Monthly Archives: July 2016

Panda Security

Ranking of Attacks Aimed at Businesses: Protect Your Wallet

pandasecurity-attacks-walletIn the first article of our series “Ranking of Attacks Aimed at Businesses”, we’ll introduce you to the top security threats aimed at companies and give you some tips on how you can protect yourself!

Staying up-to-date with security is an undertaking and requires effort and commitment. As technology develops and evolves, it is easy to fall behind. Cyber-criminals, on the other hand, are always ahead of the game and are constantly looking to exploit new vulnerabilities that accompany these innovations.

To protect yourself, it is extremely important to keep up with cybersecurity trends. Every year, the RSA publishes a report on the current state of cyber-crime that summarizes the hacking methods that are trending among cyber-criminals. Being aware of these trends is vital for IT security in companies. (The RSA is a group of American IT security experts that developed the RSA public key cryptography algorithm, and later renamed their computer network and security company the RSA.)

Attacking Your Wallet

Today, it is extremely easy to complete transactions on mobile devices, which is part of the reason this is an area that has quickly gained popularity among cyber-criminals.

More and more companies are setting-up services based from mobile phones. This benefits both customers (e-commerce apps, payment platforms, etc.) and employees, whose work is increasingly dependent on these devices. However, these conveniences also make everyone involved more desirable and attractive to cyber-criminals.

Although these transactions are convenient, there is a lot of fraud associated with these channels. Since mobile devices have not been around as long as other devices, like computers, security technology is not as advanced and they are usually less protected.

In 2015, the RSA detected that 45% of transactions, and 61% of fraud attempts, took place in mobile devices.

pandasecurity-attacks-wallet-2

In response to this, an interest in biometric identification systems has emerged, which identify users by analyzing some aspect of the body, or physical behavior.

There is an emerging special interest in biometric identification systems

Today, this technology can be found in facial recognition, fingerprint and iris scanners, and less commonly in voice or signature recognition. In addition, it is being investigated how other biometrics can be used for identification like our typing patterns, movement patterns, heart rate, and sweat levels.

 

According to the report of RSA, more than 90 % of banks are currently exploring the use of biometrics in their mobile applications (or intend to do so) within the next nine to twelve months. Many companies are following the same path. In fact, the future of authentication seems to be a mix of these systems with traditional ones, such as PINs and passwords.

Using a combination of both is the best option to ensure security in the future. More than one billion transactions, both online and offline, were influenced by mobile attacks in 2015.

If you want to boost your business’s cybersecurity, it is fundamental to invest in an advanced cybersecurity solution that will allow you to manage, control and protect your entire technological park from one place.

 

The post Ranking of Attacks Aimed at Businesses: Protect Your Wallet appeared first on Panda Security Mediacenter.

NVD

CVE-2016-0221

Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

NVD

CVE-2016-0346

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

NVD

CVE-2016-0359

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

NVD

CVE-2016-1328

goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a “Gateway Client List Denial of Service” issue, aka Bug ID CSCux24948.

NVD

CVE-2016-1336

goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a “Gateway HTTP Corruption Denial of Service” issue, aka Bug ID CSCuy28100.

NVD

CVE-2016-1337

Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a “Boot Information Disclosure” issue, aka Bug ID CSCux17178.

NVD

CVE-2016-1398

Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.

NVD

CVE-2016-1425

Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.