Lieberman Software released a new whitepaper this week called “Cyber Defense Review of Mandiant and Verizon Threats: How to Immediately Limit Attack Consequences.” In it, they lay out a step-by-step analysis, repudiating recent claims made by Mandiant and Verizon, and offer solutions for protecting organizations from the common phases of most cyber attacks. Modern, advanced attacks are now launched on a nearly continuous basis against most enterprises. Many zero day attacks can easily penetrate conventional network perimeter defenses, allowing intruders to nest within the IT environment for extended periods of time. Once inside the network, attackers generally take these three…
Author: ISBuzz Team
Wolfgang Kandek CTO of Qualys has posted his commentary on June’s Patch Tuesday Halfway through the year and this month we have eight bulletins bringing the total count for the year to 63. Four of the bulletins address Remote Code Execution (RCE) vulnerabilities and one covers a publicly disclosed kernel vulnerability that has not seen any exploits yet. Weirdly enough there is a “hole” in Microsoft’s lineup and one bulletin, MS15-058 is apparently not ready to be released yet. Internet Explorer (IE) is in the top spot of our recommendations this year as it has been for the last 12 months with the occasional exception of…
Launch of Enterprise Mobility Solution Centralised dashboard to track, manage and secure mobiles devices Remote wipe feature to protect against data theft or misuse Flexibility to manage enterprise and employee-owned devices ManageEngine, the real-time IT management company, announced the launch of Mobile Device Manager Plus, its enterprise mobility management solution. Targeting organisations that are adopting mobile-only and mobile-first IT strategies, Mobile Device Manger Plus provides a dedicated solution for tracking, managing and securing their mobile devices. Mobile Device Manager Plus is a strategic response to unrelenting growth of enterprise mobility and the ensuing rise of mobile-centric organisations. Forrester predicts the number of global smartphone subscribers will reach 3.5 billion by 2019, with smartphone penetration by population exceeding 50 percent in 2017 and reaching 59 per cent by 2019, up from 28 percent in 2013. TechNavio forecasts global MDM market CAGR will be 25.4 per cent between 2014 and 2019. “Mobile devices are starting to drown out and replace PCs and laptops on corporate networks,” said Mathivanan Venkatachalam, director of product management at ManageEngine. “We’re seeing that trend in our customer base, and we’re…
Free with XMS Cloud, EasyPass simplifies the connection process and streamlines IT operations for secure, device independent Wi-Fi access Xirrus, the leading provider of high-performance wireless networks, today announced immediate availability of EasyPass, a suite of services that manage mobile device connections to Wi-Fi networks in the simplest way with minimal IT involvement. EasyPass streamlines device onboarding for employees and guests and requires up to five fewer steps than before. The cloud hosted Software-as-a-Service (SaaS) provides IT complete control over the Wi-Fi network from a single console and provides the only device-agnostic solution on the market that eliminates all platform…
Digital Barriers (AIM: DGB) announces today that, in response to strong customer demand, its world-class video streaming technology, TVI, will be natively integrated with Milestone XProtect® video management software (VMS). Global interest in secure, real-time video is growing rapidly, fuelled by the exponential rollout of wireless communications infrastructure. The market is now demanding wireless solutions for smart cities, vehicle-based passenger safety, remote asset protection, and body-worn video. Whereas standard video codecs, such as H.264, are not optimised to work in real time over wireless networks (often leading to poor image quality and high data transmission costs), TVI with its military…
Duqu is back: Kaspersky Lab reveals cyberattack on its corporate network that also hit high profile victims in Western countries, the Middle East and Asia Kaspersky Lab uncovers Duqu 2.0 – a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities Malware infections linked to the P5+1 events and venues for high level meetings between world leaders Kaspersky Lab is confident that its clients and partners are safe and that there is no impact on the company’s products, technologies and services In early spring 2015 Kaspersky Lab detected a cyber-intrusion affecting several of its internal systems. Following this finding…
David Anderson QC, Antony Walker, deputy CEO of techUK commented “David Anderson QC has delivered a carefully researched report that provides a positive and constructive basis for the development of the Investigatory Powers Bill. Anderson’s findings support our position that we need new legislation to strengthen the legal framework and ensure proper democratic oversight. This is a unique opportunity to get the legal framework right for UK citizens, tech companies and UK national security.” On the recommendation to bring a number of existing pieces of legislation under one comprehensive new law: “Bringing the surveillance capabilities of agencies under one single…
Another day, another media story about a public sector data breach. Whether it’s a filing cabinet containing confidential prison documents unwittingly sold at auction, private employee data accidentally posted online, or papers sent to the wrong person by mistake[i], invariably, the end result is that the media have a field day and the Information Commissioner issues yet another reprimand or fine. Are things really this bad when it comes to information protection in the public sector? Well, yes and no. We recently completed a study[ii] of how public sector bodies across the UK manage their information. The findings reveal that…
Proofpoint has today issued a new report which exposes the economic and technical drivers behind the recent rise in malicious macro campaigns. Since late 2014, security researchers and organizations have witnessed massive unsolicited email campaigns bearing what at first seemed to be a “throwback” threat. Microsoft Office document attachments with malicious macro code that could download malware onto the client system. Deceptively simple and flexible malicious macros have returned in a big way and are driving today’s massive unsolicited email campaigns and tricking end-users into clicking. Proofpoint’s report examines the technical and business drivers behind the recent explosion in malicious…
We have written frequently on Threat Insight about the return of malicious macros as an exploit technique in email-borne threats, and while the campaigns have evolved the question has lingered: How and why did this ‘outdated’ technique so quickly become a key part of massive malware campaigns? It’s a truism to say that cybercriminals are a business, but how does that affect their choice of technology? Attack techniques come and go as technology and user behaviors change and defenses adapt to new threats – and sometimes take their eye off old ones – and the return of malicious macros offers…