Tag: Information Security Buzz

In response to reports that show a high percentage of IaC template misconfigurations in cloud deployments that leave them vulnerable to attack, an expert from Cerberus Sentinel offers perspective. A new report shows a high percentage of IaC template misconfigurations in cloud deployments that…

Read more →

In response to reports indicating the financial services sector in the U.S was hit by cyber attacks last month through a Minebridge backdoor, experts provide an analysis below. The ISBuzz Post: This Post Experts Analysis Of Backdoor Campaign Targetting US Financial Sector appeared first…

Read more →

As reported by the BBC, bus and train operator Translink has reported a suspected hack of its internal IT systems to the police. The firm confirmed it has reported an “incident” to the Police Service of Northern Ireland (PSNI) after experiencing…

Read more →

Cybercriminals are employing the most sophisticated phishing techniques using brand impersonation, social engineering and phishing to lure in victims to take over their email accounts according to a study by Researchers from Barracuda and UC Berkeley. The ISBuzz Post: This Post Expert Analysis…

Read more →

A new threat report from cybersecurity company Dragos details the characteristics of a form of ransomware known as Ekans. This ransomware – also known as Snake – first emerged in December 2019 and has been designed for use against Windows systems used…

Read more →

As reported by the Independent, the head of the European Central Bank has warned that a combined cyber attack on important banks could trigger financial instability. Christine Lagarde, the ECB’s president, said that a report by the European Systemic Risk Board (ESRB) estimates…

Read more →

According to SlashGear, Google has begun to warn Chrome users about non-HTTPS downloads from HTTPS pages, which they call “mixed content downloads”. However, starting June this year, it will also block files little by little in an attempt to get website developers…

Read more →

As reported by Scamicide, there is a new phishing scam riding on the back of Google Docs attachments. A phishing email is sent to unsuspecting victims that urges you to click on a Google Docs link. Clicking on the link will…

Read more →

Android users are targeted in a phishing campaign that will infect their devices with the Anubis banking Trojan that can steal financial information from more than 250 banking and shopping applications. The campaign uses a devious method to get the potential victims…

Read more →

A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details. Detailed by cybersecurity researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in…

Read more →

Attackers are exploiting the hype surrounding this year’s Oscar Best Picture nominated movies to infect fans with malware and to bait them to phishing websites designed to steal sensitive info such as credit card details and personal information. This method is…

Read more →

Security researchers taking a closer look at the Philips Hue smart bulbs and the bridge device that connects them discovered a vulnerability that helped them compromise more meaningful systems on the local network. Tracked as CVE-2020-6007, the bug has a…

Read more →

Facebook have just announced new parental controls on its Messenger Kids platform that will allow parents to view their child’s chat history, in a move to better protect young people and give parents peace of mind when their children are online.…

Read more →

As reported by ZDNet around half a million computers used by the NHS are still running the outdated Microsoft Windows 7 operating system, missing the government’s own target of upgrading all PCs and laptops by January this year. And the real figure…

Read more →

In response to the FBI’s warning of possible  Distributed Denial of Service (DDoS) attacks on a state-level voter registration and information site in a Private Industry Notification (PIN), security experts commented below. The ISBuzz Post: This Post Experts On FBI…

Read more →

According to a blog post by PerimeterX, its cybersecurity researcher and JavaScript expert Gal Weizman found a find a gap in the Content Security Policy (CSP) used by WhatsApp, enabling bypasses and cross site scripting (XSS) on the desktop app. The ISBuzz Post: This…

Read more →

In response to reports that Bitbucket host codes were abused by hackers and infected over 500,000 hosts with malware, a security expert provide an insight below. The ISBuzz Post: This Post What Expert Says On 500,000+ Bitbucket Hosts Have Been Infected With…

Read more →

It has been reported that tens of thousands of Brazilian soccer fans have been exposed as a publicly-accessible cloud storage bucket leaked several gigabytes of data with sensitive information stretching back several years. The leaky S3 bucket, investigated exclusively by ZDNet in partnership…

