Lane Thames, Security Research and Software Development Engineer at Tripwire says encryption was the key to this attack scenario and it could pose a big problem for corporations. Lane Thames, Security Research and Software Development Engineer at Tripwire : “Man-in-the-middle (MiTM) attacks are very dangerous. Often, MiTM attacks require the attacker to reside on the same network in between source and destination machines. That appears to be the case with the MiTM attack described by Paul Stone and Alex Chapmanat Black Hat. Their attack scenario targets organizations that use WSUS servers to update their servers and desktops. The key to this attack scenario is…
ISBuzz Team
Elastica, the leader in Data Science Powered™ Cloud Application Security, today released details about an injection vulnerability disclosed to Salesforce in early July which opened the door for attackers to use a trusted Salesforce application as a platform to conduct phishing attacks to steal end-users’ login credentials and hijack accounts. On August 10, Salesforce patched the vulnerability, a finding validated by Elastica researchers. Because the vulnerability existed in an actual Salesforce subdomain, end users receiving phishing emails with the URL would likely have had no way of identifying it as malicious and there is a high probability such a URL…
With the recent hack of online affair website Ashley Maddison, cyber-crime is in the spotlight. However, it’s been an issue plaguing both companies and users for many years and one that shows no signs of halting. Thanks to the increased fame of ‘hacktivists’ like the group Anonymous, who use hacking as a social justice tool, hacking is sometimes regarded as a method of extracting justice on corporations the public can’t touch. Such is the case for Ashley Maddison, who are now suffering a backlash that hinges on the negative perception of their website. To most, the hack is justified because…
Intralinks® Holdings, Inc. (NYSE: IL), a leading, global SaaS provider of secure enterprise content collaboration solutions, announced it has joined HP’s Cloud28+ initiative, a unified catalogue of cloud services that brings together European cloud providers, builders, and developers. Built on HP Helion OpenStack® technology, Cloud28+ includes services and local cloud providers in more than 28 different European countries, and complies with local and EU security and privacy data regulations. The Cloud28+ initiative gives companies broader access to a portfolio of cloud applications like Intralinks, and will accelerate and enhance cloud growth in Europe, giving more reach to local service providers,…
In big and small companies alike, security issues are often seen as bureaucratic red tape. In reality, security is a never-ending journey. For example, when Ford’s Model T hit the market in the early 1900s, it didn’t come with seat belts. These now-ubiquitous safety features didn’t become commonplace in all cars until the 1950s. And it wasn’t until the 1970s that laws were enacted to make seat belts standard in all new cars. Yet it took a cultural shift in society to convince people to actually use seat belts and make all of those previous efforts worthwhile. Concerning safety and…
ESET’s expert looks at some concerning privacy issues in the new Windows 10. ESET’s security researcher Aryeh Goretsky pointed out in his latest article, that it always makes sense to review the privacy settings and the policies of whatever software or services you are using, and Windows 10 is no exception. Before making the decision to migrate from Windows 7 or 8, you should carefully review these and think about what the implications might be to your home or business. Windows 10 potentially gives Microsoft access to the same information about your lifestyle that has previously only been accessible to…
The last few years have shown that the most underrated and unaddressed cyber breach potential in any enterprise is from the ‘trusted insider.’ Despite this, many companies seem to have their security investment strategy stuck in a legacy, network-centric mindset. This passé attempt to ‘hard-shell the network’ ignores what leading cyber warriors understand to be the real threat – sensitive yet unprotected information that exists throughout the organization. This is the ‘soft and gooey center’ of an organization is where trusted insiders live, and where they have unfettered access. By their nature, insiders hold positions that allow them to send email, save…
Global Survey Finds 31 Percent of Respondents Would Switch to Different Mobile Carriers; 33 Percent Would Jump Ship to Different Device Manufacturers Blancco Technology Group, a leading, global provider of mobile device diagnostics and secure data erasure solutions, released its new research study – It’s Complicated: Mobile Frustrations & Churn. The in-depth report investigates consumers’ mobile device usage habits and uncovers the complexity in the types and frequency of functionality issues that often arise throughout their life cycle. According to the global survey of over 1,400 mobile users, patience isn’t always a virtue and 49 percent of respondents will seek…
The RBS has had a major IT glitch, which has left many of its customers unable to access there accounts after a DDoS attack. David Fisk, EMEA, Sales Director at Quorum commented on the RBS websites temporarily brought down by DDoS attack. David Fisk, EMEA Sales Director at Quorum : “The recent RBS, DDoS attack poses the question of how can companies quickly recover from technical glitches? An organisation of this size has multiple redundant systems and a huge amount of experience in business continuity (BC) and disaster recovery (DR). Yet the fact remains disasters such as this will occur. Today’s IT leaders need to be on guard for even the most modest threats to…
Veracode well-known for its scalable cloud-based service, ongoing innovation and expertise Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, today announced that it has been positioned in the “Leaders” quadrant of Gartner Inc.’s 2015 “Application Security Testing Magic Quadrant1” for the third consecutive year, based on the company’s completeness of vision and ability to execute in the application security testing (AST) market. Highly publicised breaches in the past 12 months have raised awareness of the need to identify and remediate vulnerabilities at the application layer. Enterprise application security testing solutions for web, cloud and…