Category: Information Security Buzz

Global security & privacy leader Avast has uncovered that Pro-Russia hacktivist group NoName057(16) is conducting a campaign of Distributed Denial of Service (DDoS) attacks on Ukraine and NATO organisations, which began in the early days of the war in Ukraine. Targets have…

Read more →

The race in quantum cryptography is on and people from all walks of life whether academics, business or industrialists, are going to be affected by it. The centuries old approach of encryption still holds importance while communication channels has advanced…

Read more →

The bulk of Cacti servers that are accessible via the internet has not been updated to address a severe security flaw that was just patched and is currently being actively exploited. Censys, a platform for managing attack surfaces, reports that…

Read more →

Prestigious social media platform and the latest internet giant TikTok have received a warning for breaking cookie consent requirements. According to France’s data protection regulators, TikTok UK and TikTok Ireland have been fined over €5.4 million by France’s data protection…

Read more →

The United Nations is holding its first ever global cybercrime treaty this week. The 4th round of this hearing is scheduled this January from 9 – 20 January. The focus of the hearing is “state response to cybercrime ” and…

Read more →

Unknown attackers used a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks on government organizations and government-related targets, according to Fortinet. The exploited security issue (CVE-2022-42475) is a heap-based buffer overflow vulnerability found in the FortiOS SSLVPNd that allows…

Read more →

MetaMask, a cryptocurrency wallet provider, is alerting customers about a new fraud known as ‘Address Poisoning,’ which involves tricking users into sending payments to a scammer rather than the intended receiver. When MetaMask users send or receive cryptocurrency, the transaction…

Read more →

It has been reported that the Royal Mail, a primary postal service in the United Kingdom, has been hit by a cyber-incident. The company has advised customers to stop sending items overseas while it works to resolve the issue. In…

Read more →

In an unexpected turn of events, the Federal Aviation Administration (FAA) suspended all outgoing aircraft in the United States this morning. The cause of the grounding is currently unknown, with flights now resuming but with no clear explanation as to…

Read more →

It has been reported that the Royal Mail, a primary postal service in the United Kingdom, has been hit by a cyber-incident. The company has advised customers to stop sending items overseas while it works to resolve the issue. In…

Read more →

According to Comparitech’s worldwide ransomware tracker, 2022 saw a huge dip in the number of publicly-reported ransomware attacks. In 2022, 769 attacks were collated by the researchers, compared to 1,365 in 2021.  But that’s not to say hackers have been any…

Read more →

The recent cyber-attack on the San Francisco Transit Police Department (SFTP) has highlighted the critical need for robust cyber security measures in the public sector. The attack, which took place over the weekend, targeted the department’s computer systems. This resulted…

Read more →

As of late, Kubernetes clusters have been actively breached by the Kinsing malware, which exploits vulnerabilities in container images and misconfigured, exposed PostgreSQL containers. While not new, the Defender for Cloud team at Microsoft has noticed a spike in recent…

Read more →

In yet another DDoS attack on financial institutions, according to the Denmark central bank and an IT business that works with the financial sector. Hackers have disabled access to the websites of seven private banks in Denmark this week. Reports…

Read more →

Data Loss Prevention, or DLP, is a vital component of any business’s cybersecurity strategy. It is a set of technologies and processes that help prevent the unauthorized access, use, or transfer of sensitive or confidential data. This includes data stored…

Read more →

Data loss prevention (DLP) is a security strategy that aims to prevent unauthorized access, disclosure, modification, or destruction of sensitive data. Protecting sensitive data is crucial for maintaining data confidentiality, integrity, and availability and for upholding the trust of customers,…

Read more →

Custom Android apps are now being used by online drug and other illegal substance markets on the darknet to boost privacy and elude law enforcement. These apps enable customers of pharmacy stores to contact suppliers and give particular delivery instructions…

Read more →

The well-known JsonWebToken (JWT) open-source encryption project has a high-severity vulnerability (CVE-2022-23529) that attackers might exploit to get remote code execution (RCE) on a target encryption server. The JWT open standard outlines a process for securely sending data by encrypting…

Read more →

Organisations regularly invest in their information security management systems (ISMS). These investments are a cost-of-business and cover the basics of fulfilling regulatory, compliance and certification requirements. However, most organisations implement ISMS based on the ISO framework, creating policies and documentation…

Read more →

Text-to-SQL models are a type of artificial intelligence (AI) used in database applications to facilitate communication between humans and database systems. These models use natural language processing (NLP) techniques to translate human questions into SQL queries, allowing users to interact…

Read more →

A skillfully designed website for the Pokemon NFT card game is being used by threat actors to disseminate the NetSupport remote access tool and commandeer victims’ devices. The “pokemon-go[.]io” website, which is still active as of this writing, advertises a…

