The Department of Homeland Security (DHS) recently issued an alert warning government agencies, network infrastructure managers and networking vendors about the more advanced techniques of cybercriminals, and how an attack can wreak havoc on a network infrastructure. The alert focuses on firewalls and routers, and advises that “[p]rotecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.” Anyone who is tasked with protecting an enterprise network knows all too well that attackers attempting to breach security infrastructure will always look for vulnerabilities in the system as a quick and easy…
Author: Information Security Buzz Editorial Staff
Recent Mirai botnet foreshadows DDoS threats growing in size, scale and complexity in the coming year; businesses and governments to take heed due to increasing vulnerabilities in IoT Infrastructure London, UK. Large terabit-scale DDoS attacks will continue to wreak havoc and become a regular occurrence in 2017 unless Internet Service Providers harden their DDoS defenses, according to 2017 predictions from Corero Network Security (LSE: CNS), a leading provider of real-time security solutions against DDoS attacks. With 2016’s rear-view mirror showcasing significant new high-volume attacks, Corero’s threat predictions for 2017 include: Terabit-scale attacks to become the new norm, impacting ISPs and the Internet backbone…
Imperva Hacker Intelligence Initiative report reveals Phishing-as-a-Service campaigns cost less to execute and are twice as profitable as traditional campaigns Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today released its new Hacker Intelligence Initiative (HII) Report: Phishing made easy: Time to rethink your prevention strategy? In the report, researchers at the Imperva Defense Center expose how cybercriminals are lowering the cost and increasing the effectiveness of phishing by leveraging compromised servers and turnkey phishing services, which are the key drivers of the overall increase in phishing attacks. The 2016 Verizon Data Breach Investigations Report (DBIR) shows…
Three-Year Growth Rate of 138% Earns Deloitte Honor LONDON. Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today announced that it has been named in the 2016 Deloitte Technology Fast 500 list as one of the fastest-growing technology, media, telecommunications, life sciences and energy tech sector companies in North America. Propelled by its success in preventing inside and outside attackers from stealing and corrupting sensitive files and email traffic, Varonis had a three-year revenue growth rate of 138%, having grown from $53 million in 2012 revenues to $127 million in 2015 revenues. Yaki…
Google last week announced a new service aimed at continuously testing open-source software projects for security vulnerabilities. Called OSS-Fuzz, it is currently available in beta for a select number of open-source projects, which have either been deemed critical to global information technology infrastructure or have a very large user base. Open source security team at experts Black Duck commented below. Open Source Security Team at Experts Black Duck: “OSS-Fuzz is a great new resource for the open source community to improve the quality of their components and identify vulnerabilities very early. One outcome of this effort will be to increase user confidence in both open…
Facebook, Microsoft, Twitter and YouTube have teamed up to share their expertise spotting terrorism-related content, in order to crimp its spread. IT security experts from Lieberman Software, AlienVault, ESET and Comparitech.com commented below. Philip Lieberman, President at Lieberman Software: “This is a positive step for civilization, but where is the concurrent support of Google, Yahoo and other search engines that provide index to this content?” . Javvad Malik, Security Advocate at AlienVault: “This news is no big surprise. In today’s connected world, it is near impossible for companies, no matter how large, to single-handedly detect and respond to all threats. Whether these threats relate…
During this election cycle CyberSecurity took center stage. While so much attention was focused on the “400-lb hacker” and external threats from Russia and China–the reality is that according to recent reporting, 90% of organizations experience at least one case of insider threat each month. That’s a sobering statistic that no one wants to see escaping the four walls of the next SecOps meeting. As security professionals we are all concerned about the growing cases of insider threats within our organizations, whether well-intended mistakes or mal-intended attacks for personal gain. It is paramount that we address four key challenges that…
A former Expedia IT professional has admitted to illegally trading on secrets he discovered by hacking his own company’s senior executives. Jonathan Ly stole passwords and infiltrated devices belonging to Expedia’s CFO and head of investor relations, which enabled him to make a series of stock option trades that earned him $331,000. Prosecutors say that, between 2013 and 2016, Ly exploited his ability to remotely access electronic devices used by Expedia execs to access documents and emails containing confidential information. Rob Sobers, Director at Varonis commented below. Rob Sobers, Director at Varonis: “Theft of sensitive information and intellectual property at the…
While we have all been enjoying a life online, an awkward truth threatens to wreck everything. It is this: a password is the same irrespective of who enters it. This means that when an organisation asks for passwords or other ‘memorable’ information for verification purposes, it is unable to tell the difference between their customer and an impostor. So why do organisations persist in asking their customers to do something that a fraudster can also do? Since ancient times passwords have played a role in keeping the enemy from the gates and telling friend from foe. The first use of…
Details of more than 85 million users of video sharing site Dailymotion have been hacked, according to Leakedsource. The breach detection company said 85.2 million usernames and email addresses and 18 million scrambled passwords had been stolen on 20 October. IT security experts from Proofpoint, Varonis, NuData Security and Rapid7 commented below. Sherrod DeGrippo, Director, Emerging Threats at Proofpoint: “Any login/password database can be sold for use as lures in email malware campaigns. Using this type of information to personalize emails that also contain malware and links to malware is a tactic we see every day and is very popular. Malware actors can…
