SportPursuit being hit by hackers over the Easter weekend and potentially losing customers’ bank card details. Here to comment on this news is security expert Jason Andrew, GM & VP at BMC Software. Jason Andrew, GP and VP EMEA, BMC Software “What this news reinforces is that robust cyber security should not be a ‘bolt-on’ or afterthought for businesses today. Organisations can no longer afford to walk a fine line with protecting confidential customer data. Even attempted data breaches of this nature have the alarming potential to compromise both corporate reputation and customer trust in one fell swoop. There is simply too much at stake if…
Author: Information Security Buzz Editorial Staff
Linux/Remaiten combines capabilities of two previous versions of bots and adds a unique spreading mechanism able to infect embedded devices. ESET researchers have spotted a new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks. The remastered malware has been dubbed “KTN-Remastered” or “KTN-RM”, with three versions of Linux/Remaiten already identified by ESET researchers. Based on artifacts in the code, the main feature of the malware is an improved spreading mechanism. Based primarily on Linux/Gafgyt’s telnet scanning, KTN-RM improves on that spreading mechanism by carrying downloader executable binaries for…
FBI has found a way to unlock the iPhone of the San Bernardino gunman without Apple’s help. As this development confirms there is a vulnerability “in the wild” that Apple does not know about, there is a risk that hackers may exploit this vulnerability. Paul Henry, IT Security Consultant for the Blancco Technology Group, has therefore studied how Apple’s security was likely bypassed and provided the following advice to iPhone users looking to minimise their exposure to this threat. Paul Henry, IT Security Consultant, Blancco Technology Group: While we do not know the exact technical details of exactly how the…
Over two-thirds of companies prefer to bank with a provider who has a solid security reputation, according to a Kaspersky Lab survey. Those banks that make security a priority and take every effort to ensure measures are in place to safeguard against online financial fraud will have an advantage, when it comes to retaining existing customers and reaching new ones. The research found that nine out of ten (94 per cent) companies now use online banking in their day-to-day operations. The ability to use banking services without needing to physically visit a bank gives a lot of advantages, including improving…
De La Rue, the company that prints the British passports and banknotes, has announced it is hoping to create new digital passports that can be used at immigration, reports the Daily Mail. IT security experts from Proofpoint, ESET and Tenable discuss the security issues of this plan: David Jevans, VP of Mobile Security at Proofpoint: “Digital passports on your phone will require new hardware on the device in order to securely store the electronic passport so it cannot be copied from the phone. It will also have to be communicated wirelessly to passport readers, because doing it onscreen like an airline…
In a new twist to the FBI vs. Apple story, Apple has announced they will be handing over encryption key management to its users, making it more difficult for Government agencies to access iCloud data. Here to comment on this story is Brian Spector, CEO of MIRACL. Brian Spector, CEO of MIRACL: There are no winners here. Six weeks of discussion have led to a widespread iPhone hacking challenge which clearly demonstrates the resources and actors available to bypass current security protocols, and leaves us all more exposed. The truth is that any technology with a single point of compromise is vulnerable…
Notes from the Battlefield: Cybercriminals vs. Business Travelers and How to Keep Your Data Safe It used to be that a business trip was just a business trip, complete with pay-per-view TV in bed, tiny bottles of shampoo and room service for anyone feeling extravagant. Yet in today’s era of global business travel, mobile devices, and ever-more-sensitive digital data, a seemingly innocuous stay in a hotel could result in disastrous security breaches for business travelers and the companies they represent. What are the security concerns currently affecting executive travelers, and how did they creep undetected into the hospitality industry to…
The kerfuffle over naming of vulnerabilities like Badlock and ShellShock misses the mark on why this is a good thing for the industry. Given the sheer volume and scale of the application security problem companies face today, anything that draws attention to the seriousness of the state we’re in is a good thing. I’d argue that the moniker ‘Heartbleed’ created so much buzz that it forced companies to evaluate their own exposure because Boards and senior management had heard of it and were asking. Would the same be true if it were simply known as CVE-2014-0160? Of course, we don’t…
Businesses are facing substantial risks to their finances and data as cyber criminals use information from social media and company websites to target employees in sensitive roles, according to new research. The new “social engineering” threats are posed by criminals who combine digital skills with traditional kinds of deception such as pretext phone calls. In Great Britain, 61% of business leaders are now aware of the threat posed by social engineering attacks to the business they work for, 62% of businesses issue guidance to staff on both digital security and what kind of personal information to put online and 41%…
Major web browsers are to consider blocking the cryptographic hash function Secure Hash Algorithm (SHA)-1 from as early as June this year as it becomes increasingly vulnerable to forgery attacks. In light of this Oscar Arean, technical operations manager of disaster recovery provider Databarracks, advises businesses to act now in order to protect customer data. The SHA algorithm was developed by the US National Institute of Standards and Technology (NIST) to be used when digitally signing signatures. In effect, it acts as a ‘fingerprint’ making it easy to tell if a document has been modified. Until recently, many believed the complex algorithm would…
