Tag: Information Security Buzz

Yesterday saw the release of the 15th edition of the World Economic Forum’s Global Risks Report. According to the report, both sets of respondents to the Global Risks Perception Survey—the multi-stakeholder community and the Global Shapers—identify cyber-related issues, such as cyberattacks on critical…

Read more →

P&N Bank’s data breach has exposed personally identifiable information (PII) and account data of 100,000 customers. The breach was likely caused by a third party that was providing hosting services when P&N was performing a server upgrade. Security experts commented…

Read more →

As reported by Digital Trends, Google has today announced that iPhones can now function as physical two-factor security keys for logging into the company’s own services like Gmail in Chrome. This authentication method, Google claims, is a lot more secure than…

Read more →

It has been reported that an unsecured database on Amazon has been discovered, exposing sensitive information and passport scans on thousands of employees. The information, including thousands of passport scans, tax documents, background checks, job applications, expense forms, scanned contracts,…

Read more →

The resurgence of an Android banking trojan, dubbed Faketoken, is draining victim’s banking accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. Besides using fake logins and phishing overlay screens to steal credentials and exfiltrate mTAN…

Read more →

Emotet operators launched a sophisticated phishing attack against email addresses associated with users at the United Nations. The Emotet attackers are impersonating representatives of Norway at the United Nations in New York by sending malicious emails that state that there…

Read more →

Russian military hackers have been boring into the Ukrainian gas company, Burisma, at the centre of the Trump impeachment affair, according to security experts. The hacking attempts against Burisma, on whose board Hunter Biden (Joe Biden’s son) served, began in early…

Read more →

A website collecting donations to help Australia’s Bushfire relief efforts has been hit with a Magecart attack according to researchers from MalwareBytes.   The ISBuzz Post: This Post Panorays Comments On Magecart Attack On Aussie Bushfire Donation Website appeared first…

Read more →

Dating apps including Grindr, OkCupid and Tinder leak personal information to advertising tech companies in possible violation of European data privacy laws, a Norwegian consumer group said in a report Tuesday.  The Norwegian Consumer Council said it found “serious privacy infringements” in…

Read more →

US President Donald Trump has attacked Apple over their refusal to unlock iPhones “used by killers, drug dealers and other violent criminal elements”.  On Monday US Attorney General William Barr accused Apple of not being helpful in an inquiry into a shooting that…

Read more →

Overnight, Microsoft announced a patch for a vulnerability discovered by the NSA in Windows 10. The vulnerability could have been exploited by hackers to create malicious software that looked legitimate.    The ISBuzz Post: This Post Major Flaw In Windows…

Read more →

Data from an exposed LimeLeads Elasticsearch server has ended up on a hacking forum, being sold by a well-known individual on underground hacking forums named Omnichorus, who has build a reputation for sharing and selling hacked and stolen data. A…

Read more →

It has been reported that thousands of baby videos and images are being left unsecured and exposed to the internet by Peekaboo Moments, a mobile app. This is due to the app’s developer, Bithouse Inc., leaving an Elasticsearch database open on the internet. The ISBuzz Post:…

Read more →

Brian Krebs posted a story last night about an emergency patch Microsoft sent to government agencies, branches of the US military and other organisations responsible for managing internet infrastructure. The vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module…

Read more →

Whether it is an EPOS system at a fast food venue or large display system at a public transport hub, interactive kiosks are becoming popular and trusted conduits for transacting valuable data with customers. The purpose of interactive kiosks, and…

Read more →

TechCrunch broke news of research last Friday that A billion medical images are exposed online, as doctors ignore warnings.  Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records…

Read more →

The Manor Independent School District, which is located about 20 minutes away from the state capital, Austin, reported that it had been hit with a phishing scam on Friday. According to CNN, the scam involved three separate fraudulent transactions that were carried out…

Read more →

Tomorrow, Microsoft will end regular update and patch distributions for Windows 7, leaving those without preparations in place at risk.  Ken Galvin, Senior Product Manage of Quest KACE, believes that migrating doesn’t have to be a daunting task for businesses,…

Read more →

Tomorrow, Microsoft will end regular update and patch distributions for Windows 7, leaving those without preparations in place at risk.  Ken Galvin, Senior Product Manage of Quest KACE, believes that migrating doesn’t have to be a daunting task for businesses,…

Read more →

The Manor Independent School District, which is located about 20 minutes away from the state capital, Austin, reported that it had been hit with a phishing scam on Friday. According to CNN, the scam involved three separate fraudulent transactions that were carried out…

