Tag: Information Security Buzz

A specialist cyber force of hackers who can target hostile states and terror groups is due to be launched later in the spring, after many months of delays and turf wars between the Ministry of Defence and GCHQ. The National…

Read more →

“According to the recently-published DLA Piper GDPR Data Breach Survey 2020, more than 160,000 data breach notifications have been reported across Europe since the General Data Protection Regulation (GDPR) came into force in May 2018. The survey also found that data…

Read more →

For the past 30 months, an online printing platform with a cover store for well-known magazines has been constantly infected with malicious scripts that steal customer payment card data. At least 18 skimmers or sniffers – scripts that copy credit card…

Read more →

In response to new ransomware policies released by the UK’s National Cyber Security Centre, experts offer perspective below. The ISBuzz Post: This Post Experts Reaction On UK’s Cybersecurity Agency Releases Updated Ransomware Policies appeared first on Information Security Buzz.   Advertise on IT…

Read more →

In response to reports that indicate cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes,…

Read more →

The UK‘s cybersecurity agency has updated its guidance on what to do after a ransomware attack, following a series of incidents where organisations were hit with ransomware, but also had their backups encrypted because they had left them connected to their networks. Keeping a…

Read more →

“Shark Tank” star Barbara Corcoran recently admitted to losing nearly $400,000 due to a convincing email phishing scam. A cybercriminal pretending to be Corcoran’s assistant emailed a fake invoice for a real estate renovation to Corcoran’s bookkeeper. The scam was…

Read more →

Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder,…

Read more →

According to an annual report on the state of ethical hacking published by HackerOne, the money earned in bounties this year was nearly equal to the entire amount awarded in all prior years combined.  Since launching in 2012, companies have paid the…

Read more →

A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, according to The Register. The leak, which came from an unsecured S3 bucket, also revealed detailed care plans and precisely how much…

Read more →

Google has announced that it recently added deep learning capabilities to its malware scanner for Gmail, as part of an effort to detect and block malicious attachments. The search giant’s existing document scanner handles more than 300 billion attachments every week to…

Read more →

In response to recent reports a vulnerability in some popular WiFi chips can be leveraged to partially decrypt user communication and expose data in wireless network packets, cybersecurity experts offer perspective. The ISBuzz Post: This Post Cypress WiFi Chips Leak Sensitive Info Due To…

Read more →

In response to the Krebs on Security report indicating that Zyxel 0day affects firewall products, experts offer perspective. The ISBuzz Post: This Post Expert On Report: Zyxel 0day Affects Its Firewall Products appeared first on Information Security Buzz.   Advertise on IT…

Read more →

In response to The Daily Beast reports that facial-recognition software maker Clearview AI suffered a data breach that accessed the company’s entire client list, many which are law enforcement agencies, cybersecurity experts commented below. The ISBuzz Post: This Post Clearview AI’s Entire Client…

Read more →

Google has warned people not to bypass the ban on Google apps that affects newer Huawei phones. Manually installing app files found online is highly risky, as the files can be compromised. The ISBuzz Post: This Post Expert Comment –…

Read more →

French sports giant Decathlon has leaked over 123 million records via an improperly secured ElasticSearch server, according to security researchers Noam Rotem and Ran Locar at VPNmentor. The two spotted the database on February 12 and notified the company four days later. (They…

Read more →

In a blog post today, researchers published the dates for nearly 40 new shopping websites infected by Magecart 12 with JavaScript. All were notified of the compromise, yet 13 continued to load the malicious JavaScript. Credit Card Skimmer Running on 13 Sites,…

Read more →

In response to recent Bleeping Computer reports that the operators of the DoppelPaymer Ransomware have launched a site that will be used to extort victims who do not pay a ransom and publish any files that were stolen before computers were encrypted, cybersecurity expert offers…

Read more →

As reported by BBC News, the Financial Conduct Authority (FCA) has admitted that it inadvertently published online the personal data of people who made complaints against it. The UK’s City watchdog said the names of the complainants, along with some addresses…

Read more →

The last 12 months have seen a number of social media giants take the leap and enter the ecommerce market in a bid to expand their offering. The latest example of this is TikTok, which has roughly 625 million active users. According to…