Read more →

Six dangerous packages were discovered on PyPI, the Python Package Index, that used Cloudflare Tunnel to get over firewall constraints for remote access while also installing data-stealing and RAT (remote access trojan) malware. The malicious packages try to run shell…

Read more →

With the intention of building supply chain attacks, malicious extensions could be uploaded using a new attack vector that targets the Visual Studio Code extensions marketplace. According to Ilay Goldman, a security researcher at Aqua, the method “may operate as…

Read more →

“Generative AI refers to artificial intelligence systems that are capable of generating new content, such as text, images, or audio….One potential risk is related to intellectual property. Generative AI systems may be able to create original works that are difficult…

Read more →

Private information about young students was posted online as a result of a cyberattack that targeted schools across the nation. A major cyber-attack that affected 14 UK schools led to the disclosure of private student records. Hackers exposed staff contracts…

Read more →

The Wabtec Corporation has finally provided information regarding a data security breach that occurred last year and resulted in the compromise of extremely sensitive personal data. The $8 billion company was the victim of a ransomware attack that was first…

Read more →

Users of one of the leading business communication and collaboration platforms, Slack, have been warned that hackers have stolen several of its private source code repositories. At the same time, Slack insists the damage is minimal. Slack revealed the incident…

Read more →

In a recent report, web application security researcher Sam Curry revealed serious vulnerabilities in the API (application programming interfaces) endpoints of cars from 15+ major manufacturers. These vulnerabilities allow hackers to remotely access vehicle telematics systems, activate horns and lights,…

Read more →

A well-known hacker site allegedly dumped a database containing the email addresses of over 235 million Twitter users and is being sold for roughly $200,000. According to a cyber intelligence company, this data leak has the potential to rank among…

Read more →

Five Guys Enterprises LLC, a chain of burger restaurants, has reported a data breach that led to the loss of personally identifiable information from job applications. The information was provided in a form letter dated December 29 that was submitted…

Read more →

The National Health Service (NHS) is the most impersonated UK government organization in scams, according to a recent report. This is concerning news, as scams targeting the NHS can have serious consequences for individuals and the NHS as a whole.…

Read more →

As artificial intelligence (AI) becomes more prevalent in our daily lives, it’s essential to consider new technologies’ potential risks and benefits. One such example is ChatGPT, a popular new AI chatbot that has gained significant popularity in a short period…

Read more →

For over a year, Chinese overseas students in the United Kingdom have been targeted by persistent Chinese-speaking scammers as part of an operation known as RedZei (aka RedThief). “The RedZei scammers meticulously select their targets, analyze them, and know it…

Read more →

Identity and access governance is a crucial aspect of any organization’s security strategy. It involves the management of user identities and the control of access to systems and resources. Proper identity and access governance can help prevent unauthorized access, protect…

Read more →

As a website owner, it is essential to prioritize the security of your WordPress website. Cyberattacks and hacking attempts can compromise sensitive information, disrupt your website’s functionality, and damage your online reputation. To protect your website and your business, it…

Read more →

As a website owner, it is essential to prioritize the security of your WordPress website. Cyberattacks and hacking attempts can compromise sensitive information, disrupt your website’s functionality, and damage your online reputation. To protect your website and your business, it…

Read more →

LAHORE, Pakistan – The official YouTube channel of the Pakistan Cricket Board (PCB) was hacked on Tuesday, causing great panic among the board’s officials and its 4.4 million subscribers. The hackers not only changed the channel’s logo but also renamed…

Read more →

LAHORE, Pakistan – The official YouTube channel of the Pakistan Cricket Board (PCB) was hacked on Tuesday, causing great panic among the board’s officials and its 4.4 million subscribers. The hackers not only changed the channel’s logo but also renamed…

Read more →

Fahmi Fadzil, Malaysian Communications and Digital Minister, has launched an investigation into an alleged significant data breach impacting over 13 million individuals. Fadzil directed the national cyber security to investigate and take legal action if there is a data leak…

Read more →

A new strain of Linux malware is targeting WordPress sites and exploiting vulnerabilities in over two dozen plugins and themes to compromise systems. Russian security firm Doctor Web discovered the malware, which has been tracked as Linux.BackDoor.WordPressExploit.1. It targets both…

Read more →

The states of Indiana and the District of Columbia in the U.S. have settled claims against Google for its location monitoring tactics, with Google agreeing to pay a total of $29.5 million to resolve the cases. The District of Columbia…

Read more →

Identity and access governance (IAG) is a critical component of modern organizations, as it helps manage users’ identities and access various resources and systems. IAG encompasses a range of processes and technologies that help to ensure that only authorized users…

Read more →

Identity and access governance (IAG) is a critical component of modern organizations, as it helps manage users’ identities and access various resources and systems. IAG encompasses a range of processes and technologies that help to ensure that only authorized users…

Read more →