U.S. and China Lead Top Sources of Command and Control Traffic; 48 Percent of Top 25 Hostile Non-U.S. IP Addresses are “Bruteforce” Repeat Offenders Solutionary, an NTT Group security company (NYSE: NTT) and the next-generation managed security services provider (MSSP), today announced the results of its Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2015. Solutionary SERT performed a broad analysis of the threat landscape, which unearthed several key findings. A year after the initial flurry of Shellshock activity, Solutionary identified several campaigns targeting the bash vulnerability during the latest quarter — more than 600,000 events from 138…
ISBuzz Team
First IPsec VPN Client compatible with Windows 10 now available with newly added features to improve ease-of-use capabilities while optimizing for Internet of Things configuration NCP engineering today announced the availability of its updated NCP Secure Clients, Version 10.02, to support users running Windows 10, the yet-released, latest version of the operating system, as well as those running Windows 8.x, Windows 7 and Windows Vista. The update includes optimization for Internet of Things (IoT) configuration, without the need for user interaction, and streamlines the process for network administrators in connected environments. It also introduces a function to deactivate the WLAN…
Is Windows 10 secure ? Following yesterday’s official launch of Microsoft’s Windows 10, David Chismon, security researcher at MWR InfoSecurity commented below on the windows 10 security. David Chismon, Security Researcher at MWR InfoSecurity : “The introduction of Windows Hello, a biometric authentication framework, may see more use of biometric authentication and a move away from passwords. There has also been discussion of a number of other features such as hypervisor layer to manage authentication tokens, however, few details have been published. The new browser, Microsoft Edge, has a smaller attack surface than previous browsers due to a lack of…
As you know, cyber attacks pose a major threat to U.S. industry and government. However, it can be difficult for executives to quantify the benefits of implementing cybersecurity measures. We have developed an innovative framework to help justify cyber investments and mitigate risk to organizations through implementation of a comprehensive cybersecurity strategy. The Challenge: On average, US businesses fall victim to 1.7 successful cyber attacks per week. The frequency, complexity, and costs associated with attacks is also increasing across industries. Despite these trends, many organizations are reluctant to increase cybersecurity spending because they are unable to accurately quantify the financial…
When it comes to data security, attackers continue to exploit the biggest weakness of all – people. ESET Ireland looks at 10 security mistakes humans continue to make on a daily basis. Poor patching The sad reality is that most data breaches owe not only to a human mistake, like clicking on a malicious link, but also to a computer system that is running on outdated software. Microsoft is making Patch Tuesday a thing of the past with Windows while most mobile operating systems, including Android and iOS, now have an auto-update feature for mobile applications so users don’t have…
HP has released a new study on smartwatch security. Ten smartwatches tested by HP Fortify contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. Mark James, Security Specialist at IT Security Firm ESET : “Smart watches are a “nice to have” option and thankfully not a “need to have” necessity. With anything new in IT there are often security measures that don’t make it due to deadlines enforced through the industry. Keeping up with other manufacturers to be a forerunner in this technology field may force products to be released without the necessary attention to how secure…
Tripwire finds security flaws in popular Smart Home Hubs Following an extensive piece of research, Tripwire’s Vulnerability and Exposure Research Team (VERT) can confirm it has discovered Zero-day vulnerabilities in three of the top-selling ‘Smart Home Hub’ products available on Amazon. Smart Home Hubs are used to control lighting, heating, locks and cameras in people’s homes, however many security experts worry about the privacy and safety risks associated because the technology is in relative infancy. In order to understand the risks associated with Smart Home Hubs, Tripwire carried out a security analysis on three top-selling devices and found zero-day flaws…
News and entertainment websites unknowingly host more than 50 percent of malvertisments; Flash exploits increase 60 percent and ransomware increases 80 percent since 2014 Bromium®, Inc., the pioneer of threat isolation to prevent data breaches, today announced the publication of “Endpoint Exploitation Trends 1H 2015,” a Bromium Labs research report that analyzes the ongoing security risk of popular websites and software. The report highlights that more than 50 percent of malvertising is unknowingly hosted on news and entertainment websites, Flash exploits have increased 60 percent in the past six months and the growth of ransomware families has doubled each year…
Cybersecurity researchers from Tripwire commented this morning on news that Fiat Chrysler has issued a voluntary recall of 1.4 million vehicles due to a remote hacking vulnerability. Tim Erlin, Director of IT Security and Risk Strategy at Tripwire : “Software patches for vehicles aren’t new, but the demonstration of this vulnerability was clearly attention grabbing. The risks of the connected car lie in the ability to affect the operations of the vehicle from the outside world. The good news is that secure software development isn’t a novel concept. There are known best practices that can be applied to automotive software…
Microsoft ran out of time, imposed by HP’s Zero Day Initiative (ZDI) to fix four critical security vulnerabilities in the mobile edition of Internet Explorer, Cris Thomas, strategist of Tenable Network Security commented on the IE Zero day vulnerability. Cris Thomas, Strategist of Tenable Network Security : “Unfortunately two of the big kids in our industry are having a little spat over vulnerability disclosure, again. As enterprises focus on getting business done we really have little time to obsess over whether or not companies are fixing vulnerabilities fast enough or are being irresponsible in disclosing them. There will always be 0-days. As…