Read more →

A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems. The researchers have discovered that the malware uses DNS to receive instructions from attackers and…

Read more →

As reported by Reuters, Mexico’s economy ministry detected a cyber attack on some of its servers on Sunday but did not consider sensitive information to have been compromised, and beefed up safety measures, it said in a statement. It was the…

Read more →

TechCrunch has reported that Rallyhood, the social network designed to help groups communicate and coordinate, left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password,…

Read more →

According to ZDNet, hackers have found a bug in PayPal’s Google Pay integration and are now using it to buy products online and incur unauthorized charges to PayPal accounts. Since last Friday, users have reported seeing mysterious transactions pop up in…

Read more →

In light of the news that a hacker stole the personal data of 1,000 employees of the Ordnance Survey, cybersecurity experts, offered the following comments: Scoop: A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the…

Read more →

According to researchers, Racoon Malware can extract sensitive data from about 60 applications and is distributed under the MaaS (malware-as-a-service) model for $75/week or $200/month. The ISBuzz Post: This Post Racoon Malware Steals Data From 60 Apps – Expert Comments appeared…

Read more →

Today, HackerOne has revealed that hackers believe that the technology industry is the least secure, despite it being seemingly full of digital natives.  This revelation and more is unveiled for the company’s annual Hacker Report, which is a benchmark study of…

Read more →

A simple Google search could reveal as many as 470,000 WhatsApp group invite links, according to reports. Once an individual finds an invitation, they can join the group and potentially find out members’ phone numbers. It is especially troubling that…

Read more →

Regulatory body Qualifications Wales is considering instituting online GCSEs, so that 16 year olds will be tested in a way that fits with their increasing use of technology, according to BBC News. Whilst recent technical issues with exams have highlighted the…

Read more →

We’re all guilty of it. Finder.com estimates that Americans spend nearly two hours a day shopping online while at work, presumably using work machines. Whether scoping out springtime sales or putting that tax refund to use, this habit effectively makes…

Read more →

Let’s Encrypt has launched multi-perspective domain validation, a new feature that aims to bolster network security by limiting the ability of cybercriminals to trick Certificate Authorities into mis-issuing certificates. We are coming up on 1 *BILLION* certificates issued by the…

Read more →

A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been compromised “in a data breach” on a system hosted by the…

Read more →

According to reports, ICC World, a major facilities company which provides cleaning, catering, security and other services globally has recently suffered from a ransomware attack. It’s said that many of its employees have been unable to access emails while the…

Read more →

In response to reports indicating that 30 over 30 data breach incidents in health care have been reported to HHS so far in 2020, affecting over 1 million individuals, an expert offers perspective. The ISBuzz Post: This Post Expert Comments On Over 30 Data…

Read more →

Security researchers have discovered nine new websites infected with malicious JavaScript, attributed to Magecart Group 12, that steals payment card info from online shoppers. The owners of these sites were contacted, none of them replied and the latest check showed that the…

Read more →

It was  announced today that MCM experienced a data exposure, leaking over 10.6 million customer’s personal data on a hacking forum this week. The repercussions of this breach are beyond the initial exposure, according to Jumio CEO Robert Prigge. The ISBuzz Post:…

Read more →

It has been reported that a group of professional Chinese hackers has been targeting and hacking into companies that run online gambling and online betting websites. According to reports published this week by cyber-security firms Talent-Jump and Trend Micro, hacks have been officially…

Read more →

Amazon has announced that it has made two-factor authentication mandatory for its Ring doorbell. The ISBuzz Post: This Post Expert Opinion: Amazon Ring Two-factor Authentication appeared first on Information Security Buzz.   Advertise on IT Security News. Read the complete…

Read more →

The Cybersecurity and Infrastructure Agency (CISA) responded to a ransomware attack that targeted a U.S. natural gas facility, forcing it to shut down for two days. CISA did not reveal when the incident happened or the identity of the victim…

Read more →

Amazon Ring have announced in a blog post that they will make two-factor authentication mandatory. Users will receive a one-time, six-digit code every time they attempt to log in, either via email or text. Users will also be able to opt out…

Read more →

According to a story on security investigator Brian Kreb’s site: “A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a…

