The threat landscape in 2016 is almost completely unrecognisable from that of ten years ago. Today’s landscape is populated by actors who are well resourced, highly determined and increasingly sophisticated, not to mention motivated by anything from ideology (hacktivists and cyber terrorists), geopolitical gain (state-sponsored hackers) or, most popularly, money. While there are still the worms and viruses of old popping up, most cyber criminals have all but abandoned these vectors in favour of more targeted, covert and successful attacks. Targeted attacks and Advanced Persistent Threats (APTs) first surfaced publically in around 2010, when the so-called Operation Aurora attacks on…
ISB Editorial Staff
Late yesterday (4th April), banking industry sources reported to KrebsOnSecurity that the Trump Hotel Collection appears to be dealing with another breach of its credit card systems. According to the sources, they’ve noticed a pattern of fraud on customer credit cards which suggests that hackers have breached credit card systems at some — if not all — of the Trump Hotel Collection properties. If confirmed, this would be the second such breach at the Trump properties in less than a year. Here to comment on this news is security experts from Rapid7 and Centrify. Tod Beardsley, Security Research Manager, Rapid7: “Today’s news that the Trump Collection of properties…
The US Department of Homeland Security and the Canadian Cyber Incident Response Centre have just issued (late Thursday) a joint alert following a surge in ransomware extortion attacks, including hospital attacks. Cyber security experts comment: John Gunn, VP of Communications, VASCO Data Security: “The recent increase in ransomware attacks is being driven by a proliferation in ransomware toolkits. Anyone can buy the tools to conduct ransomware attacks for as little as $100 on the dark web. It’s a numbers game – more attackers equals more victims. “The most effective defense against ransomware attacks still depends on human intelligence. People have to…
AceDeciever is a new malware discovered by researchers that is able to embark on Fairplay Man-in the middle attacks when users purchase an application from the iTunes stores. Here to comment in this news in Tim Erlin, Director of IT Security and Risk Strategy for Tripwire. Tim Erlin, Director of IT Security and Risk Strategy for Tripwire: “The security of the App Store is a cornerstone of the Apple ecosystem, but the size and success of that ecosystem makes it a popular target for attacks. Apple needs to ensure that Apps installed from their App Store are safe in order…
Researchers have turned up more than 1,400 vulnerabilities in a widespread medical product dispensing cabinet system from CareFusion, because old units are still running Windows XP. IT Security Experts from PRPL Foundation, Lieberman Software, ESET, MWR and Tripwire provide insight and advice on the issue: Cesare Garlati, Chief Security Strategist, PRPL Foundation: “With the healthcare IoT market set to be worth $117bn by 2020, according toMarketResearch.com, there’s an increasing need for manufacturers to reengineer vital systems to ensure they can’t be misused. A major factor affecting all challenges is complexity: IoT systems are extremely complex with many “moving parts.” A vulnerability that may…
In the last couple of days, some reports surfaced which linked some ransomware infections with TeamViewer. We strongly condemn any criminal activity, however, we can emphasize two aspects: (1) Up to now, none of the reported cases is based on a TeamViewer security breach (2) Some selected steps will help prevent potential abuse Ad (1.): We looked thoroughly at the cases that were reported to us. According to our investigation, the underlying security issues cannot be attributed to TeamViewer. Thus far we have no evidence that would suggest any potential security breach of TeamViewer that attackers exploit. Furthermore, a man-in-the-middle…
That the CMS Wordpress is a common choice in blog platforms everybody knows, but what we see is that this use most of the time is implemented with no security countermeasures (according to the OWASP Top Ten 2013 – The Ten Most Critical Web Application Security Risks, the category Security Misconfiguration is in the fifth position), even when the website was already compromised before. To avoid some of the threats and increase the security level we inform below some of the best practices in hardening of CMS Wordpress: Update your Wordpress Core. Use strong passwords: with letters, numbers and special…
Global law firm Mossack Fonseca has suffered a data breach of more than 11.5 million sensitive emails and documents. The company said that it has opened a full investigation and has confirmed that the breach was a result of an attack on its email server. Here to comment on this news is Luke Brown, VP and GM EMEA, India and Latam at Digital Guardian. Luke Brown, VP and GM EMEA, India and Latam at Digital Guardian “Putting aside the fact that the leaked emails and documents appear to include information about illicit operations, for the victims, a data breach of this scale could have life altering or, at the very…
The rapid development of drone technology and growing awareness of their potential threat has lead to a burgeoning drone detection market. Technology providers offer reliable detection mechanisms, but now organizations face a new challenge: How do you respond to an alert? Each drone countermeasure has its own pros and cons, and choosing the right one is no easy matter. Just as there are multiple drone detection mechanisms, there are also multiple drone countermeasures. When creating a drone response plan, organizations have to take into account legalities associated with the airspace around them, as well as the feasibility and pros and…
Kaspersky Lab today announces a new application for iOS called AdCleaner – a free extension for Safari that automatically blocks advertising banners, links and popup windows in web pages opened by the user. This makes using the mobile browser easier and more secure. Today’s mobile users are accustomed to fast Internet speeds and quick access to information, wherever they are. But sometimes, to get to the information they need, they have to spend time weaving their way through the numerous layers of advertising taking up space on the mobile device’s screen, which tend to be small enough as it is.…