Tag: Information Security Buzz

It has been reported that Microsoft says attackers are exploiting a previously undisclosed security vulnerability found in all supported versions of Windows, including Windows 10 – the company said there is currently no patch for the vulnerability. The security flaw, which Microsoft deems “critical”…

Read more →

As reported by Reuters, elite hackers tried to break into the World Health Organization earlier this month, part of what a senior agency official said was a more than two-fold increase in cyberattacks. WHO Chief Information Security Officer Flavio Aggio said…

Read more →

Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former GE employees, as well as beneficiaries, was exposed in a security incident experienced by one of its service providers. GE says in a notice…

Read more →

The TalkTalk data breach in 2015 was monumental for the cyber security industry. At the time, data breaches were hardly new, but this particular breach resulted in UK MPs recommending that an officer should be appointed with day-to-day responsibility for…

Read more →

Cyber gangsters failed attack on a research firm working on the Covid-19 vaccine, despite earlier claims by many ransomware groups including Maze (the offender) that they would avoid targeting healthcare. Please see the comment below about how the healthcare sector can better protect itself…

Read more →

As reported by ITPro, NHS Trusts have been granted a six-month delay to completing crucial cyber security resilience checks while resources are rechanneled into handling the coronavirus outbreak. The health service’s recently established digital transformation body NHSX has given organisations a…

Read more →

In response to Security Discovery research that reveals over five billion records were exposed after a Keepnet Labs Elasticsearch “data breach database” containing security incidents from the last seven years was left unprotected, cybersecurity experts commented below. The ISBuzz Post: This Post Expert…

Read more →

In response to the news that a coalition of trade associations have requested California put off enforcement of its landmark privacy regulation in part due to the novel coronavirus, cybersecurity experts commented below. The ISBuzz Post: This Post Expert Comments: Trade Groups Seek…

Read more →

Brian Krebs is reporting that a security breach has disrupted operations at London-based fintech firm Finastra, which provides services to most of the world’s top 50 banks. Finastra has over 9,000 customers across 130 countries; sources at two different U.S. financial…

Read more →

An unsecured database has led to the exposure of customer data at Rogers Communications, a Canadian ISP. The ISBuzz Post: This Post Rogers Communications Data Exposure – Experts Reaction appeared first on Information Security Buzz.   Advertise on IT Security…

Read more →

In response to today’s findings from Krebs on Security of a new strain of Mirai targeting IoT devices for exploitation in attacks and for use as proxies, an expert offers perspective.   The ISBuzz Post: This Post Byos Re New Mirai…

Read more →

The ISBuzz Post: This Post Norwegian Cruise Line Data Breach – Experts Insight appeared first on Information Security Buzz.   Advertise on IT Security News. Read the complete article: Norwegian Cruise Line Data Breach – Experts Insight

Read more →

In response to Security Discovery research that reveals over five billion records were exposed after a Keepnet Labs Elasticsearch “data breach database” containing security incidents from the last seven years was left unprotected, cybersecurity experts commented below. The ISBuzz Post: This Post Expert…

Read more →

In response to the news that a coalition of trade associations have requested California put off enforcement of its landmark privacy regulation in part due to the novel coronavirus, cybersecurity experts commented below. The ISBuzz Post: This Post Expert Comments: Trade Groups Seek…

Read more →

Brian Krebs is reporting that a security breach has disrupted operations at London-based fintech firm Finastra, which provides services to most of the world’s top 50 banks. Finastra has over 9,000 customers across 130 countries; sources at two different U.S. financial…

Read more →

An unsecured database has led to the exposure of customer data at Rogers Communications, a Canadian ISP. The ISBuzz Post: This Post Rogers Communications Data Exposure – Experts Reaction appeared first on Information Security Buzz.   Advertise on IT Security…

Read more →

In response to today’s findings from Krebs on Security of a new strain of Mirai targeting IoT devices for exploitation in attacks and for use as proxies, an expert offers perspective.   The ISBuzz Post: This Post Byos Re New Mirai…

Read more →

The ISBuzz Post: This Post Norwegian Cruise Line Data Breach – Experts Insight appeared first on Information Security Buzz.   Advertise on IT Security News. Read the complete article: Norwegian Cruise Line Data Breach – Experts Insight