Read more →

Cybersecurity experts commented tonight on breaking news that the personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked…

Read more →

Web application vulnerabilities are often caused by application design flaws and misconfigured web servers. They can be particularly easy targets for hackers who look to take advantage of system security flaws.  With more web application security solutions now readily available…

Read more →

Webroot Also Observed a 125% Increase in Malware Targeting Windows 7®   OpenText™ (NASDAQ: OTEX) (TSX: OTEX) today issued the 2020 Webroot Threat Report, highlighting not only the agility and innovation of cybercriminals who continue to seek out new ways to evade defenses, but…

Read more →

ZDNet reported that today, February 18, residents of Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines that will be running Microsoft’s ElectionGuard software. These will be the first voting machines deployed in any US election that will be…

Read more →

A serious vulnerability was recently found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service (DoS) attacks. The high-severity vulnerability was discovered last year by researchers at OTORIO, who found that an attacker could…

Read more →

Infosecurity Magazine reported that two-thirds (66%) of global CISOs say they are struggling to recruit the right talent and a similar number believe shortages will only get worse, according to a new study from Marlin Hawk. The global executive recruiter surveyed 500 cybersecurity leaders…

Read more →

It has been reported that fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision…

Read more →

Cybersecurity and privacy advocates commented today on the new warning from the World Health Organization (WHO) of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware. The ISBuzz Post: This Post WHO Warns…

Read more →

Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks, putting patients and staff at additional risk from cyber-attacks. According to figures in a new report from researchers at healthcare cybersecurity company CyberMDX,…

Read more →

Thirteen well-known corporate brands are being targeted in a phishing attack using SLK attachments with the goal of accessing their corporate networks, according to researchers. The ISBuzz Post: This Post Well-Known Corporate Brands Targeted In Phishing Attack – Comments appeared first…

Read more →

Dozens of Israeli soldiers have had their smartphones hacked by the Hamas militant group posing as women seeking attention. This sort of honey-trap is not the first of its kind comments Jens Monrad, Head of Intelligence of EMEA at FireEye who references…

Read more →

Given the high levels of anxiety surrounding the spread of the Coronavirus that exists globally, there are currently opportunistic spammers using the term in a wrongful and disingenuous way within their digital campaigns. Research from Imperva found a clear correlation…

Read more →

During the last quarter of 2019, the ClearSky research team has uncovered a widespread Iranian offensive campaign called “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and…

Read more →

A poster branded with the logos of The West Midlands Regional Organised Crime Unit and National Crime Agency warning of software found on children’s computers has raised concerns, as the software is legal and could be used for legitimate learning purposes.…

Read more →

In response to a Krebs on Security report that details a new email-based extortion scheme is targeting web site owners serving banner ads through Google’s AdSense program, security awareness experts commented below. The ISBuzz Post: This Post Email-Based Extortion Scheme Targets…

Read more →

In response to reports that reveal cyber criminals are distributing a powerful form of trojan malware to victims by disguising it as a launcher for one of the world’s most popular video games, security experts commented below. Cyber-criminals are using an imitation Epic…

Read more →

It was recently reported that information on 144,000 Canadians was breached by 10 federal departments on almost 8,000 occasions in the past 2 years alone. The Canada Revenue Agency (CRA) saw the most individuals affected, with 3,020 breaches involving 59,065…

Read more →

5G is here to replace not just legacy cellular standards, but a multitude of other wireless and wired communication standards and therefore its scope will cover personal use, business operations, transportation and smart city infrastructure. This, together with its support…

Read more →

The Facebook founder Mark Zuckerberg admitted that big tech needs more regulation. Specifically, there have been calls for regulation in four main areas: elections, harmful content, privacy and data portability. Mark Zuckerberg: Big Tech needs more regulation https://t.co/CyKwF97Cte — Financial…

Read more →

The UK’s Anti-Doping agency has been hit with a total of 11,148 malicious emails in the final three months of last year, according to research fromParliament Street think tank. The data collected via the Freedom of Information (FoI) Act provided insight into…

Read more →

An interesting story has run on exposed databases. According to a story in Infosecurity Magazine, a US education non-profit, the Institute of International Education (IIE) has unwittingly leaked the personal information of thousands of students after leaving two online MongoDB…