Read more →

From online education to voting to dating apps, online companies are starting to institute physical biometrics to identify individuals through facial recognition.   The ISBuzz Post: This Post Experts On Adoption Of Facial Recognition appeared first on Information Security Buzz.…

Read more →

Cybersecurity should be a priority for all businesses and there is no excuse for failing to take the matter seriously in 2020. Staff must be adequately equipped to deal with threats; businesses must understand the importance of adhering to data…

Read more →

Twitter has disclosed a security incident involving the abuse of one of its official API features. Twitter admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of users en masse, which could…

Read more →

Google has reached out to users to apologize after a “technical issue” saw videos uploaded to another user’s archives. In an email, the search engine giant said the issue affected the Google “download your data” service — called Google Takeout — for…

Read more →

The Google-owned video service’s move comes amid growing concern about so-called “deepfake” videos altered by using artificial intelligence. https://t.co/uUnpnYkWok — NewsClick (@newsclickin) February 4, 2020 The ISBuzz Post: This Post YouTube Deepfake Ban – Expert Commentary appeared first on Information…

Read more →

A new type of ransomware, Ekans, has been developed and has been created to specifically target Windows systems used within industrial control systems. Below security expert provides an analysis of this new ransomware. Researchers detail EKANS ransomware, which is targeting industrial…

Read more →

Dundee and Angus College has remained closed today after a recent cyber attack, which occurred late last week. The College computer systems were shut down, and students have been asked to reset their passwords before attempting to access online college…

Read more →

A new type of ransomware, Ekans, has been developed and has been created to specifically target Windows systems used within industrial control systems. Below security expert provides an analysis of this new ransomware. Researchers detail EKANS ransomware, which is targeting industrial…

Read more →

Microsoft Teams has suffered a major worldwide outage due to an expired digital certificate. People have taken to Twitter to complain, while others are taking the opportunity to point out the awkward reality that Microsoft is itself a certificate authority while…

Read more →

People are abuzz right now with trend predictions for 2020. It’s like putting the cart before the horse. Before we start making assumptions about what we think will happen this year, we need to take stock with what we know…

Read more →

There is no question that digitalisation has brought newfound opportunity to businesses; however, as we are all painfully aware, it has also made them more vulnerable to security risks. Perhaps unsurprisingly, it’s the human factor which is increasingly the weakest…

Read more →

(ISC)² Opens Call for Expert Cybersecurity Speakers for 2020 Security Congress Annual conference brings together experts from around the world to tackle the most pressing issues in cybersecurity (ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals –…

Read more →

Linear eMerge E3 devices that are part of access control systems for Smart buildings have been found to contain serious vulnerabilities that can be used by cybercriminals to launch DDoS attacks according to security researchers at Applied Risk. The ISBuzz Post:…

Read more →

With problems in Iran, American businesses need to have a heightened sense of awareness around potential cyberattacks.  What can businesses do and what should they be aware of? The first thing people/companies need to be doing is training their staff…

Read more →

According to The Courier, Dundee and Angus College has remained closed today after a recent cyber attack, which occurred late last week. The College computer systems were shut down, and students have been asked to reset their passwords before attempting to…

Read more →

Freight giant Toll Group has shut down “a number” of IT systems due to a “cyber security incident”, with customers reporting shipment tracking is down and drivers are reverting to manual receipts. Toll said in a brief statement on its…

Read more →

Criminal gangs are planting “sleepers” in cleaning companies so that they can physically access IT infrastructure, the lead officer of the Yorkshire and Humber Regional Cyber Crime Unit told a recent SINET security event. He said that he was seeing…

Read more →

Newly released research, which looks at the ethics involved in offensive security engagements, finds that security professionals, like red teamers and incident responders, are more likely to find it ethically acceptable to conduct certain kinds of hacking activities on other people…

Read more →

The Japanese NEC electronics giant was the target of a cyberattack that resulted in unauthorized access to its internal network on Thursday according to information leaked to Japanese newspapers by sources close to the matter. The electronics and information technology giant is a…

Read more →

Two vulnerabilities found in Microsoft Azure services could have allowed cybercriminals to take over cloud services according to a new report from Checkpoint. The ISBuzz Post: This Post Experts Insight On Vulnerabilities Found In Microsoft Azure Services appeared first on Information Security Buzz.…