Read more →

Senators Mark Warner and Richard Blumenthal have formerly complained to the FTC that Google is adding to the shortage of medical masks by not taking down advertisements that show up next to Coronavirus stories. These are ads that Google had promised to take…

Read more →

In response to the Bleeping Computer report that explains some ransomware operators have agreed to no longer target health and medical organizations during the pandemic, experts from cybersecurity firms Cerberus Sentinel and KnowBe4 offer perspective. The ISBuzz Post: This Post Experts Reaction On…

Read more →

Much like technology itself, the tools, techniques and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on…

Read more →

Security researcher Bob Diachenko discovered a publicly available Elasticsearch instance that housed over 5B+ records, which appeared to belong to UK-based security company Keepnet Labs. The irony of the discovery is that it was a ‘data breach database’, a massive collection…

Read more →

Cybercriminals are exploiting anxiety and uncertainty by luring the public into malware and ransomware traps. These “Scareware” attacks will escalate as online searches increase and people work from home, moving outside of the in-built security that corporate networks offer. Hackers…

Read more →

According to ITProPortal, the UK’s Student Loans Company (SCL) was hit by more than 5,000,000 email attacks last year, new figures from Griffin Law suggest. Data obtained via a Freedom of Information (FOI) Act request suggests the organisation encountered 10,125 malware…

Read more →

With the spread of the Coronavirus and people working from home, there has been a 53% spike in Virtual Private Network (VPN) usage in the US and a significant increase from around the world according to Atlas VPN. The ISBuzz Post:…

Read more →

It has been reported that researchers at the University of York have shown that some commercial password managers (depending on the version) may not be a watertight way to ensure cybersecurity. After creating a malicious app to impersonate a legitimate Google app, they were…

Read more →

Researchers have uncovered a Magecart Group 8 attack against blender vendor NutriBullet that installed credit card stealing malware on the company’s website. Security experts provide insight into this attack. The ISBuzz Post: This Post Experts Insight On NutriBullet.com Magecart Attack…

Read more →

Yesterday, Twitter updated its safety policy to prohibit tweets that “could place people at a higher risk of transmitting COVID-19”. This includes a number of different things, such as denying expert guidance, or tweets that misleadingly pretend to be from health…

Read more →

News has broken about today’s launch of Chrome 81 and its implications for the hundreds of thousands of websites that still use the outdated TLS 1 & 1.1 standards. We have known from some time that Chrome 81 will restrict access to any…

Read more →

Google is making progress on expanding the control users have over cookies in the Chrome browser with a new flag in Canary that enables an improved interface with more buttons and information. The experimental feature is available in the Android version 82…

Read more →

A research team at the University of York has exposed several severe flaws in nearly half of the password managers it tested. The researchers created a malicious app that was a mockup of a legit Google app and presented it to various…

Read more →

It has been reported that Tuition website TrueFire has informed users that an “unauthorised person” had access to the company’s computer system, and specifically to unencrypted information that was entered into its website, for a period of over five months. TrueFire, which boasts…

Read more →

The concept of trust is getting more attention these days. IDC has estimated security spending to reach $151 billion by 2023, noting a ‘C-level focus on trust’ as a key growth driver. Trust, according to IDC, now encompasses security, risk and compliance,…

Read more →

Intel processors are vulnerable to a new attack that can leak data from the CPU’s internal memory — also known as the cache. The attack, described as “Snoop-assisted L1 Data Sampling,” or just “Snoop” (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz,…

Read more →

As reported by TechCrunch, Magecart hackers have struck again, this time targeting the NutriBullet website. Hackers broke into the blender maker’s website several times over the past two months, injected malicious credit card-skimming malware on its payment pages and siphoned off…

Read more →

It has been reported that an open database is the source of a data leak leading to the exposure of 425GB in sensitive documents belonging to financial companies. Security researchers found over 500,000 “highly sensitive” documents, including private legal and financial files, that originated from …

Read more →

In response to new research that indicates more than a quarter of security alerts fielded within organizations are false positives, cybersecurity experts offer perspective. The ISBuzz Post: This Post Expert Comments: Over 25% Of Security Alerts Are False Positives appeared first on…

Read more →

Researchers at DomainTools recently discovered a malicious android app that claims to track COVID 19 statistics actually locks users’ phones and demands a ransom in order to restore access. The new “CovidLock” ransomware also threatens to erase victim’s contacts, photos, videos and memory, as well…

