A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging format allows Ruby software developers a clearly defined format in which they can reliably build and distribute software. Developer’s push Ruby gems to a distribution server (aka: a gem server) where by users can then install the Ruby application using “gem install gem_name”. In a recent presentation, “Trojaned Gems: You can’t tell you’re using one” at THOTCON 0x6, we (Brandon Myers and Jonathan Claudius) shared some of our research looking at the security of the Ruby gem eco system. The original goal of the…
Author: ISBuzz Team
A new “super-private” social network, Minds.com, has been launched with a hope of taking on Facebook with the reported advantage of higher user privacy. Unlike its competitors, Minds does not aim to make money from gathering data, instead it encrypts all messages so they cannot be read by advertisers and the government.Mark James, Security Specialist at ESET has commented on the advantages and disadvantages of Minds. Mark James, Security Specialist at ESET: “The trouble with any type of social network is that it is only as good as the user base, whether it’s Friends Reunited or Facebook, without users and…
Intel Security Technologies to be included in Honeywell’s Industrial Cyber Security Solutions for Process Control Honeywell (NYSE:HON) Process Solutions (HPS) and Intel Security today announced they will collaborate to help bolster protection of critical industrial infrastructure and the Industrial Internet of Things (IIoT). Intel Security’s McAfee® technologies will be integrated with Honeywell’s Industrial Cyber Security Solutions, providing Honeywell customers with enhanced security software to protect their control systems from malware and misuse. HPS is a leader in the industrial automation space, and its Industrial Cyber Security Solutions group has a dedicated global team of industrial cyber security experts that provide…
There are several security issues to consider when looking for a cloud data storage provider. In the emerging field of cloud data storage, companies employing cloud services often underestimate the importance of proper security. In fact, SkyHigh reports that the average business only spends 3.8 percent of their security budget on digital security. Luckily, proper certification means that your cloud service provider has done the heavy lifting when it comes to security. Here’s a look at just a few of the best security certifications to ask about when choosing a cloud data provider. FIPS 140-2 There’s a frightening truth about…
Around 60 per cent of all web application attacks in the UK are SQL injection attacks, making them the number one target for attackers. This is according to the latest 2015 Global Threat Intelligence Report (GTIR) announced by NTT Com Security, the global information security and risk management company. Analysing over six billion attacks in 2014, the GTIR reveals that injection attacks – a code injection technique designed to attack data-driven applications – are twice as likely to happen in the UK as they are anywhere else in the world. The total figure for injection attacks across all countries was 26 per cent, with…
The number and variety of devices getting connected to the internet are increasing everyday. Leading analyst estimates indicate that over 26 billion devices will be connected to the internet by 2020 creating the internet of things (IoT). Surprisingly this list excludes PCs, tablets and smartphones, representing an almost 30-fold increase from 0.9 billion in 2009. Securing the internet of things is increasingly becoming a challenge. With every new device getting connected to internet, the ways in which a system can be compromised are also changing. IoT devices usually have embedded systems, with minimal or zero inbuilt security features. New pathways…
Expert Comment on Silver Linings to LastPass Hack from Damien Hugoo with fraud detection and protection provider Easy Solutions. Damien Hugoo with fraud detection and protection provider at Easy Solutions : Password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords. In general, we are not a fan of password management tools. While they provide convenience, a central repository of any sensitive data is always going to garner greater attention…
Intego, the leading provider of security solutions for Mac, today introduced a new update to its cornerstone Mac antivirus software, VirusBarrier X8. The updated version of VirusBarrier X8 is focused on providing Mac users with increased performance so their machines can remain protected while minimising system disruption. The software update includes major rewrites of the processing and memory systems for increased efficiency, as well as increased speed of malware definition updates. Minor enhancements include user interface improvements for easier interaction. The update is available free to existing Intego customers. “We’ve spent years making VirusBarrier easier to use for our non-technical…
Iron Mountain and IDC Study Shows Data Archives Represent Blind Spot, Business Opportunity for Most Organisations Organisations of all sizes and across industries are drowning in data, unable to effectively mine their data archives for key insights that could ultimately improve business outcomes. However, the findings also indicate that a subset of organisations are in fact successfully leveraging their data archives and the benefits are impressive – as much as an additional $10M (£6.4 Mil) in revenue from streamlined IT and customer service operations. This is according to the results of the landmark study[1], “Mining for Insight: Rediscovering the Data…
Adobe released an emergency update to fix a security hole in the Flash Player browser plugin. Wolfgang Kandek CTO Qualys had the following comments: Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. Fireeye had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believe it was developed by the group called APT3 and usedin targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash and the exploit shows some signs of sophistication by…