MedStar Health, the largest healthcare provider in Maryland and Washington, D.C., was forced to disable its network after an alleged ransomware attack infected several systems. Here to comment on this news is Wolfgang Kandek, CTO, Qualys. Wolfgang Kandek, CTO, Qualys: Ransomware is quickly becoming a significant threat to the availability of the IT infrastructure of organizations of all industry areas and sizes. In order to minimize the susceptibility to ransomware, IT managers need to harden their users’ workstations as these are the main targets of the attacks. Ransomware gets on the user’s system through two major vectors: Vulnerabilities: for example,…
Author: Information Security Buzz Editorial Staff
Hackers were able to infiltrate an ICS/SCADA system at a water treatment plant and altered crucial settings that controlled the amount of chemicals used to treat tap water according to Verizon’s 2016 Data breach Digest. Along with outdated computers, the system was exposed to the Internet because traffic was routed through a Web server where customers could check their monthly water bill. Here to comment on this news is Monzy Merza, Splunk’s Director of Cyber Research & Chief Security Evangelist and Lamar Bailey, Senior Director of Security R&D for Tripwire, Monzy Merza, Splunk’s Director of Cyber Research & Chief Security Evangelist: “Dedicated…
USB Thief, a new threat to data, is capable of stealthy attacks against air-gapped systems and also well protected against detection and reverse-engineering. ESET researchers have discovered a new data-stealing Trojan malware, detected by ESET as Win32/PSW.Stealer.NAI and dubbed USB Thief. This malware exclusively uses USB devices for propagation, without leaving any evidence on the compromised computer. Its creators have also employed special mechanisms to protect the malware from being reproduced or copied, which makes it even harder to detect and analyze. “It seems that this malware was created for targeted attacks on systems isolated from the internet,” comments Tomáš Gardoň, ESET…
Following the news that Google has published a list of certificate authorities that it doesn’t trust, Brian Spector, CEO at MIRACL, comments: “The fact that Google needs to keep a log of all the dodgy certificates out there shows just how prevalent this problem really is. As we have seen time and time again, any determined and well funded attacker can keep trying the myriad of commercial certificate authorities until one with lax controls issues a legitimate code signing certificate. It’s great to see Google making such efforts to protect users. But despite their best intentions, this latest initiative is…
A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, including health care organizations, Network World is reporting today. The new ransomware program, dubbed PowerWare, is being distributed to victims via phishing emails containing Word documents with malicious macros, an increasingly common attack technique. The Phishing attack is described as being disguised as an “invoice” and has targeted an unnamed healthcare org. Here to comments on this news are security experts from InfoArmor, Lastline,Proficio and VASCO Andrew Komarov, Chief Intelligence Officer, InfoArmor: Windows PowerShell is actively used not just in ransomware, but in many malware samples related to cyber…
In an episode of the TV show “Sherlock,” a pair of bad guys die in a crash after a hacker takes complete control of their car. In an episode of “Homeland,” the vice president is assassinated with his own pacemaker when a cyberattacker takes control remotely and stops his heart. On “CSI: Cyber,” a hacker infiltrates a navigation app, directing victims to areas where they get robbed. These scenarios are no longer just the stuff of Hollywood writers’ overimagination. As our lives become increasingly digitized and connected through the Internet of Things (IoT), those kinds of hacks are becoming more…
The world has been talking about “mobile payments” for years, but the phrase means different things to different people. So what exactly are mobile payments? And how much more mobile than cash or cards can payments actually get? Some people believe that mobile payments are those made using mobile phones. Others, myself included, understand the phrase to mean the most mobile, cash-independent payment method possible—although I consider cash to be more mobile than many other forms of payment. But let’s leave those alone for the moment. The second most mobile payment type is the credit card: electricity doesn’t always work,…
Following the news that an ex-Ofcom employee has stolen and shared confidential company data with his new employer, here to comment on this news is Christine Andrews, Managing Director of DQM GRC, which provides research and insight into how companies can prevent this threat in the future. Christine Andrews, Managing Director of DQM GRC The news brought to our attention that an ex-Ofcom employee has stolen a considerable amount of confidential corporate data in order to win favour with his new employer. Unfortunately, this is an incredibly common, and serious, threat to businesses today. According to research a quarter of employees…
I clearly remember the first time I saw a computer. Someone was playing a video game called Demo Rush 3 at a church. I remember staring at him, not understanding what he was doing. I couldn’t help but wonder how the game actually worked. This fleeting, early moment ignited a passion in me that was to inspire one of my life’s defining journeys. To relate this story, allow me to go back to the beginning. My father died when I was a young boy, and it was decided early on that my siblings and I would move to a village…
Tripwire, Inc., a leading global provider of endpoint protection and response, security and compliance and IT operations solutions, today announced the results of an extensive study conducted by Dimensional Research and Tripwire’s Vulnerability and Exposure Research Team (VERT) on the state of enterprise patch management. The study evaluated the attitudes of over 480 IT professionals involved in patch management and assessed enterprise patch volume and installation trends. Patch management plays a critical role in minimizing security risk for enterprise information technology systems. However, according to Tripwire’s study, half of the respondents admitted there are times their teams struggle to keep…