Read more →

WordPress plugins pose one of the biggest threats to website security, if they are not updated and many site owners usually install themes and plugins and then forget to update them. The WordPress development team is already working on adding…

Read more →

The not-for-profit accreditation and certification body for the technical security industry, has developed a new maturity assessment tool for Cyber Threat Intelligence (CTI) programmes. The licence-free tool will help organisations to predict, prepare for, detect and respond to potential attacks…

Read more →

As reported by Sky News, experts from the National Cyber Security Centre (NCSC) – a part of GCHQ – have said that a range of attacks are being conducted by cyber criminals to make money out of exploiting people’s fears over COVID-19.…

Read more →

The U.S. Health and Human Services Department suffered a cyber-attack on its computer system, aimed at undermining the response to the coronavirus pandemic. The ISBuzz Post: This Post U.S. Health Agency Suffers Cyber-Attack – Expert Reaction appeared first on Information Security Buzz.…

Read more →

In response to the latest report from the Department for Digital, Culture, Media & Sport that states 48% of UK businesses struggle to find employees with basic cyber skills, cybersecurity experts commented below. The ISBuzz Post: This Post Expert On…

Read more →

The EU plans to become the most attractive, secure and dynamic data-agile economy in the world. The Commission’s new digital strategy includes an ambition for the EU to seize new opportunities in digitised industry and business-to-business artificial intelligence (AI) applications.…

Read more →

It has been reported that Princess Cruises, the cruise liner forced to halt its global operations after two of its ships confirmed on-board outbreaks of Coronavirus, has now confirmed a data breach. The notice posted on its website, believed to have been posted in…

Read more →

On March 4, researchers discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites, including one that allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The…

Read more →

As research today shows the Coronavirus can survive on paper-based surfaces for up to 24hrs, fear of handling cash is tangible amongst consumers due to Coronavirus, and until the Federal Reserve and Treasury Department issue an official statement about the safety of…

Read more →

The Infocomm Media Development Authority (IMDA) have announced their plans to introduce requirements that provide a safer experience for users of IoT devices in their homes.  The new rules proposed state that home routers need to meet requirements that include…

Read more →

New Government report, released today, on cyber security skills in the UK labour force. Some of the headline statistics include: Approx. 653,000 businesses (48%) have a basic skills gap. That is, the people in charge of cyber security in those businesses…

Read more →

Cheney Bros, Inc., the 10th largest food distributor in the U.S., had one of its sites hacked and retrofitted with code that steals credit card and login data leveraging a new domain that easily hides in a hacked site’s source…

Read more →

The US is at risk of a “catastrophic cyber attack” and the government needs to adopt sweeping structural changes to address cybersecurity challenges, according to a report from the US Cyberspace Solarium Commission following a year-long investigation. “Our country is…

Read more →

As reported by Forbes, TikTok is amongst around 50 iOS apps which have been discovered by researchers to be reading the content of users’ clipboards. The researchers explored popular iOS and iPadOS apps investigating whether they access the clipboard and get information…

Read more →

A government report has shown that half of UK businesses suffer from a basic cybersecurity skills gap. Setting up configured firewalls, storing or transferring personal data, and detecting and removing malware, are among the most common skills lacking in approximately…

Read more →

Researchers at Comparitech have uncovered a leak stemming from third-party apps used by Amazon UK, Ebay and Shopify, exposing 8 million sales records containing customers’ personal data. Exposed data includes customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers.…

Read more →

Self-quarantined employees are forcing organizations to allow access to critical data remotely. Coronavirus is presenting organizations with a unique opportunity to adopt modern security protocols and enable an efficient remote workforce. Fear of Coronavirus infections has resulted in organizations ruling…

Read more →

New vulnerability research by Outpost24 has revealed interesting data trends in vulnerability management across different regions and sectors. When analysed, the number of high, medium and low-risk security vulnerabilities based on CVSS criticality shows the Netherlands had the largest percentage…

Read more →

Entercom, one of the largest radio companies with 235 radio stations broadcasting across the country with more than 112 Million listeners has suffered a data breach related to its third-party cloud hosting services. The ISBuzz Post: This Post Panorays Comments On Entercom…

