US-CERT published an advisory titled, “TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations”. One of the vulnerabilities leveraged in these new phishing campaigns is a use-after-free (UAF) vulnerability in Adobe Flash (CVE-2015-5119). This vulnerability is particularly interesting because it was leaked as a result of the hack and subsequent dump of HackingTeam’s email and source code. What is interesting here is not the existence of the vulnerability, but how this case underlines the massively asymmetric situation that defenders find themselves in. The HackingTeam exploit was already “weaponized”, in that it was fully productized, tested and documented. There is a…
Author: ISBuzz Team
Following a number of high profile security breaches (such as OPM and IRS), US federal agencies have been scrambling to patch their cybersecurity systems after Federal CIO Tony Scott announced a ’30-day cybersecurity sprint’. This has encouraged agencies to ditch outdated, vulnerable security methods such as passwords for enhanced security techniques like two-factor authentication (strong authentication). The sprint has undoubtedly boosted US Government cybersecurity : Federal civilian agencies have increased their use of strong authentication for privileged and unprivileged users from 42 percent to 72 percent– but what about the remaining 28%? Specifically, federal civilian agencies increased their use of…
Intralinks VIA customers include KPMG Dublin, Cairn Energy, and the New York Giants Intralinks Holdings, Inc. (NYSE: IL), a leading, global SaaS provider of secure enterprise content collaboration solutions, announces growing demand for Intralinks VIA as the focus on security, data privacy and regulatory requirements continues to grow. Intralinks VIA customers include: Midwest BankCentre, KPMG Dublin, Virgin Money, and Arden Asset Management in financial services; Cairn Energy, Essar Oil, Topaz Energy, Juwi Energy, and Sadara Chemical Company in the energy sector; as well as Rotech Healthcare, Nippon Steel, and the New York Giants. According to research from the Ponemon Institute…
Four in five consumers aren’t confident that their financial information is secure when dealing with big brands who take card payments over the phone, according to a new survey by Elitetele.com. In addition to this, a third (33%) don’t believe their data is more safe today than it was five years ago. These concerns highlight the importance of companies being PCI Compliant ahead of some of the most significant changes to the EU data protection laws expected in the next two years. With recent findings demonstrating a significant rise in cybercrime[1], it is surprising that UK consumers appear to be…
Tufin® announces the launch of the latest release of the award-winning Tufin Orchestration Suite™ R15-2 which enables organisations to efficiently manage, visualise and control security policies across their entire physical network and hybrid cloud platforms through automation and analytics. Tufin Orchestration Suite R15-2 brings customers improved security through automated application connectivity decommissioning and adds additional controls for compliance needs like NERC and PCI DSS 3.0. New visibility & control capabilities are now also available for OpenStack private and public clouds. Some of the highlighted new capabilities in R15-2 include: New Automation Capabilities to Reduce the Attack Surface Automated Decommissioning of…
New research finds zero-day vulnerabilities in Amazon’s top-selling smart home systems Tripwire, Inc., a leading global provider of advanced threat, security and compliance management solutions, announced results of an extensive security assessment of three top-selling smart home automation hub products available on Amazon. The research uncovered zero-day flaws in each hub that could allow hackers to take control of smart home functionalities. Smart home hubs are used to control lighting, heating, locks and cameras in people’s homes. In order to understand the risks associated with smart home hubs, Tripwire’s Vulnerability and Exposure Research Team (VERT) analyzed three of the top-selling smart…
The US tax code is famously complex. And with frequently changing local and state taxes added into the mix as well as sales tax collection and reporting obligations, it takes focus and determination – and frequently professional help – for small businesses to fully comply. When tax time for individual filers rolls around, media coverage of issues that affect wage earners and small businesses owners typically increase to take advantage of the fact that taxes are top of mind. But the fact is, tax scams and other pitfalls abound all year long. Here are five tax issues that can affect…
We have discovered a new fraud trend taking place in Japan and China. The scheme consists of completely fake e-commerce sites, solely created with the intention of stealing credit card information from the buyers (victims). These sites don’t actually sell anything – they are designed for the sole purpose of capturing credit card data, to be used fraudulently elsewhere. The following images capture different shopping sites, featuring products with a wide range of prices and brands, advertising different payment methods, including major credit cards like Visa and Mastercard, as well as alternative methods like Western Union. The screenshots below show…
One of Japan’s Largest Banks Expands Use of VASCO Authentication Solutions to Reduce Fraud and Enhance Customer Convenience VASCO Data Security International, Inc. (NASDAQ: VDSI), a global leader in authentication, electronic signatures, and identity management, announced that Sumitomo Mitsui Banking Corporation (SMBC) will provide their online retail banking customers with a highly-secure mobile banking solution for their smartphones developed with VASCO’s DIGIPASS for Apps. This is the bank’s third major implementation of an authentication solution. Sumitomo Mitsui Banking Corporation first introduced an OTP solution based on matrix authentication to their SMBC Direct retail internet banking services. In 2013, SMBC implemented…
Industry leader in advanced threat protection provides IT with visibility into social media risks and attacks Proofpoint, Inc., (NASDAQ: PFPT), a leading next-generation security and compliance company, announced from Black Hat USA 2015 (booth #1111), Proofpoint Targeted Attack Protection (TAP) Social Discover, which provides IT administrators with immediate visibility into the social media accounts linked to their organizations and the ability to persistently monitor for spam, phishing, malware, bad actors and fraud. Armed with this knowledge and Proofpoint Targeted Attack Protection threat intelligence across both social and email vectors, security teams can create a more comprehensive strategy to combat advanced…