An unidentified programmer with twitter handle leostone produce a tool that can generate the password used to decrypt a Petya encrypted computer. This is good news for Petya ransomware victims who can now unlock infected computers without paying. Here to comment on this news is Tim Stiller, Senior Systems Engineer, Rapid7. Tim Stiller, Senior Systems Engineer, Rapid7: “What is unique about Petya ransomware and this new decryption tool is the ability to recover files without paying bitcoins. Many ransomware variants go to great lengths to thwart the user from decrypting the files without paying the ransom. In Petya’s case the disk was encrypted with just a single key.…
ISB Editorial Staff
Internet browser, Mozilla FireFox, has 2,000 or more security holes that can lead to your Windows PC or Mac being infected with malware. Worse, the malware lets hackers take over your PC or Mac. Tim Erlin, Director, Security and IT Risk Strategist at Tripwire commented below: Tim Erlin, Director, Security and IT Risk Strategist at Tripwire comments: “Extensions are the apps of the browser eco-system. Ensuring that the extensions marketplace is free from malware is key to the viability of the browser eco-system. Anytime you let third-parties contribute code to your product, you’re increasing the risk that malicious code can be introduced.…
Philippines suffering its worst government data breach barely a month before its general election, here to comment on this news is security expert Jason Andrew, GM & VP at BMC Software . Jason Andrew, GM and VP EMEA, BMC Software We live in the age of ‘cyber warfare’. Today’s most sophisticated hackers don’t just have the power to steal confidential credit card details or email addresses at the click of a button, but many can hack into a country’s critical national infrastructure, infiltrate the emails of a large corporation, or even break into the highly confidential information of government departments. The threat…
Unlike physical biometrics, behaviour biometrics is the field of study to uniquely identify the individual based on his or her behavioural trait. Example of behavioural biometrics are speech patterns, keystrokes and signature. Nationwide is planning to roll-out behavioural biometrics and here to comment on this news is Barry Scott, CTO, EMEA, Centrify. Barry Scott, CTO, EMEA, Centrify “As Nationwide announce plans to roll-out behavioural biometrics as an additional security layer for its banking app, it further highlights the demise of the solitary password. Although passwords are not dead, they are quickly losing their value as a secure means of data protection. Many…
Instant messaging service Whatsapp has now announced that it will use end-to-end encryption to scramble all users’ communications and ensure they can only be decrypted by the recipient’s device. This has huge implications for intelligence agencies as we are only too aware following the FBI/Apple debate around the San Bernadino gunman’s iPhone. Indeed, public opinion is generally divided over end-to-end encryption although security experts around the world are reluctant to weaken encryption mechanisms to allow security agencies to read communications. Here to comment on this news is Richard Anstey, EMEA CTO at Intralinks. Richard Anstey, EMEA CTO at Intralinks: “This announcement by WhatsApp reflects…
Today, Rapid7 is disclosing a vulnerability discovered by James “egyp7″ Lee of Rapid7 that affects ExaGrid storage devices running firmware prior to version 4.8 P26. James discovered that an attacker can exploit these issues with common client tools: an SSH terminal client and a web browser. All that is needed are the default credentials and the ability to connect to the device over a network. Since alerting ExaGrid of these vulnerabilities, the issues have been fixed. A statement from Bill Andrews, CEO of ExaGrid, about the disclosure is below: “ExaGrid prides itself on meeting customer requirements,” said Bill Andrews, CEO of ExaGrid. “Security is…
The AP has reported that a laptop and portable hard drives stolen from the US Office of Child Support Enforcement may contain millions of kids’ names and social security numbers. The agency oversees child-support programs across the nation. Congressional representatives are criticizing Health & Human Services, and demanding action, SC Magazine reports. Here to comments on this news are security experts from Lastline and InfoArmor. Giovanni Vigna, Co-Founder & CTO, Lastline: “This incident demonstrate the need for multiple layers of defense: first, physical security to tightly control access to data storage devices; second, access should be revocable — which happens very seldom because…
Security expert, Paul Farrington commented here on the news that the National Childbirth Trust (NCT) has been hit by a data breach, Paul Farrington, Senior Solution Architect at Veracode: “Cybercriminals are relentless and today’s attack on expectant parents proves they’ll stop at nothing to obtain confidential personal data, under any circumstances. Charities and healthcare organisations are seen as as a soft target given the sensitivity of the data they hold and their perceived ability to protect information assets. We have seen a number of high profile hospitals held to ransom with malware in the US in recent days. The reality is that every sector needs to take cyber…
Code-sharing site GitHub has suffered a major service outage, but the cause is still unknown. Security expert Travis Smith commented below. Travis Smith, Senior Security Research Engineer at Tripwire comments: “While a drop in service such as this may be attributed to an operational malfunction internally at GitHub, it can’t be ruled out that this was a targeted attack. Due to the popularity of the service, it’s difficult to determine the motive of the attack. Not only could this be an attack against GitHub, but also an attack against any number of their customers who leverage GitHub’s service in production environments. By…
Malware continues to become a growing and increasingly costly risk to mobile users today, with one in every 30 mobile browsing transactions, and one in every seven mobile app sessions proving to be potentially harmful. In fact, roughly 5.9 percent of subscribers encounter a risky website every day and are transmitted through URLs and mobile apps that mobile users access daily according to our recent research. Even more concerning is that teens and children populations are especially vulnerable as the proliferation of mobile devices, online and app activity increase dramatically. And because mobile is ingrained in all we do and…