Read more →

According to researchers, multiple European websites for the Perricone MD anti-aging skin-care brand have been infected with scripts that steal customer payment card info when making a purchase. Two Magecart groups were competing for the credit card data on sites in…

Read more →

PayPal has recently confirmed that a researcher found a high-severity security vulnerability in CAPTCHA that could expose user passwords to an attacker. The researcher, Alex Birsan, earned a bug bounty of $15,300 (£11,700) for reporting the problem, which was disclosed…

Read more →

It has been reported that open-source software projects continue to struggle with handling sensitive information, according to automated scans of hundreds of millions of commits to code repositories. Driven by increased research into software security, more software under development, companies’ greater openness to…

Read more →

In 2019 we saw a steady increase in the number and modes of cyberattacks. In fact, more than half of all British companies reported cyberattacks in the last year alone. To prepare for  2020, Tanium looked into the biggest concerns…

Read more →

According to new research, attacks on the SHA-1 hashing algorithm just got a lot more dangerous with the discovery of a cheaper, more practical version of SHA-1 collision attacks. Hashing algorithms are used to compute the keys used in public key…

Read more →

In response to reports that a US–funded mobile carrier that offers phones via the Lifeline Assistance program is selling mobile devices pre-installed with malicious applications, cybersecurity expert offers perspective. The ISBuzz Post: This Post Expert Reaction On Pre-Installed, Unremoveable Malware Found On…

Read more →

On January 14th, Microsoft will discontinue support for Windows 7. This means any PCs still running the software will no longer receive security updates, software updates, or technical support for any issues. If people continue to use a Windows 7 PC after the…

Read more →

In response to reports that an Iranian state-sponsored hacking group has been ‘password-spraying’ U.S. electric utilities for the past year, experts commented below. The ISBuzz Post: This Post EXPERT COMMENTS: Iranian Hackers Have Been ‘Password-Spraying’ US Electric Utilities appeared first on Information Security Buzz.  …

Read more →

A North Korea-backed hacking campaign that targets both Windows and macOS systems has been updated with new techniques and tools, it has been reported. This campaign, dubbed ‘Operation AppleJeus’, is designed steal cryptocurrency from organisations and individuals around the world. Attacks…

Read more →

It has been reported that multiple vulnerabilities have been found within video sharing app TikTok. Security researchers found that it was possible to spoof text messages to make them appear to come from TikTok. Once a user clicked the fake link, a hacker would…

Read more →

According to TechRadar, Google’s Project Zero has revealed that it will be trialling a new policy where the security team will give companies a full 90 days before disclosing issues in their systems or software. The search giant’s team of security analysts…

Read more →

It has been reported that the FBI and Department of Homeland Security warned of the terror threats Iran poses to the US in a joint intelligence bulletin sent to law enforcement throughout the country on Wednesday. In the bulletin, which was obtained by CNN,…

Read more →

Engineering & Technology have announced that South Wales Police will once again target football fans with facial-recognition cameras at the Cardiff City Stadium on Sunday 12 January.This is not the first time police have used this technology, neither is it the…

Read more →

In response to the news that SNAKE ransomware is targeting entire corporate networks, expert offers perspective. SNAKE Ransomware is The Next Threat Targeting Business Networks – by @LawrenceAbramshttps://t.co/U6b9Pfs0zJ — BleepingComputer (@BleepinComputer) January 8, 2020 The ISBuzz Post: This Post EXPERT COMMENTS: SNAKE Ransomware…

Read more →

Apple has started scanning photos uploaded from iPhones to check for child sexual abuse images, as tech companies come under pressure to do more to tackle the crime. Jane Horvath, Apple’s chief privacy officer, revealed at CES 2020 that the company…

Read more →

A data breach in Las Vegas comes amid tensions with Iran and a warning from homeland security of quote “potentially disruptive and destructive” Iranian cyber operations. The city released the following statement to News 3: The city of Las Vegas…

Read more →

It has been reported that some of the UK’s biggest high street banks have been impacted following the cyber attack on Travelex – with Royal Bank of Scotland, HSBC and Barclays among those left with no online travel money services. More than a…

Read more →

The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. The Alexandria, Minnesota-based locally-governed hospital started notifying its patients of the security breach incident on January 3,…

Read more →

Personal information such as private addresses and email addresses were vulnerable to exposure in one the world’s most trending apps  Check Point Research revealed today that it uncovered multiple vulnerabilities in TikTok which could have allowed attackers to manipulate content…

Read more →

Chase Bank is going to ban third-party access to customer accounts through customer passwords according to new reports. It is an effort to tighten up security on customer accounts.   The ISBuzz Post: This Post Comments On Chase Bank Move To Restrict…

