Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Top Posts
15 Schools Hit By Cyberattack In Nottinghamshire
Qualys Hit With Ransomware And Customer Invoices Leaked
Experts Reaction On PrismHR Hit By Ransomware Attack
Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is...
ObliqueRAT Trojan Lurks On Compromised Websites – Experts...
Microsoft Multiple 0-Day Attack – Tenable Comment
Experts Reaction On Malaysia Airlines 9 Years Old...
IoT Security In The Spotlight, As Research Highlights...
Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber...
Expert Reaction On Solarwinds Blames Intern For Weak...
Information Security Buzz
Connecting Security Experts
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Expert(s): November 30, 2020
Tom Davison
EMEA Technical Directorfeature_status*/ ?>
Lookout

Comments Dotted : 5
December 18, 2020

Massive Fraud Operation Facilitated By Evil Mobile Emulator Steals Millions From Banks

Customer education helps, but it is also critical to employ run-time application security to spot infected customer devices.
This attack demonstrates the extraordinary lengths that today's well funded and professional cybercriminal groups will go to when the end justifies the means. Mobile devices present a multiplier effect as they become the mainstream platform for online banking. Consumer users need to protect themselves by understanding that mobile devices are not immune. It really is important to keep them updated, but also to verify the safety of installed apps and the validity of links being clicked. Most.....Read More
This attack demonstrates the extraordinary lengths that today's well funded and professional cybercriminal groups will go to when the end justifies the means. Mobile devices present a multiplier effect as they become the mainstream platform for online banking. Consumer users need to protect themselves by understanding that mobile devices are not immune. It really is important to keep them updated, but also to verify the safety of installed apps and the validity of links being clicked. Most attacks start with phishing and at Lookout, we saw a 37% jump in mobile phishing in Q1-2020 alone. Mobile security is needed to mitigate that. For the banks, the challenge comes from the huge range of devices being used to access their services which are not under their control. These may be insecure or already compromised. Customer education helps, but it is also critical to employ run-time application security to spot infected customer devices and block the opportunity for fraud.  Read Less
Like(0)  (0)

Linkedin Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Customer education helps, but it is also critical to employ run-time application security to spot infected customer devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/massive-fraud-operation-facilitated-by-evil-mobile-emulator-steals-millions-from-banks

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Customer education helps, but it is also critical to employ run-time application security to spot infected customer devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/massive-fraud-operation-facilitated-by-evil-mobile-emulator-steals-millions-from-banks

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 26, 2020

Mobileiron Vulnerability Used By State-backed Hackers To Break Into Networks – Experts Insight

Mobile Device Management servers are by definition reachable from the public internet making them opportune targets.
The interesting story here is the assertion by cybersecurity agencies in the UK (NCSC) and the US (NSA) that nation-state APT groups are actively exploiting these vulnerabilities, five full months after patches were issued. Mobile Device Management servers are by definition reachable from the public internet making them opportune targets. Offering a gateway to potentially compromise every mobile device in the organisation, the attraction to attackers is clear. This highlights not just the.....Read More
The interesting story here is the assertion by cybersecurity agencies in the UK (NCSC) and the US (NSA) that nation-state APT groups are actively exploiting these vulnerabilities, five full months after patches were issued. Mobile Device Management servers are by definition reachable from the public internet making them opportune targets. Offering a gateway to potentially compromise every mobile device in the organisation, the attraction to attackers is clear. This highlights not just the importance of patching open vulnerabilities, but also the criticality of having a dedicated mobile security capability that is distinct from device management infrastructure.  Read Less
Like(1)  (0)

Linkedin Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Mobile Device Management servers are by definition reachable from the public internet making them opportune targets...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/mobileiron-vulnerability-used-by-state-backed-hackers-to-break-into-networks-experts-insight

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Mobile Device Management servers are by definition reachable from the public internet making them opportune targets...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/mobileiron-vulnerability-used-by-state-backed-hackers-to-break-into-networks-experts-insight

