You may have seen news of Venom, the zero-day flaw which is being touted as as dangerous as the Heartbleed vulnerability which dominated security news in Spring 2014. There are warnings that the warning the new bug could allow a hacker to take over vast portions of a datacentre from within. Comment from Chris Eng, Vice President of Research at Veracode, the application security specialists. The news of the VENOM vulnerability is concerning in breadth – similar to what we saw with Heartbleed in terms of the number of products affected. However, the severity of this zero-day is not nearly as alarming…
Author: ISBuzz Team
How to secure a local network without hindering user experience The cloud has soared in popularity, growing by more than 300 percent in the last seven years, making it difficult to ignore. Outside of corporate use, the cloud has really skyrocketed in general consumer use. Personal email and file sharing is almost entirely cloud based, increasing demand by staff for the same level of functionality at work. The cloud is therefore a popular choice for employees in almost any organisation, however, the biggest concern for business and obstacle to adoption is security. The cloud is inherently open and can be…
This has not been widely covered yet, but there are reports that credit card hackers are targeting Starbucks gift card and mobile payment users around the country – and stealing from consumers’ credit cards — with a new scam so ingenious they don’t even need to know the account number of the card they are hacking. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes. The crime is so simple, can escalate quickly, and the consumer protections controlling the transaction are unclear. Experts from Lancope, STEALTHbits Technologies and HP Security Voltage…
First organisation worldwide to earn respected technology industry credential Databarracks, the disaster recovery specialist, announced today it has received the CompTIA Cloud Trustmark+™, a respected industry credential that signifies adherence to best practices for technology service delivery and customer interaction. The Trustmark was developed by CompTIA, the non-profit association for the information technology industry, to identify cloud service providers that demonstrate the highest levels of quality within the channel. Peter Groucutt, managing director at Databarracks, commented: “We’re very proud to have been awarded CompTIA’s Cloud Trustmark+ credential, and to be the first company in the world to complete the accreditation process…
The “Internet of Things” is a buzzword which is becoming more and more prevalent in today’s society. This is mostly due to the rise of crowd funding schemes and an insurgence of low power, highly capable microcontroller platforms such as Arduino. The Equity Kicker expects 33 billion devices connected by 2020 with a large portion of them falling under the IoT umbrella term and Forbes are predicting some pretty mind-bending revenue estimates over the next few years. Many of these devices are greatly enhanced by increased connectivity to the internet where they have access to large amounts of cloud based…
Cytegic DyTA intelligence platform gathers, processes and analyses hundreds of thousands of intelligence feeds on a month basis, to allow a quick and understandable cyber-trend analysis. DyTA enables cyber-intelligence analysts and CISOs to understand and analyze the threat level of each attacker and attack method relevant to their organization, according to their geo-political region, industry sector and corporate assets. The following report represents the most interesting and active cyber-trends that DyTA analyzed, in addition to noteworthy vulnerabilities, malware developments and cyber-attacks and campaigns. Executive Summary Interesting trends: April compared to March – In North America, attackers were significantly more active…
Fortune 100 social media analysis highlights FTC, SEC, FFIEC, FINRA and FDA regulatory issues and the need for more dynamic compliance processes Proofpoint, Inc., (NASDAQ: PFPT), a leading next-generation security and compliance company, today released the first social media study that exposes the compliance violations and incidents affecting Fortune 100 social media accounts. Corporate investment in social media is on the rise, but most organizations still do not understand the scope and scale of the risks. Over the course of one year, the Proofpoint Nexgate research team used its patent-pending technology to examine and analyze a broad range of Fortune 100…
From Dropbox to Twitter to WeTransfer and Salesforce, the use of cloud-based applications has become an everyday part of the modern business ecosystem. Research has shown that the average employee uses a staggering 27 apps at work.[1] To accommodate this trend, most companies are now deploying cloud-based solutions; the expectation being that by 2018 around 59 per cent of companies will be using software-as-a-service (SaaS).[2] As the understanding of the cloud has matured, progressive organisations have started to adopt enterprise applications that are tailored to the meet the needs of their business. However, these businesses still rely on security products…
Intel Security president Chris Young has called out the cyber security sector on its reactive stance toward cyber threats, admonishing the industry for focusing too heavily on the symptoms of cyber attacks at the expense of the contextual environment, which enables cyber crime. Echoing these concerns, Richard Pharro, CEO of APM Group explores what a “proactive” cyber sector should look like and whether offensive measures by the industry can help in targeting the underlying causes of cyber risk. “Cyber security professionals across the information assurance industry will confirm that the drumbeat of cyber attacks has increased. Not only are cyber…
Intel Security Quiz Showcases Challenges in Distinguishing Legitimate Emails from Phishing Emails Intel Security released the findings of its phishing quiz which tested consumer knowledge of, and ability to detect, phishing emails. The quiz presented ten emails compiled by Intel Security and asked respondents to identify which of the emails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3% were able to correctly identify every example correctly and 80% of all respondents misidentified at least one of the phishing emails, which is all it takes to…