Read more →

Adware accounts for 72% of all mobile malware according to a new report from Avast. The report reveals that android malware has increased by 38% alone in the last year. The ISBuzz Post: This Post On Adware – The Mobile Plague appeared…

Read more →

As reported by TechRadar, an investigation by The Washington Post has revealed that Whisper (a social media platform that’s core focus is to allow its users to anonymously share secrets ) left the information of nearly 900 million users exposed to anyone that…

Read more →

It has been reported that Microsoft leaked info on a security update for a ‘wormable’ pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month’s Patch…

Read more →

As reported by the BBC, a novel attempt to convince people to open malicious email attachments is spreading online, purporting to offer nude photos of a friend’s girlfriend. Instead of threatening to distribute stolen private images, this new attempt claims to…

Read more →

Cybereason‘s Nocturnus Research Team is investigating a campaign where cybercriminals are trojanising multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting…

Read more →

It was announced today that a third-party app used by EU merchants on Amazon UK, Ebay and Shopify was found to have exposed 8 million sales records containing customers’ personal data. The ISBuzz Post: This Post 8 Million Sales Records On Amazon,…

Read more →

It has been reported that a huge proportion of internet-connected imaging devices at hospitals run outdated operating systems, according to research released today. The researchers found that 83% of these devices run on outdated software that can’t be updated even…

Read more →

It has been reported that COVID-19 is causing a digital threat. Forbes claims that coronavirus is a good opportunity for companies to test remote work structures. Everyone is covering COVID-19, few are covering the real risk that comes with trying to contain this virus.…

Read more →

The City and County of Durham, North Carolina shut down networks following a cyberattack by the Ryuk Ransomware. The county and city was victim to a phishing attack that led to the deployment of the ransomware on their systems The…

Read more →

Firefox’s latest update and its implications for the hundreds of thousands of websites that still use the outdated TLS 1 & 1.1 standards. With this update, Firefox will restrict access to any website using TLS 1 & 1.1, marking them…

Read more →

New Tessian report reveals that perceptions around cybersecurity industry need to change to encourage more diversity Increasing the number of women working in cybersecurity could boost the UK economy by £12.6 billion according to a new report from Tessian, the human layer…

Read more →

A new report out of the UK shows that 60% of data breaches were caused by human error according to research firm Gallagher as reported by Infosecurity. The ISBuzz Post: This Post Experts On Report: 60% Of Data Breaches Caused…

Read more →

It was recently reported that government-backed groups are exploiting CVE-2020-0688 to take over Exchange email servers. The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday and confirmed today to ZDNet by a source in the DOD. The ISBuzz Post:…

Read more →

Twitter has used its new “manipulated media” tag for the first time on an edited video of a speech by Joe Biden, according to BBC News. The tag, introduced on 5 March, tells readers when a picture or video has been…

Read more →

Ryuk Ransomware by way of phishing was the culprit behind the Durham, NC cyberattack that ultimately caused the city to shut down its network and disabled the first responders’ systems. Although this ransomware is made up of complicated code, the…

Read more →

When events like the outbreak of Covid-19 become projected on a global audience, cybercriminals try to exploit fear and uncertainty for financial gain. This is nothing new, with the FBI warning of phishing scams associated with Hurricane Katrina all the way back…

Read more →

Google has rolled out an update for its two-factor physical security keys for protecting Google Accounts that makes it easier to enroll the keys on Android and macOS devices. Google users can register the security keys on Android devices running…

Read more →

Facebook has removed some deceptive ads from the Trump campaign after first allowing them. When criticism arose, Facebook took down the ads saying they were misleading about the US Census. Facebook is also taking heat for other ads that are…

Read more →

It has been reported that Boots has suspended payments using loyalty points in shops and online after attempts to break into customers’ accounts using stolen passwords. Customers will not be able to use Boots Advantage Card points to pay for products while the issue is dealt with. Boots said none…

Read more →

As reported by BBC News, a Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months, the company has admitted. The information was accessed “on at least one occasion” by an unknown…

Read more →

It has been reported that clothing giant J.Crew has said an unknown number of customers had their online accounts accessed “by an unauthorised party” almost a year ago, but is only now disclosing the incident. The company said in a filing on Tuesday…

Read more →

T-Mobile recently announced a security breach affecting its employees and customers. According to the company’s data breach notification published on the company’s website, the breach occurred due to an attack” against its email vendor. The hacker(s) were able to access…

