Researchers have hacked an air-gapped computer using a mobile phone, posing a serious threat to critical infrastructure. The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data. Lane Thames, Software Development Engineer and Security Researcher at Tripwire, discusses what this means for the future of critical infrastructure. Lane Thames, Software Development Engineer and Security Researcher at Tripwire : “Indeed, this research is quite interesting. The important point here to me, however, is that we all need…
Author: ISBuzz Team
News has broken that hackers are using passages from literary classics, in particular Jane Austen, to fool antivirus software. Amichai Shulman, CTO of Imperva and David Harley, Senior Research Fellow at IT Security Firm ESET commented on the Jane Austen Spreads Malware. Amichai Shulman, CTO of Imperva : “This is emphasizing what we have been saying again and again for the past few years: it is virtually impossible to tell “malicious code” from “code” and thus any security solution that relies on attempting to make this observation is doomed to fail. While anti-malware solution are improving, they are bound to stay behind attack methods…
Following the news that nearly 1 billion phones can be hacked with a single text due to the Android vulnerability – Stagefright – Itsik Mantin, Director of Security Research at Imperva commented on the Stagefright: Google’s Android Megabug. Itsik Mantin, Director of Security Research at Imperva : “Many organizations permit employees to use their smartphones to access privileged company information and applications, a phenomenon called BYOD (Bring your own Device). Like in many cases, the convenience of the employee governs the security concerns that come with making the company resources accessible to unmanaged devices. The Stagefright case is an excellent example. Most of…
Third of employees have their price for selling their company’s private data, 25% would sell critical business information for £5,000, with some open to bribing for as little as £100 35% of employees would sell information on company patents, financial records and customer credit card details if the price was right. New research by Clearswift amongst 4,000 employees in the UK, Germany, USA and Australia, found that for £5,000 – the price of a family Caribbean holiday or less than three months of the average UK monthly wage – 25% would sell such data and risk both their job and…
The 16th annual SysAdmin Appreciation Day is on Friday July 31st. To join in with the celebrations, disaster recovery provider Databarracks has launched a new “day in the life of a systems administrator (SysAdmin)” online adventure game. Choose Your Own Adventure: Human Firewall sees players assume the role of a SysAdmin on a busy day in the office. You are faced with the everyday trials and tribulations of lazy managers and irresponsible employees, mitigating security risks whilst still keeping the lights on – all the time trying to get round to that all-important firewall update before the end of the day. Technical Director at Databarracks, Oliver…
Nearly two-thirds of c-suite executives surveyed indicate that cyberattacks occur daily or weekly As companies embark on new digital business strategies, nearly two-thirds (63 percent) of C-suite executives report that their companies experience significant cyberattacks daily or weekly; however, only 25 percent of them said their organization always incorporates measures into the design of their company’s technology and operating models to make them more resilient, according to a new Accenture (NYSE:ACN) survey. The Accenture paper, Business resilience in the face of cyber risk, also reported that in response to the situation, 88 percent of the more than 900 executives surveyed…
Global cybersecurity association ISACA has issued a significant update to its SAP Enterprise and Resource Planning (ERP) guidelines to help audit, risk and security professionals evaluate risk and controls in existing ERP implementations. “ERP systems automate and integrate much of a company’s business processes to create consistency. ISACA released this important update to bring together information related to SAP ERP-specific risks, controls and testing procedures,” said Ben Fitts of Deloitte Advisory, who worked with ISACA on the fourth edition of the book. “This will be a go-to reference for auditors, not just as a one-time read, but as a book…
In a new security alert, ATM developer NCR warns of a significant increase in US ATM skimming. Security expert Benjamin Wyrick, VP with VASCO Data Security, commented on the NCR alert on uptick in ATM skimming. Benjamin Wyrick, VP at VASCO Data Security : “The US Secret Service reports that there’s now more than $8B in ATM Skimming fraud annually. With more than 1.7M ATMs worldwide and more than $40B in annual cash withdrawals, the level of sophistication is growing quickly. Neither the card’s mag stripe nor the user’s PIN are usually ever changed. Two things will combat this fraud: expiration of data, and dynamic…
Wombat Security Technologies announced that its entire comprehensive, award-winning security awareness and training solution that includes knowledge assessments, mock attacks, and interactive training modules for a continuous training methodology is available in 13 languages. Wombat Security helps security officers deliver a comprehensive, continuous training program by providing all of the software necessary to assess and educate employees, reinforce the right behaviors, and measure overall behavior change. Numerous multinational organizations are using Wombat to reduce their risk, with proven results showing up to a 46% reduction in malware infections and up to a 90% reduction in successful phishing attacks from the wild.…
News and entertainment websites unknowingly host more than 50 percent of malvertisments; Flash exploits increase 60 percent and ransomware increases 80 percent since 2014 Bromium®, Inc., the pioneer of threat isolation to prevent data breaches, announced the publication of “Endpoint Exploitation Trends 1H 2015,” a Bromium Labs research report that analyzes the ongoing security risk of popular websites and software. The report highlights that more than 50 percent of malvertising is unknowingly hosted on news and entertainment websites, Flash exploits have increased 60 percent in the past six months and the growth of ransomware families has doubled each year since 2013.…