Following this week’s story on the OpenSSL security flaw – rated with high severity and which affects any application that verifies certificates. Paco could shed light on how organisations can best prepare and protect themselves for these types of software security incidents. For example, Paco can explain how simulating these types of attacks in advance enables organisations to respond in a more practiced manner. Paco commented on the OpenSSL Flaw : Paco Hope, Principal Consultant, Cigital : “The frequency and severity of issues like these OpenSSL vulnerabilities are why the BSIMM measurement, a framework which helps organizations to measure and plan their…
Author: ISBuzz Team
More reaction to news that the U.S. gov OPM hack has impacted upwards of 25 million people from security experts of Tripwire,VASCO and Lieberman Software. Tim Erlin, Director of IT Security and Risk Strategy, Tripwire (www.tripwire.com): We shouldn’t be surprised that the scope of the OPM breach has grown. It’s a common pattern for discovered data breaches to grow in scope as investigators learn more about the details. When a breach is discovered, and when it hits the news, it usually coincides with the first definitive evidence of actual data loss. Just like any crime, the first indication of trouble often…
After days of fear at the newly discovered high severity bug in OpenSSL, we can now relax as experts reveal that the “flaw is bad, but no heartbleed”. This comes as a relief as the notorious Heartbleed flaw also originated in OpenSSL. Security experts from Tripwire, Imperva and ESET, discuss the severity of the issue. Tim Erlin, Director of Security and Product Management at Tripwire: “There’s an interesting cycle going on with OpenSSL vulnerabilities after Heartbleed. OpenSSL pre-announces a high severity vulnerability, which causes the information security community to start making noise about the ‘next Heartbleed.’ When the vulnerability is…
Public Wi-Fi is becoming more and more popular. It’s becoming prominent absolutely everywhere, and almost everyone uses it when given the opportunity. But many people still seem to feel that public Wi-Fi networks are built to give the public free Wi-Fi access without having to make concession with their privacy, and this is in spite of growing evidence to the contrary. And based on the show of political support for Wi-Fi, one can extend this to include the perception of lawmakers. So we here at F-Secure teamed up with ethical hacking firm Mandalorian and investigative journalist Peter Warren to conduct a…
Thousands of Android users targeted by phishing apps harvesting their Facebook credentials. ESET recently analysed two new samples of malware on Google Play masquerading as games called Cowboy Adventure and Jump Chess. The apps contained a Trojan functionality allowing them to carry out Facebook phishing attacks. Google has since taken down both of the apps and now displays a warning before their installation on Android devices. Read the complete story with screenshots on our blog. A few months ago, Google has also announced that the company has been improving security mechanisms on its Google Play Store to lower the risk of…
As BYOD continues to increase in popularity, so do related security threats. Find out how to protect your data if a business device is lost or stolen. Hardly a week goes by without news of a digital security breach or stolen data making the headlines. Between the recent Uber hack and reports of a Pioneer Bank employee’s laptop containing customers’ personal information being stolen, it certainly seems that data theft is on the rise. However, it’s important to point out that the threat to digital security doesn’t just come from hackers. The loss and theft of devices containing business information…
Hacking Team, an Italian company which sells surveillance tools to governments and law enforcement agencies, has had its systems breached and 400GB of internal documents leaked. Tripwire security experts provided the following comments: Craig Young, Computer Security Researcher for Tripwire (www.tripwire.com): “These tools could be used by a private corporation to monitor employees. For example, a company concerned about employees stealing trade secrets may pre-load employee computing devices with monitoring software. It could also be the case that some companies would like to glean information from competitors. In some cases, the software may also be used to gain intelligence on…
Innovative data platform accelerates time to value Teradata (NYSE: TDC), the big data analytics and marketing applications company, launched the next-generation Teradata Appliance for Hadoop®, version 5, which is configurable, ready-to-run and offers a choice of the latest version of Hadoop from Hortonworks® (HDP™ 2.3), and for the first time, Cloudera (Cloudera Enterprise 5.4). This appliance gives users the flexibility to accelerate time-to-value and reduce Hadoop cost of ownership. Teradata’s new appliance helps resolve challenges that some companies have in implementing Hadoop, providing faster time-to-market with a fully-engineered, enterprise-class solution – one that reduces total cost of ownership while facilitating…
Andrew Grant, Account Director, Enterprise Services, Ricoh UK offers advice on how the legal sector can safely and securely store information during the move to a paper-light society : In recent months, we have seen various business sectors adapt to the developments in new technology and the ‘digital era’ that we now find ourselves firmly living in. The banking sector, for example has recognised customer demand for secure and seamless access to online banking, with the introduction of fingerprint authentication to allow access from certain devices such as iPhones. Furthermore, the healthcare sector has acknowledged that our society is shifting…
More than half of small businesses in the UK are unprepared for data breaches, CSID survey finds 74% had a security breach in the last year Over two thirds do not have a disaster recovery or business continuity plan in place Despite an increased sense of awareness and frequent headlines of data breaches amongst well-known brands, small businesses in the UK still do not seem to understand that they are as much at risk of cyber attacks as large enterprises. New research by CSID, a leading provider of identity protection and fraud detection solutions, shows that 52 percent of small…