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
October 27, 2020

European IT Giant Sopra Steria Hit By Ransomware, Portions Of Network Encrypted – Experts Insight

The best defense is to keep systems patched and use security tools that can take advantage of huge datasets.
Cybercriminals are constantly iterating to evade detection and take advantage of new vulnerabilities. As a result, new variants of known malware are not uncommon, they may even be specifically crafted for the intended victim. The best defense is to keep systems patched and use security tools that can take advantage of huge datasets. This allows for proactive and ongoing identification of rogue behaviors rather than a reliance on specific signatures. The more data you can analyze the more.....Read More
Cybercriminals are constantly iterating to evade detection and take advantage of new vulnerabilities. As a result, new variants of known malware are not uncommon, they may even be specifically crafted for the intended victim. The best defense is to keep systems patched and use security tools that can take advantage of huge datasets. This allows for proactive and ongoing identification of rogue behaviors rather than a reliance on specific signatures. The more data you can analyze the more chance there is to spot new and emerging threat variants. Equally important is the ability to respond, which requires a 'detection and response' strategy and toolkit to be in place. In this case, Sopra Steria appears to have been able to contain the situation relatively quickly and they are doing the right thing in communicating openly as the situation evolves.  Read Less
Like(1)  (0)

Linkedin Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The best defense is to keep systems patched and use security tools that can take advantage of huge datasets. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/european-it-giant-sopra-steria-hit-by-ransomware-portions-of-network-encrypted-experts-insight

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The best defense is to keep systems patched and use security tools that can take advantage of huge datasets. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/european-it-giant-sopra-steria-hit-by-ransomware-portions-of-network-encrypted-experts-insight

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 07, 2020

Android Phone Users Targeted By Latest Anubis Banking Trojan Campaign – Expert Reaction

To protect against mobile phishing requires mobile endpoint security on the device itself.
Firstly organisations need visibility into potentially vulnerable Android Operating System versions and risky configurations for all devices accessing business data. By taking an active approach to mobile vulnerability management, enterprises can reduce the potential attack surface. Secondly, employees need to be aware of the dangers and prevalence of mobile phishing attacks. Lookout has observed that 1 in 50 mobile devices in the enterprise encounters a phishing attempt daily. Phishing.....Read More
Firstly organisations need visibility into potentially vulnerable Android Operating System versions and risky configurations for all devices accessing business data. By taking an active approach to mobile vulnerability management, enterprises can reduce the potential attack surface. Secondly, employees need to be aware of the dangers and prevalence of mobile phishing attacks. Lookout has observed that 1 in 50 mobile devices in the enterprise encounters a phishing attempt daily. Phishing attacks may target credential theft, or as in this case, attempt to persuade users to install additional malicious applications. With over 83% of phishing attacks coming outside of email, it is not enough to rely on traditional email security. To protect against mobile phishing requires mobile endpoint security on the device itself. This can also keep employees safe from harmful apps and compromised WiFi networks. In addition, employees can limit their own exposure by always installing the latest OS patches, keeping apps up to date, and only installing apps through reputable app stores. When protecting BYOD devices, organisations should look into Mobile Threat Defense solutions that can balance the need for user privacy with the right level of enterprise security. This differs from the traditional approach whereby organisations would try to actively manage all user devices, often seen as intrusive and limiting by employees. Today it is possible for organisations to deploy non-invasive security that protects user privacy and freedom of use, while still ensuring that only secure devices gain access to corporate data.  Read Less
Like(0)  (0)

Linkedin Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"To protect against mobile phishing requires mobile endpoint security on the device itself. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/android-phone-users-targeted-by-latest-anubis-banking-trojan-campaign-expert-reaction

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"To protect against mobile phishing requires mobile endpoint security on the device itself. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/android-phone-users-targeted-by-latest-anubis-banking-trojan-campaign-expert-reaction