Read more →

Gaming giant Zynga is facing a class-action lawsuit filed by two individuals over a massive data breach last September that impacted 218 million users of the Words with Friends mobile app. The complaint was filed in the U.S. District Court for California…

Read more →

Ryuk ransomware hits Fortune 500 company EMCOR, a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems. The incident from 15th Feb 2020 was identified…

Read more →

Carnival Cruise line has reported a potential breach of its network after they found suspicious activity. The company reported the incident to the California Attorney General. The ISBuzz Post: This Post Expert Comments On Possible Carnival Cruise Line Data Breach appeared…

Read more →

It has been reported that through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and content management systems. When present…

Read more →

ICO has announced that it is fining Cathay Pacific £500,000 – it’s the maximum fine under the 1998 Data Protection Act, as the breach took place pre-GDPR – for multiple data protection failings that left millions of customer records exposed. In…

Read more →

Yesterday, it was reported that Tesco was experiencing security issues, and had issued new Clubcards to 600,000 account holders. The supermarket giant said it believed a database of stolen usernames and passwords from other platforms had been tried out on…

Read more →

A report from Vectra reveals that 74 percent of all privileged access anomalous behavior detections came from an unknown host. According to the report, many companies are still not able to detect if privileged accounts were compromised. These types of behaviors reported were…

Read more →

Some well-known websites could stop functioning properly on Wednesday, 4 March, after a bug was found in the digital certificates used to secure them, the BBC reported last night.The organisation that issues the certificates revealed that three million need to be immediately…

Read more →

In response to the news from Law Sites that disclosed legal services giant Epiq Global has gone offline after a ransomware attack affected all of its office locations, a cybersecurity expert offers perspective. More detail a source quoted that many…

Read more →

Mass scanning activity of Apache Tomcat servers that have not been patched from the Ghostcat vulnerability has been detected. The ISBuzz Post: This Post Scanning For Ghostcat – Expert Reaction appeared first on Information Security Buzz.   Advertise on IT…

Read more →

Forbes published an article earlier today regarding an app called CleanMaster, a security tool promising anti-virus and private browsing. It had more than 1 billion installs before it was evicted and, despite Google’s ban, is one of Android’s most downloaded…

Read more →

In response to reports that indicate more than half of attacks last year leveraged fileless or “malware-free” techniques, as hackers turn to stolen credentials in their efforts to breach corporate networks, experts from two cybersecurity firms offer perspective. Full report…

Read more →

It has been reported that an American manufacturer which works with SpaceX and Tesla is being extorted by cyber criminals who are leaking documents relating to these companies. The cyber crime group known as DoppelPaymer has already leaked non-disclosure agreements signed between…

Read more →

According to MoneySavingExpert, customers of credit history-building tool Loqbox have had personal and financial data compromised after the firm was hit by a “sophisticated and complex” cyber attack.  Loqbox has announced that it’s been hit by a cyber attack, in which…

Read more →

It has been reported that the UK Home Office has breached European data protection regulations at least 100 times in its handling of the EU Settlement Scheme (EUSS). IDs have been lost, documents misplaced, passports have gone missing, and applicant information has been…

Read more →

As reported by BBC News, smart cameras and baby monitors can be watched by criminals over the internet by default, security chiefs have warned. The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them. Easy-to-guess…

Read more →

The National Cyber Security Centre is advising people to tweak default settings of connected devices to protect users against hackers. The ISBuzz Post: This Post Expert Opinion: Default Settings Putting Users At Risk appeared first on Information Security Buzz.  …

Read more →

Walgreens disclosed a data leak in its mobile app, specifically in the messaging service, that consequently revealed users’ personal information such as first and last names, prescription names and numbers and shipping addresses. Given that the Walgreens Android app has over 10…

Read more →

Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of…

Read more →

Recently, RiskIQ published its 2019 Mobile App Threat Landscape report, which analyses the ‘murky mobile app underworld’, including app stores across the globe. This report found that 9Game.com- a mobile app store offering free Android games- is the most dangerous store to…

Read more →

It has been reported that Israeli marketing company Straffic has leaked personal sensitive data of millions of unsuspecting users mostly from the US and Europe. The leak took place due to a misconfigured Elasticsearch database. Unlike other data breaches involving search engine software Elasticsearch, where databases are accessible…

Read more →