When Europe’s highest court declared the Safe Harbor agreement invalid in October 2015, you could almost hear the collective gasp from U.S. companies conducting business in the European Union. U.S. businesses have enjoyed nearly unfettered access to international consumers’ data for almost two decades, and the October ruling most certainly threw a wrench in that access. Now, the E.U.-U.S. Privacy Shield aims to replace Safe Harbor, and is currently awaiting final approval from the Article 29 Working Party. Thus far, the Privacy Shield has elicited great criticism, as reviewers still feel it’s not strict enough. Compared with Safe Harbor, the…
Author: Information Security Buzz Editorial Staff
Necessity is the mother of invention, and with new breaches reported on a near-daily basis, the evolutionary arms race between hackers and cyber-defenders has led to the rapid disruption of the traditional managed security service provider (MSSP) market. As vendors scramble to stay relevant, this has led to a sea of sales messages and acronyms – including the advent of ‘EDR and proactive threat hunting’. Breaking this down, we have EDR (Endpoint Detection and Response), the word proactive (the mainstay of copyright teams globally), and threat hunting (why wouldn’t you want that) … but marketing aside, what does this actually…
Should be “Shot at sunrise” is the opinion of U.S. politician Michael C.Burgess, the representative for Texas, when talking about the cybercriminals who distribute ransomware that victimizes consumers and businesses. Ransomware, malicious software designed to block access to a computer system until a sum of money is paid, and the use of exploit kits to distribute it, are adding new challenges to threat detection and protection. And now Angler, an exploit kit, which has been a known Internet threat since 2013, is being used to distribute ransomware. With the sole intent of installing ransomware on victim’s machines. Our AVG Web…
As the workforce becomes more mobile and more critical enterprise applications are hosted in the cloud, identity and access management (IAM) grows increasingly important to help assure secure remote access to organizations’ web applications and data. When employees move around from network to network and repeatedly swap devices, their risk characteristics change. Currently, we take a binary approach to IAM, where access is granted or denied, and it’s no longer sufficient. Web-based applications and enterprise mobility usher in new risks, but there are business benefits to keep in mind: employees are likely to be more productive – from any location – and responsive to…
On 8-9 September, OASIS will host Borderless Cyber Europe 2016 at the European Commission Headquarters in Brussels, Belgium. The excitement for this year’s event has been growing since OASIS first launched its Borderless Cyber brand last year in Washington, DC. Dr. Robert W. Griffin, chief security architect at RSA, isn’t surprised. For him, such anticipation naturally accompanies the reputation OASIS has built for itself in the advancement of open standards for information society: “At OASIS’s 2015 event, Pierre Guislain, Senior Director at the World Bank, praised OASIS for bringing together security professionals and encouraging them to collaborate. OASIS has accomplished…
Without commenting on the geopolitical aspects of this, this is another demonstration of the need for international cooperation against cybercriminals and attacks like this. The financial community knows no boundaries, and funds can be transferred/stolen within seconds. Without cooperation, identifying the perpetrators can be next to impossible. Smaller banks and financial institutions may lack the sophisticated network and security architecture of larger institutions, and also possibly the security staffing expertise. They potentially should be looking at SaaS solutions where someone else worries about the software. Banks need to look at acquiring solutions that have DLP capabilities and then need to…
Following the huge debacle related to the LinkedIn data breach that came to light last week, Microsoft’s Identity Protection team has decided to ban the usage of common or simple passwordsthat may be easy to guess or have already appeared in breach lists. Security Experts from Lieberman Software and MIRACL discuss whether this is a good move. Jonathan Sander, VP of Product Strategy at Lieberman Software: Microsoft analyzing passwords to keep a dynamic list of password values too weak to use safely is excellent for everyone. The ineffable beneficiaries are those using Microsoft services life Azure AD, but hopefully they will…
With cyber security expected to top $101 billion by 2018, the tendency for data centre managers to focus on updating cyber security practices is understandable, especially as technology and threats are ever changing. Moving the focus to cyber security should not be done at the expense of physical security, says colocation provider, according to Greg McCulloch, CEO of Aegis Data. Physical security is still a vital factor that must be taken into account, especially during the development phase. Data centre operators must find a fine balance when it comes to security spending between physical and cyber security. A cyber attack…
News has surfaced that the US nuclear weapons force in the Pentagon is still relying on 1970s technology, including floppy disks and an IBM Series-1 computer. A spokesperson from the Pentagon said that the floppy drives are scheduled to be replaced in 2017 and that the reason the whole system had not been replaced sooner was because “in short, it still works”. Wieland Alge, VP & GM EMEA at Barracuda Networks points out that there are in fact lots of industrial organisations that are still using retro technologies, and they are secure as long as the legacy devices are not connected to any…
ESET LiveGrid® telemetry shows a spike in detections of the JS/Danger.ScriptAttachment malware in several European countries. The most notable detection ratios are seen in Luxembourg (67%), Czech Republic (60%), Austria (57%), Netherlands (54%) and the United Kingdom (51%), but also in other European states. After delivery of an email attachment is opened, the threat behind these detections is designed to download and install different variants of malware to victims’ machines. If the user falls for the scam, JS/Danger.ScriptAttachment tries to download other malicious code, the majority of which consists of various crypto-ransomware families such as Locky. A detailed description of how Locky…