Read more →

In response to reports that a new Emotet malware targets victims using spam emails that contain malicious attachments under the guise of coronavirus reports, an expert commented below. The ISBuzz Post: This Post Experts On Hackers Use Coronavirus To Spread Malware To Thousands Of…

Read more →

In response to reports from Microsoft detailing that a new TA505 phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, expert provide an analysis below. The ISBuzz Post: This Post Microsoft Issues Excel Security Alert After Detecting New TA505…

Read more →

French media is reporting that the Bouygues Group’s construction subsidiary has been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested,…

Read more →

Social Captain, the social media boosting service, which bills itself as a service to increase user’s Instagram followers, has exposed thousands of Instagram account passwords after storing them in unencrypted plain text. Social Media Startup Social Captain Exposed Thousands of Instagram Account Passwords Stored in Plaintext,…

Read more →

It has been reported that SpiceJet, one of India’s largest privately owned airlines, has acknowledged a data breach involving the details of over a million of its passengers. The database included a rolling month’s worth of flight information and details of each commuter, they said, adding…

Read more →

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on…

Read more →

Hardware wallet creator Ledger has issued a warning to clients to be vigilant of Youtube accounts designed as phishing scams. According to a tweet published Jan. 27, Ledger claimed to be facing phishing attacks by way of hacked YouTube accounts.…

Read more →

Following the news that a new piece of file-encrypting ransomware, which some are linking to Iran, has been targeting processes and files associated with industrial control systems (ICS), please see below for a comment from experts. The ISBuzz Post: This Post Experts…

Read more →

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud…

Read more →

It has been reported that medical products maker Tissue Regenix Group said yesterday that its computer systems and a third-party IT service provider in the United States were accessed without authorization, sending its shares down as much as 22%. The company said it…

Read more →

Cnet reported late today that a major Facebook data partner was hacked to gain access to advertising accounts and operate credit card scams.  In October,  hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the…

Read more →

Professional services firm PwC surveyed over 1,600 CEOs from around the world and found that cyber attacks have become the most feared threat for large organisations – and that many have taken actions around their personal use of technology to…

Read more →

In response to reports that CEOs are removing their social media accounts to avoid getting hacked, experts from KnowBe4 and Cerberus Cybersecurity offer perspective. The ISBuzz Post: This Post EXPERT COMMENTS: CEOs Are deleting Their Social Media Accounts To Avoid Hacking appeared…

Read more →

Any organisation can face significant downtime, data loss and employee displacement if unprepared when a disaster strikes. All of these can have a serious and detrimental impact on the viability of a business. So, planning for them can help companies…

Read more →

A vulnerability in LabCorp’s website that hosts the company’s internal customer relationship management system, exposed thousands (at least 10,000) of medical documents that contained names, dates of birth, Social Security numbers of patients, lab test results and diagnostic data. While…

Read more →

The UK government has decided to allow Huawei to continue to be in its 5G networks, despite US officials warning to do so would pose a severe security risk. Reactions on Twitter: John Nicolson was also critical of the “broken” Westminster system…

Read more →

New Year’s resolutions are notoriously hard to keep. In fact, according to this YouGov poll, most Brits failed to keep all the resolutions they made for 2019. It may be hard to believe but we’re now firmly into 2020. In…

Read more →

According to BBC News, the UK government is developing laws that would require manufacturers to ensure their smart gadgets cannot be hacked and exploited via the internet. This is in the face of concerns that many internet-enabled devices lack basic security…

Read more →

Connectivity as a concept has become an essential part of life, as opposed to just a luxury. The Internet of Things (IoT) has already become commonplace in our lives, thanks to all the connected devices and smart technologies we own,…

Read more →

It has been reported that Gedia Automotive Group has been the victim of a cyber-attack by a gang using ransomware known as Sodinokibi. The German automotive parts maker, which is based in Attendorn, supplies lightweight chassis parts to carmakers across the world from locations…

Read more →

It has been reported that an antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world’s biggest companies, a joint investigation by Motherboard and PCMag has found. The Avast division…

