The new Android Security Report shows that 29% of Active Devices are not up to date and therefore are vulnerable to malware. IT security experts from Proofpoint, ESET, MWR Infosecurity and Tripwire provide insight into the problem: David Jevans, VP Mobile Security, Proofpoint: “These 400 million devices will likely never be updated, as the carriers are no longer pushing updates to older versions of Android. They are all vulnerable to attacks that allow apps to take over the device such, as the new vulnerability that was fixed by Google in March 2016. The Google security advisory can be found here. Consumers with…
ISB Editorial Staff
Criminal group FIN6, which targets Point of Sale systems has managed to steal data on over 20 million credit cards in one singular attack, which, when sold through its card shops, pocketed the group over $400 million, reports FireEye. Here to comment on this news is security expert Philip Lieberman, President of Lieberman Software. Philip Lieberman, President of Lieberman Software: “The revelation made by FireEye points out the critical need to advance cyber security from a passive activity of trying to detect and catch up to the bad guys, to a new approach of regularly disinfecting systems whether infections can be…
Consumers are connecting more devices to the Internet than ever before. Experts forecast that up to 200 billion “smart” devices may be connected globally by 2020. With such growth in the Internet of Things (IoT), both data collection and sharing also increase, underscoring the importance of data security considerations. In the U.S., the Federal Trade Commission (FTC) is the primary government enforcer with respect to business compliance concerning data security obligations. The FTC has the authority under the FTC Act to prohibit unfair or deceptive acts or practices in or affecting commerce. The FTC has interpreted this authority to extend…
A database reportedly containing roughly 93.4 million Mexican voter registration records was discovered on an Amazon cloud server without any password protection and includes everything from home addresses to ID numbers, a security researcher has disclosed. Here to comment on this news is Brian Spector, CEO of Miracl. Brian Spector, CEO, MIRACL: “This must be one of the largest breaches ever recorded, with potentially serious consequences for all those affected. Given that we are also on the cusp of major elections in the US and UK, we all need to sit up and take notice – this kind of personal…
For those already familiar with the function of a proxy server, there’s a good chance that the mere mention of them brings up images ranging from, that of your friendly network engineer to those of steam pumpkin inspired hackers, brandishing ridiculous looking headgear. While these two extremes are not totally incorrect, they don’t exactly represent the entirety of the spectrum either. Originally proxy servers were instrumental in allowing multiple computers on a local network, to access the Internet without their IP addresses conflicting. But the invention of an IP remapping method known as Network Address Translation, allow this capability to…
EY launched its 2016 Global Fraud Study and the findings reveal that boards could do significantly more to protect their companies from fraud and corruption. Surveying nearly 3,000 senior business leaders from 62 countries, the report suggests governments and companies need to be doing more to identify and mitigate fraud, bribery and corruption issues on a global scale. Commenting on this report, John Lord, managing director at identity data intelligence firm GBG argues that this solution to this global fraud issues lies with greater data transparency. John Lord, Managing Director, GBG “Today, those with malicious intent are not static individuals – they move around – and…
Check Point threat research for March 2016 shows mobile malware attacks moving up the index of most prevalent families attacking corporate networks and devices Check Point announced the most prevalent malware families being used to attack organizations’ networks and mobile devices globally in March 2016. Following its entry into the top ten for the time in February 2016, mobile agent HummingBad was the sixth most common type of malware attack worldwide in March. It has also entered the top ten index for the entire first quarter of 2016, despite it only being discovered by Check Point researchers in February, indicating that attacks…
2016 Trustwave Global Security Report Details Methods Cybercrime Organizations Use to Maximize Profits from Malicious Attacks Trustwave® today released the 2016 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2015. The report reveals how criminals make use of malware-as-a-service, which data they target, the most common attack methods, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals targeted, and where the majority of victims were located. It also reveals the most commonly used exploits, most prevalent malware families and more. Key highlights from the 2016 Trustwave…
As IT systems become entrenched in almost every aspect of every business (yes, I know you have a friend of a friend who does fine carpentry and takes orders on paper… but I’ll bet even he relies on some IT systems to ensure he gets paid.), the need for Security Information and Event Management (SIEM) systems becomes almost mandatory. Even a very small count of systems and technologies can quickly produce more logging information than any human can hope to, much less want to, review and process so using automated systems and even MORE computers makes complete sense. Add to…
Distributed-denial-of-service (DDoS) attacks are more frequent today than they’ve ever been, according to the latest report by Verisign. In the final quarter of 2015, DDoS attacks globally rose by 85% compared with the previous year – and 15% on the previous quarter alone. Not only that – they’re also getting more dangerous, deploying higher volumes of packets than ever before. DDoS attacks aren’t just an annoyance; they can be extremely damaging. Offline websites and networks are non-trading websites and non-operating networks, which can lead to substantial revenue losses. And they’re a more insidious form of cyberattack than you might think;…