Read more →

As reported by Sky News, a US government-operated website has been hacked by a group claiming to be acting in retaliation for the killing of Iran’s top general. Those who clicked on the American Federal Depository Library Programme (FDLP) site on…

Read more →

In response to US actions against Iran and the potential of escalation on the cyber front, three cybersecurity experts with KnowBe4 with strong defense and national security background offer perspective. The ISBuzz Post: This Post Iran’s Potential Cyber Retribution Strategies…

Read more →

A Japanese search engine used for locating Love Hotels in Japan has been breached. Similar to the Ashley Madison breach, customers are awaiting the fall-out should the data be posted online. The ISBuzz Post: This Post The Media Trust Comments…

Read more →

The Sun revealed that the Travelex website is still down, four days after a cyber attack on New Year’s Eve. The currency provider has taken down its site and app, leaving some customers struggling to access funds. The currency exchange provides services to several…

Read more →

Iran has already demonstrated intent and capability to attack inside the US as well as a high tolerance for escalating risk, specifically during the 2011 plot to assassinate the Saudi Ambassador to the US inside the US. Therefore current risk…

Read more →

A cryptocurrency exchange has been forced to reset customer passwords after a suspected data leak via social media, although its incident response efforts caused more confusion among some users. US-based exchange Poloniex informed around 1% of its customer base that…

Read more →

As we charge into the third decade of the 21st century, it’s time to ask: so what will happen next with cybersecurity? We reached out to 100+ cybersecurity experts with diverse backgrounds for their predictions and below are the responses.…

Read more →

Austria’s foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country. The ministry said the seriousness of the attack suggested it might have been carried out by a “state actor”. The hack…

Read more →

Mozilla, maker of Firefox will now give users the option to delete their data collected by the company in the next version of the browser set to be available on January 7th.*  This move was prompted by the California Consumer Privacy…

Read more →

Following the news that a website operated by the U.S. government has been hacked by a group claiming to represent the government of Iran, security experts have warned that these cyber attacks could be part of Iran‘s retaliation for the US airstrike on friday that…

Read more →

Landry’s Inc., a restaurant and hospitality corporation that owns popular eateries such as McCormick and Schmick’s, Rainforest Cafe and Del Frisco’s, was infected by malware that infected its order-entry systems to steal customer payment card information. The malware was able to infiltrate…

Read more →

Police forces across the UK have seen a 43 per cent increase in reports of crimes involving social networking site Instagram, according to official data. The findings, obtained by the Parliament Street think tank using Freedom of Information (FoI) legislation…

Read more →

Travelex has been forced to take down its website after a cyber attack, a decision that has affected other services that use its services, including Tesco Bank.  The foreign-currency seller has been working on the issue since the software virus attack on…

Read more →

As reported by Variety, Adam Sandler’s Twitter account has been hacked, with hackers retweeting posts from several accounts. The ‘Chuckling Squad’ group, who are responsible for the attack, have also previously been linked to the hacking of Twitter CEO Jack Dorsey’s…

Read more →

A computer virus forced a US maritime base offline for more than 30 hours, the country’s coast guard has revealed. Ransomware interrupted cameras, door-access control systems and critical monitoring systems at the site. The agency did not reveal the name…

Read more →

BBC News reported yesterday that websites and mobile apps for Lloyds, Halifax and Bank of Scotland, the three companies, part of Lloyds Banking group, had all become unavailable. The ISBuzz Post: This Post Response Comments: Lloyds Banking Group Online Services Down appeared first on…

Read more →

Recently, the Twelve Security blog reported that Wyze Labs, makers of a line of popular affordable security cameras, had suffered a huge breach in which the company’s production databases were left entirely open to the internet. This exposed the personal data of…

Read more →

The Zeppelin ransomware gang has joined the ranks of ransomware strains (Maze, REvil (Sodinokibi), Snatch, and the now-defunct Merry Christmas) that collect and steal a victim’s data before encrypting files. New Zeppelin Ransomware Brings Companies To A Halt https://t.co/hoInPE1Ryn pic.twitter.com/xgu471bSBy —…

Read more →

The DNS-over-HTTPS (DoH) protocol is used for increased security on the network and provides additional confidentiality, but could be tracked according to a SANs researcher.* How to Enable Firefox’s More-Secure DNS Over HTTPS Feature Before Mozilla Does https://t.co/N8H3ZUaYgD vía @@lifehacker —…

Read more →

It has been reported that Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. The infrastructure behind these Canadian focused attacks includes hundreds of…

Read more →