Read more →

All Internet of Things and consumer smart devices will need to adhere to specific security requirements, under new government proposals. The aim of the legislation is to help protect UK citizen and businesses from the threats posed by cyber criminals increasingly targeting Internet…

Read more →

A spike in fraudulent transactions has forced the Google Security team to suspend all publishing and uploading of paid Chrome extensions to the Chrome Web store. Paid extensions on the Chrome Web Store are being suspended due to an increase in fraudulent transactionshttps://t.co/nIrWLwXnYH — Android…

Read more →

Hackers could eavesdrop on scores of Zoom Meetings by generating and verifying Zoom Meeting IDs; Zoom rolls out a series of security changes to fix flaws  Check Point Research identified a major security flaw in Zoom, the popular video conferencing…

Read more →

In response to reports that the Chrome Web Store has experienced a wave of fraudulent transactions prompting a temporary suspension or updating of any commercial Chrome extensions on the official Chrome Web Store, security experts commented below. The ISBuzz Post: This Post Chrome Web…

Read more →

It has been reported that the US Cybersecurity and Infrastructure Agency (CISA) today issued an advisory for six high-severity security vulnerabilities in patient monitoring devices. These flaws could allow an attacker to make changes at the software level of a device and in…

Read more →

Cofense has released release its Q4 2019 Malware Trends report, shedding light on the malware families, delivery methods and campaigns that dominated the past quarter. Q4 2019 demonstrated an overall decrease in malware volume, as Emotet (also known as Geodo)…

Read more →

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. CARROTBALL came in…

Read more →

Two New York state senators have proposed two bills that ban local municipalities and other government entities from using taxpayer money for paying ransomware demands. Bill (S7246), proposed by Republican NY Senator Phil Boyle on January 14 ,and bill (S7289)…

Read more →

Following widespread criticism of Nick Clegg’s suggestion that end-to-end encrypted messages could not be hacked, please find the comments below from security experts Derek believes companies such as Facebook risk opening the door to hackers by neglecting software hygiene. Clegg’s lack of…

Read more →

Colin Bastable, CEO of security awareness & training company Lucy Security, has issued comment and analysis of the newly reported Citibank phishing scam. The ISBuzz Post: This Post Citibank Phishing – Expert Comment And Analysis From Lucy Security CEO Colin Bastable appeared…

Read more →

NETGEAR recently issued a security advisory about a Transport Layer Security (TLS) certificate private key disclosure vulnerability on several of its routers. And this is apparently not the first time the company left TLS certificates and private keys exposed in their wireless…

Read more →

Artificial intelligence (AI) has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition (to unlock our smartphones), and even suggests music for us to listen to. Machine learning, a subset of AI, is…

Read more →

Active Directory expert Gerrit Lansing, field CTO at STEALTHbits Technologies, addressed this week’s discovery of a new module for the TrickBot trojan that targets the Active Directory database stored on compromised Windows domain controllers. The ISBuzz Post: This Post TrickBot Steals AD…

Read more →

Cybercriminals targeted a U.S. government agency with a spear-phishing campaign that leverages the increasing geopolitical relations issues surrounding North Korea to lure targets into opening malicious email attachments that contain malware strains, including a never-before-seen malware downloader, coined “Carrotball”. The fraudulent…

Read more →

This coming Tuesday, January 28, marks International Data Privacy Day.  Powered by the National Cyber Security Alliance, Data Privacy Day “encourages consumers to own their privacy and businesses to improve their data privacy practices.” The ISBuzz Post: This Post Cybersecurity Experts…

Read more →

According to Reuters, Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations. The tech giant’s reversal, about two years ago, has not…

Read more →

Microsoft disclosed a security breach that led to the accidental exposure of around 250 million customer support and service records, some containing personally identifiable information, between 05 and 31 December 2019. The exposure was caused by a misconfigured internal customer…

Read more →

According to security researchers, over 2,000 WordPress sites have been hacked to fuel a campaign that redirects visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. Security firm Sucuri detected this hacking…

Read more →

It has been reported that researchers at Trend Mirco built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target. Trend Micro launched the…