Read more →

BBC News this morning reported that Heathrow Airport has apologised for disruptions after being hit by ‘technical issues’. One passenger reportedly said the situation was “utter chaos” after a problem with the airport’s IT system saw staff called in to help…

Read more →

Rutter’s, the convenience store, fast food restaurant, and gas station chain owner, has disclosed that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers’ credit card information. Rutter’s disclosed in a Notice of…

Read more →

In response to reports that a serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks, cybersecurity experts offer perspective. The ISBuzz Post: This Post Siemens, Moxa Devices Exposed To DoS Attacks…

Read more →

The WordPress GDPR Cookie consent plugin used by 700,000 websites was found to have critical vulnerabilities that could have allowed cybercriminals to delete, change content and inject a malicious code.   The ISBuzz Post: This Post Expert Analysis Of WordPress GDPR Cookie…

Read more →

In response to reports that the Florida county’s election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections, an expert commented below. The ISBuzz Post: This Post Expert On Florida County Election Office…

Read more →

The ISBuzz Post: This Post Multiple Experts On Puerto Rico $2.6M Phishing Scam appeared first on Information Security Buzz.   Advertise on IT Security News. Read the complete article: Multiple Experts On Puerto Rico $2.6M Phishing Scam

Read more →

South Africa-based Nedbank has disclosed that personal information of 1.7 million customers was breached by an IT services provider. This comes at the same time a new report has uncovered a sharp increase in incidents involving companies handling sensitive data for business partners and other…

Read more →

Ransomware cost organizations globally more than $6.3Billion in 2019 and it is ramping up for 2020 according to an Emisoft report. The ISBuzz Post: This Post Hysolate Comments On Protecting Endpoints Against Ransomware appeared first on Information Security Buzz.   Advertise on…

Read more →

Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from various vendors. Collectively named SweynTooth, the vulnerabilities can be used by an attacker in…

Read more →

ESET urges people to be vigilant when online dating, or risk falling for catfishers 41% of consumers believe that they face more cyber security risks when online dating around Valentine’s Day 71% don’t do background searches before meeting their date…

Read more →

Cyber criminals are spreading the highly dangerous off-the-shelf Emotet, a phishing Trojan-turned-botnet, by exploiting widespread fears of infection by the novel coronavirus, according to ComputerWeekly. Disguised as an email from a provider of disability welfare services, the Emotet coronavirus campaign has…

Read more →

It has been reported that Microsoft has released its February 2020 Patch Tuesday security updates. This month’s updates include fixes for a whopping 99 vulnerabilities, making this Microsoft’s biggest Patch Tuesday known to date. The highlight of this month’s security train represents the…

Read more →

Since the GDPR regulations came into force on 25 May 2018, there have been hundreds of thousands of GDPR breaches resulting in enforcement action for non-compliance and /or penalties for data protection breaches. With regards to the latter, regulators across…

Read more →

The U.S. government’s top counterintelligence official has challenged the private sector to step up and take responsibility for protecting its systems and sensitive data from foreign spying.   William Evanina, director of the National Counterintelligence and Security Center, said that…

Read more →

Geopolitical tension has a long-tail effect in cyberspace. In the aftermath of major political or military incidents, beneath the public posturing, nation state cyber actors are already under orders to conduct campaigns aimed at countering the incident, spreading disinformation or…

Read more →

It was recently reported that the majority of organisations (73%) continue to experience unplanned downtime and outages due to mismanaged digital certificates. More than half of respondents (55%) have experienced more than 4 certificate-related outages in the past 24 months…

Read more →

In its new FBI Internet Crime Report, the FBI said it received 467,361 internet and cyber-crime complaints in 2019, and that almost half of the reported losses — an estimated $1.77 billion — came from reports of BEC (Business Email Compromise),…

Read more →

Around a tenth of Americans use stalkerware to track partners and exes, according to CNET. Men are more than twice as likely than women to use the apps, according to the poll, which NortonLifeLock conducted in partnership with the Harris Poll.…

Read more →

New research by Nominet has found that heightened stress levels has led to mental and physical health issues, relationship problems, medication and alcohol abuse, and in some cases an eventual burnout, resulting in an average 26-month tenure before CISOs find…