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
October 07, 2019

Comments: New WhatsApp Malicious GIF Image Flaw

It is critical that users update both device operating systems and mobile apps.
Vulnerabilities in mobile operating systems and mobile apps provide the opportunity for attackers to gain persistence on the device, install further malware and leak data. This is the second vulnerability affecting WhatsApp this year and Lookout frequently sees these types of flaws being exploited by attackers, one example being the Pegasus spyware developed by NSO group. It is critical that users update both device operating systems and mobile apps. Enterprise should ensure visibility into.....Read More
Vulnerabilities in mobile operating systems and mobile apps provide the opportunity for attackers to gain persistence on the device, install further malware and leak data. This is the second vulnerability affecting WhatsApp this year and Lookout frequently sees these types of flaws being exploited by attackers, one example being the Pegasus spyware developed by NSO group. It is critical that users update both device operating systems and mobile apps. Enterprise should ensure visibility into all OS and app versions in use, while having mobile security on the device as an effective mitigating backstop.  Read Less
Like(6)  (0)

Linkedin Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It is critical that users update both device operating systems and mobile apps...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/commentz-new-whatsapp-malicious-gif-image-flaw

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Tom Davison, EMEA Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"It is critical that users update both device operating systems and mobile apps...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/commentz-new-whatsapp-malicious-gif-image-flaw

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Stephen Kapp, CTO and Founder, Cortex Insight

"Updating and patching systems should be a priority for schools and mandatory for their pupils. "

15 Schools Hit By Cyberattack In Nottinghamshire

Jake Moore, Cybersecurity Specialist, ESET

"In general, malicious actors now use full-blown extortion tactics to make sure they get what they came for in attacks like this. "

Qualys Hit With Ransomware And Customer Invoices Leaked

Ilia Kolochenko, CEO, ImmuniWeb

"Qualys’s response to the incident is a laudable example of transparent and professional handling of a security incident. "

Qualys Hit With Ransomware And Customer Invoices Leaked

Natalie Page, Cyber Threat Intelligence Analyst, Sy4 Security

"Due to the nature of this organisation, PrismHR makes for an extremely valuable target to an adversary looking to extract sensitive information. "

Experts Reaction On PrismHR Hit By Ransomware Attack

Lewis Jones, Threat Intelligence Analyst, Talion

"Ransomware renders any files it touches unreadable unless, and until, a victim pays for a digital key needed to unlock the encryption on them. "

Experts Reaction On PrismHR Hit By Ransomware Attack

Stephen Kapp, CTO and Founder, Cortex Insight

"An attack like this will not only impact PrismHR but also its customers who will need access to systems in order to pay employees. "

Experts Reaction On PrismHR Hit By Ransomware Attack

Richard Walters, CTO , Censornet

"“Careless clicks sink ships.” "

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And Stronger Than Ever

Saryu Nayyar, CEO, Gurucul

"The evolution of the ObliqueRAT trojan is a good example of how malicious actors are constantly updating their tools and techniques. "

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

James McQuiggan, Security Awareness Advocate, KnowBe4

"It is essential to conduct red team or pen testing exercises. "

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

Nikos Mantas, Incident Response Expert, Obrela Security Industries

"Data security should be a priority for all organisations today. "

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

David Sygula, Senior Cybersecurity Analyst , CybelAngel

"Organisations must constantly scan for leaked documents outside the enterprise perimeter. "

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

Satnam Narang, Senior Research Engineer, Tenable

"We expect other threat actors to begin leveraging these vulnerabilities in the coming days and weeks. "

Microsoft Multiple 0-Day Attack – Tenable Comment

Sam Curry, Chief Security Officer, Cybereason

"Total transparency is needed and they need to hone in on more specific details and be completely transparent with Enrich members. "

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

Florian Thurmann, Technical Director, EMEA , Synopsys Software Integrity Group

"Your organisation won’t be able to determine which of their employees has made a given change in the system. "

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

Alan Grau, VP of IoT , Sectigo

"Best-practices for IoT device security include strong authentication and secure software updates. "

IoT Security In The Spotlight, As Research Highlights Alexa Security Flaws

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

ISB CONFERENCE

ISB Conference 2021

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel