In New ESG Study, IT Professionals Cite Escalating Security Vulnerabilities and Operational Issues; Say Securing the Browser is an Administrative Nightmare Spikes Security [1], the isolation security company, today announced findings of a new survey of IT and information security professionals, commissioned by Spikes Security and conducted by The Enterprise Strategy Group, Inc. (ESG) to assess cybersecurity risks related to web browsers, and organizational strategies to address them. “The State of Browser Security” examines the cybersecurity risks and the impact of breaches associated with commonly-used web browsers, which are compounded by ineffective policies that put too much freedom and control…
ISBuzz Team
Survey reveals that while usage is high, companies still not leveraging Office 365 for sensitive data A provider of dynamic, context-aware network, application and content security solutions, today revealed the results of a Microsoft® Office 365 and SharePoint survey conducted with TechValidate. The survey addressed how organizations are utilizing Office 365 and SharePoint, what applications they are using from the platform, where they have limitations, and how organizations perceive the security of Office 365 for controlling sensitive data. Key findings show that a majority of respondents are utilizing Office 365 for its ability to universally connect employees, but that there are…
This problem is spreading across the organisation as 80% of users failed to detect at least one of seven phishing emails. According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time. This is among one of the key findings featured in Harpooning Executives: How Phishing Evolved into the C-Suite, a joint eBook written by Intermedia and Intel Security. This eBook highlights how phishing has evolved into “whaling” and why executives are optimal targets. Phishing and spear phishing have become increasingly popular attack strategies. Today’s cyber…
ESET researchers uncovered a family of Linux malware named Linux/Mumblehard that stayed under the radar for more than 5 years, targeting mainly web servers. Monitoring of the botnet suggests that the main purpose of Mumblehard seems to be to send spam messages by sheltering behind the reputation of the legitimate IP addresses of the infected machines. During the first week of April, more than 3,000 machines were affected by Mumblehard. The number of infected hosts is slowly decreasing, but the overall view shows that infection happens at specific times and that the botnet size has doubled over a 6-month period.…
What you need to know right now to protect your site and customers from the Magento flaw Imagine you owned a grocery store and someone simply walked into it, appointed himself manager and then used his newfound authority to help himself to customer credit card information and even change the prices of items. It’s such a seemingly unrealistic situation it borders on unfathomable, right? And yet, nearly 100,000 stores all over the world found themselves facing this exact threat this week. Magento is the number one open-source content management system for e-commerce websites. That means that when a vulnerability was…
London’s Borough Councils questioned on their backup and DR policies for electoral data Although all London councils have disaster recovery procedures in place, nearly half of them (40%) have not tested them in the last 12 months, according to an FOI request from disaster recovery specialists Databarracks. The FOI requests were sent to all London Boroughs, the majority of which obliged with details on their business continuity practices, specifically in relation to electoral data. Managing Director of Databarracks, Peter Groucutt, says that 40% is an alarmingly high number to have forgone testing, especially considering the election later this week: “It’s…
Point of sale credit card data breaches are again in the headlines. The Hard Rock Hotel & Casino this weekend finally admitted to a previous data breach and a new Sally Beauty retail breach, the second this year, was reported by Brian Krebs. Experts from Tripwire and HP Security Voltage commented on these Latest Retail Data Breaches. Ken Westin, senior security analyst, Tripwire (www.tripwire.com): The fact we continue to see retail breaches even after some of the mega breaches over the past year indicates two things. First, attackers are adapting their methods and the sophistication of their tools. Second, many retailers have yet to…
C-level executives at Fortune 500 firms less confident in cyber security risk presentations for boards than IT professionals Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, announced the results of a study conducted by Dimensional Research on improving the cybersecurity literacy of Fortune 500 boards and executives. The study examined corporate executives’ view of cybersecurity risks, as well as measured their confidence and preparedness in the event of a security breach. Study respondents included 200 business executives and 200 IT security professionals at U.S. companies with annual revenues of more than $5 billion. Key findings…
Best Practices to Mitigate Insider Threats – An Insider’s Viewpoint While you’re standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it’s someone truly malicious, like a spy. Maybe it’s someone pilfering for profit, the modern equivalent of someone stealing office supplies. Either way, the threat from trusted insiders is real: According to “Insider Threats and the Need for Fast and Directed Response,” a new survey from the SANS Institute, about a third of organizations have confirmed experiencing insider misuse incidents. Another recent report,…
Secunia, a leading provider of IT security solutions for vulnerability management, today published its latest batch of country reports for a total of 15 countries, including the US. The data in the US report shows that unpatched, vulnerable PDF readers are a big security issue for private PC users; that 14% of PC users in the US (up from 12.9% last quarter) have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks. The country report documents the state of security among PC users in the USA, based on data…