more than 25 billion by the year 2020. At the International Consumer Electronics Show (CES) in January 2015, 3,000 companies launched more than 20,000 new products. But IoT also introduces new security risks. Many in the security industry are wondering if the promise of IoT can be realized if…
Thycotic Black Hat 2015 Hacker Survey also finds 94% of hackers have found privileged account credentials in unprotected files Thycotic, a provider of smart and effective privileged account management solutions for global organizations, announced the results of a survey of 201 white hat and black hat hackers at Black Hat USA 2015. The survey, which was conducted live on August 5th at the conference venue in Las Vegas, found that a majority (75%) of hackers have not seen a fundamental change in the level of difficulty in compromising privileged account credentials, despite an overall increase in IT security spending over the…
Carphone Warehouse has been hacked and the personal details of 2.4 million customers may have been accessed. Up to 90,000 customers may also have had their encrypted credit card details accessed. Security Experts from Lieberman Software, Imperva and ESET provide insight and tips for affected customers. Philip Lieberman, CEO of Lieberman Software : “This is an excellent example of where the CEO of the company now needs to step in and evaluate whether his leadership of his information technology department yielded what he and his board of directors view as an acceptable loss. The CEO’s role today must be as the commander…
Firefox issued an update for its browser after it was discovered that a vulnerability that allows a violation of the same origin policy and injects a script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim’s computer. Mark James, Security Specialist at IT Security Firm ESET, commented on the issue in firefox browser. Mark James, Security Specialist at IT Security Firm ESET : How bad is this exploit? “This exploit is classed as “Critical” by Mozilla themselves so that gives an indication of how bad…
Study Shows Cybercriminals are Capitalizing on High Profile Data Breaches to Target Hosted Data Centers ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, announces data ranking the top U.S. cities for online fraud. The data reveals Tampa, Fla. as the top hot spot for online fraud and ThreatMetrix found a correlation between top cities for fraud and those home to hosted data centers. The top 10 list of U.S. cities for online fraud, according to ThreatMetrix, include: Tampa, Fla. New York, N.Y. Manassas, Va. San Jose, Calif. Atlanta, Ga. Ashburn, Va. Los Angeles, Calif. San Mateo,…
Domain Squatting is Growing as Companies Scramble to Protect their Trademarks Domain squatting is the practice of registering and / or using a popular internet address, one that often includes a company or household brand name, with the intent of selling it back to the actual company or brand name owner. It is also known as cybersquatting and has become much more prevalent in the last five years. ICANN, the authority that is responsible for processing top-level domain names, decided to allow more generic top-level domains in 2011. Popular generic top-level domains include .com and .org for example. By the…