Read more →

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorised person had used a phishing attack to gain…

Read more →

It has been reported that a district encompassing Greater Seattle is set to become the first in which every voter can cast a ballot using a smartphone — a historic moment for American democracy. The King Conservation District, a state environmental agency that…

Read more →

The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, as reported by the Guardian. The encrypted message from…

Read more →

As reported by SC Magazine, hackers are actively exploiting a zero day vulnerability in Internet Explorer, prompting a warning from the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). “Microsoft is aware of limited targeted attacks” in a…

Read more →

As reported by Bleeping Computer, a new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices. BitPyLock was first discovered by MalwareHunterTeam on January 9th, 2020 and has since seen a…

Read more →

The National Institute of Standards and Technology (NIST) just released its first version of its privacy framework, a tool to give organizations guidance on how to manage risks and be in compliance with new privacy laws. The ISBuzz Post: This Post Panorays…

Read more →

Hackers are targeting MSPs in an effort to infiltrate a large audience all at once without being detected as they hit targets upstream. Synoptek, a California Managed IT Services Provider,  was one example of an MSP who got hit with ransomware…

Read more →

In response to reports prolific phishing campaign Shop16 has expanded its operation with new attacks that target PayPal accounts, an expert from KnowBe4 offers perspective. The ISBuzz Post: This Post EXPERT COMMENT: Shop16 Phishing Campaign Now Targets PayPal Customers appeared first on…

Read more →

Hanna Anderson, a company that offers children’s clothes online, has been the target of a Magecart attack wherein their customers’ credit card information was stolen as they were making purchases. The attack was discovered after the credit cards were found for sale…

Read more →

In a blog post, security researchers said that many mobile operators aren’t asking the difficult security questions to ensure the caller is the legitimate mobile phone user. Researchers pointed to a particular Princeton study, where researchers made around 50 attempts across five…

Read more →

Mitsubishi Electric released a statement today confirming that the company was hit by a data breach dating back to late June last year. It’s speculated that the cyberattack is linked to a Chinese cyber-espionage group, Tick (or Bronze Butler), that…

Read more →

Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review. Sales staff at Regus had been recorded showing researchers posing as clients around office space available to…

Read more →

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation, GDPR, came into force. The number of breaches and other security incidents being reported each day continues to rise and the…

Read more →

In a change of policy, state elections officials will be notified by the FBI of possible cyber threats to election infrastructure.  Homeland Security has also provided election officials with best practices for securing election systems. The ISBuzz Post: This Post CEO Comments On…

Read more →

Betting companies were inappropriately provided access to information sourced from a government database containing the records of 28 million children, reports suggest. The UK’s Department for Education (DfE) is responsible for the database, which contains the details of minors aged 14…

Read more →

The number of Council devices reported lost or stolen over the three most recent Financial years has more than doubled from 304 in 2016-17, to 635 in 2018-19, according to research collated by the Parliament Street Think Tank. The data,…

Read more →

In response to reports the European Commission is considering a temporary facial recognition ban in a new AI white paper, security experts commented below on this temporary ban if approved. The ISBuzz Post: This Post Experts Comments On European Commission…

Read more →

Security researchers have discovered a new set of “fleeceware” apps that appear to have been downloaded and installed by more than 600 million Android users. A new set of 25 Android apps were caught illegally charging users at the end…

Read more →

From tech giants and gamers to politicians and retailers, nobody is safe from today’s mutating threat landscape.  2019 was another frenzied maelstrom of cyberattacks, mitigations, pre-emptions and preventions, with the old (phishing and DDoS et al) rubbing havoc-wreaking shoulders with…

Read more →

The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from data…

Read more →

Researchers at cybersecurity firm Proofpoint have observed that the prolific botnet Emotet has returned to the email threat landscape after a hiatus at the end of 2019. The Trojan-turned-botnet is being distributed by threat group TA542, using attachments and malicious links containing…

Read more →

An alternative to costly commercial bug bounties, there is record growth in Open Bug Bounty program. We contacted the security expert to provide his comments on the growth of this open bug bounty program. From their site: “With almost half-a-million…

Read more →