Researchers at the University of Michigan have discovered several security flaws in Samsung’s SmartThings Internet of Things consumer platform, allowing them to hack into the platform’s automation system and gain control over a user’s home system. While they did not really reveal a lot of specific details, Craig Young, Cybersecurity Researcher for Tripwire says, “One issue might be some 3rd party apps for Android that are not properly using SSL leading to intercepted OAUTH tokens. The other aspect of this research addresses questions of developer trust as they showed that they could write a battery check app with hidden malicious…
Author: Information Security Buzz Editorial Staff
The way Dido Harding has been held to account in the wake of the TalkTalk data breach – which is reported to have cost the company up to £80 million and 100,000 customers – has shown just how important it is that the overall responsibility for an organisation’s security sits with the board, not just with the IT department. In the UK, the Government’s national cyber security strategy identifies security as a board level responsibility, citing the importance of improving cyber awareness and risk management among businesses. Everyone in a business has a role in keeping the company secure. Security should run through a company’s…
Maisto, a miniature car maker has had its website infected by malware and it is believed hackers injected it directly to the homepage through an outdated Joomla content management system. The website has been serving the Angler exploit kit which in turn installs the Cryptxxx ransomware on victim machines. Security experts from Tripwire commented below. Lamar Bailey, Sr. Director of Security R&D at Tripwire: “This highlights the continued need for Vulnerability Management and continuous updates to vulnerable software. Many companies struggle with applying security updates and installing new, more secure versions of software due to resources, business downtime, and complexity…
In a development to the news of a huge data breach at Qatar National Bank, which leaked 1.4GB of internal documents, Reuters reports that several known Qatari figures in the government and media whose names appeared on the list confirmed that their account details were accurate. IT Security experts from AlienVault, ESET and MIRACL provide insight into the attack: Javvad Malik, Security Advocate at AlienVault: “Unfortunately, this is another example of a business being completely unaware of the fact that it had been breached and masses of highly sensitive information exfiltrated. Regardless of whether the breach was caused by an…
Following the news that a water and electricity authority in the US State of Michigan has needed a week to recover from a ransomware attack, Itsik Mantin, director of security research at Imperva and Mark James, Security Specialist at ESET commented below. Itsik Mantin, Director of Security Research at Imperva: What do utility services need to do to protect themselves as ransomware and cyber attacks are becoming an ever growing threat? “Despite the controls on the perimeter and on endpoints, security officers should assume that the attacker will make it in, one way or another. Either by compromising a user’s endpoint…
Brocade today published new research conducted with independent research house Vanson Bourne looking into why and how smart organizations are maximising application performance in 2016. The full report, “Why Smart Organizations Maximise Application Performance 2016”, is available for download now. There is also a blog post from Brocade which links to the report Blog content focusing on the central themes of the research http://community.brocade.com/t5/vADC-Blog/Bridging-the-Performance-Confidence-Gap/ba-p/86298 The study was commissioned by Brocade to identify and understand the challenges that businesses face in application use; from the IT department through to end-users. Consisting of 440 interviews with IT and line-of-business (LOB) decision-makers, from organizations with…
“Keep Calm and Carry On” seems a fitting theme for the finally-published General Data Protection Regulation (GDPR) – a new European wide legislation which is designed to give individuals greater control over their personal information. However, this is only the case if you’re one of the organisations already valuing customers’ data. Unfortunately, for too long, some organisations have “presumed” consent, worked with “implied” permission, experienced data losses which have taken months to detect and report (remember Sony and Target?) and, in some cases such as TalkTalk, have been unable to properly classify which personal data has been compromised. No CEO…
Outbound Attack Simulator Uncovers80 Percent of Web Gateway Solutions Miss 80 Percent of Malicious Outbound Communication Seculert, the leader in attack detection and analytics, today announced new findings that 80 percent of secure web gateways installed by Fortune 1000 companies miss 80 percent of malicious outbound communications. The critical gaps in organizations’ defense systems were uncovered after hundreds of tests with global enterprises with the recently launched Seculert Javelin Attack Simulator, the industry’s first attack simulator for web gateways. The Seculert Javelin Attack Simulator is an easy-to-use tool that allows IT and security professionals to determine how well their secure web…
Violation of our ‘personal space’ while online is a huge concern. However, the Waze exploit is only a small issue part of a much wider concern – being tracked online. According to the ‘Are you cyber savvy?’ quiz from Kaspersky Lab, 41% of consumers are uncomfortable with websites tracking their location and online activities, yet do nothing about it. Our habitual online activities like shopping, chatting, and travelling are all recorded and stored by different services. Online merchants, for example, use consumer browsing data to tailor their ads to suit user preferences. Access counters, web analytics tools and social networks also all constantly watch Internet users,…
In response to research by Kaspersky which states that ATMs can easily be hacked by cyber criminals, Mark James, Security Specialist at ESET commented below: Why are many banks still using old models of ATMS, which lack in security? “There may be many reasons for still using the older insecure models but one of the biggest will almost certainly be cost; the sheer amount of money involved in purchasing, configuring, installing the new models and of course disposing of the old ones will be enormous. Banks will probably perceive the small risk of attack and those costs compared to replacing…