Read more →

Within a few months, Google Nest users will be required to use two-factor authentication (2FA) to access their devices. Google has promised that the new process will integrate seamlessly into the Nest user experience. The ISBuzz Post: This Post Expert…

Read more →

A new phishing campaign involves scammers sending fake Chase and Amex fraud protection emails asking users if the listed card transactions are valid. Victims who click the “no” button in the message to dispute the transactions will be redirected to…

Read more →

440 million records from the Estee Lauder company were exposed online according to security Researcher Jeremiah Fowler at Security Discovery who found the door wide open on an Internet Facing database. Wonder @ # of #schooldistricts or #highered could field…

Read more →

Love is purportedly in the air again, but is it being harnessed and channelled in the right direction?  This Valentine’s Day, are you doing all you can to lavish protective TLC on your apps? Do you have the right strategies…

Read more →

A government report is criticizing the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) for not completing strategic and operational plans to address security election infrastructure. CISA was to develop and roll out a plan well before elections especially to…

Read more →

Dell published a security update to patch a SupportAssist Client software flaw which enables potential local attackers to execute arbitrary code with Administrator privileges on vulnerable computers. According to Dell’s website, the SupportAssist software is “preinstalled on most of all new Dell devices running…

Read more →

Iran has seemingly come under cyber-attack. Indeed, so powerful was the impact of this alleged attack that the internet was disrupted across the country. The NetBlocks internet observatory, which maps internet freedom in real-time, confirmed that there was extensive Iranian…

Read more →

Following the news yesterday that Chinese government hackers have been indicted for breaching Equifax in 2017, please see comment below from Sonatype CEO Wayne Jackson. The ISBuzz Post: This Post Chinese Government Hackers Implicated In Equifax Breach: What You Need To Know appeared first on…

Read more →

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their…

Read more →

The FBI has sent a security alert to the US private sector highlighting a hacking campaign targeting supply chain software providers. Hackers are attempting to infect companies with the Kwampirs malware which has also been deployed in attacks against companies…

Read more →

What makes for a successful cyberattack? Technology is one part of the picture, clearly. Malicious cybercriminals make use of a wide range of tools and techniques to gain access to their targets’ networks, probing for vulnerabilities and infecting systems with…

Read more →

Today the Ponemon Institute, in partnership with DomainTools, announced the results of its annual “Staffing the IT Security Function in the Age of Automation” report. The survey of more than 1,000 IT and IT security practitioners analysed the impact of…

Read more →

Following the news regarding the US charging four Chinese military officers over the huge Equifax breach, Ambuj Kumar, CEO and co-founder of Fortanix commented below.  The ISBuzz Post: This Post CEO Comments On US Charges Four Chinese Military Officers Over Equifax…

Read more →

GPRS Tunneling Protocol (GTP) is a 2.5G technology that provides interconnect between various network interfaces, enabling mobile users to roam seamlessly between networks of different generations. The protocol was developed in tandem with General Packet Radio Service (GPRS), the packet-oriented…

Read more →

Under UK law, it’s an employer’s duty to protect the health, safety and welfare of their employees and other people who might be affected by their business and do whatever is reasonably practicable to achieve this. For field service industries…

Read more →

It has been reported by The Times of Israel that Iranian hackers target Israel every day, Prime Minister Benjamin Netanyahu charged at a cybersecurity conference in Tel Aviv yesterday. “Iran attacks Israel on a daily basis,” he told a gathering of government officials, cybersecurity experts…

Read more →

In response to DR reports that a glitch in the TastSelv Borger tax service has sent over one million Danish CPR numbers to the US companies Google and Adobe, cybersecurity experts commented below. The ISBuzz Post: This Post 1.2 Million CPR Numbers…

Read more →

The Telegraph is reporting Facebook knew about a huge security flaw that let hackers to steal personal data from millions of its users almost one year before the crime, yet failed to fix it in time. Legal documents show that the company…

Read more →

Reaching out to make sure you saw breaking news of a phishing campaign resurfacing the Android banking trojan dubbed Anubis, luring users through a fake Google Play update to gain access to mobile devices and steal sensitive financial information through hundreds of…

Read more →