Tag: Information Security Buzz

French media is reporting that the Bouygues Group’s construction subsidiary has been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested,…

Read more →

Social Captain, the social media boosting service, which bills itself as a service to increase user’s Instagram followers, has exposed thousands of Instagram account passwords after storing them in unencrypted plain text. Social Media Startup Social Captain Exposed Thousands of Instagram Account Passwords Stored in Plaintext,…

Read more →

It has been reported that SpiceJet, one of India’s largest privately owned airlines, has acknowledged a data breach involving the details of over a million of its passengers. The database included a rolling month’s worth of flight information and details of each commuter, they said, adding…

Read more →

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on…

Read more →

Hardware wallet creator Ledger has issued a warning to clients to be vigilant of Youtube accounts designed as phishing scams. According to a tweet published Jan. 27, Ledger claimed to be facing phishing attacks by way of hacked YouTube accounts.…

Read more →

Following the news that a new piece of file-encrypting ransomware, which some are linking to Iran, has been targeting processes and files associated with industrial control systems (ICS), please see below for a comment from experts. The ISBuzz Post: This Post Experts…

Read more →

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud…

Read more →

It has been reported that medical products maker Tissue Regenix Group said yesterday that its computer systems and a third-party IT service provider in the United States were accessed without authorization, sending its shares down as much as 22%. The company said it…

Read more →

Cnet reported late today that a major Facebook data partner was hacked to gain access to advertising accounts and operate credit card scams.  In October,  hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the…

Read more →

Professional services firm PwC surveyed over 1,600 CEOs from around the world and found that cyber attacks have become the most feared threat for large organisations – and that many have taken actions around their personal use of technology to…

Read more →

In response to reports that CEOs are removing their social media accounts to avoid getting hacked, experts from KnowBe4 and Cerberus Cybersecurity offer perspective. The ISBuzz Post: This Post EXPERT COMMENTS: CEOs Are deleting Their Social Media Accounts To Avoid Hacking appeared…

Read more →

Any organisation can face significant downtime, data loss and employee displacement if unprepared when a disaster strikes. All of these can have a serious and detrimental impact on the viability of a business. So, planning for them can help companies…

Read more →

A vulnerability in LabCorp’s website that hosts the company’s internal customer relationship management system, exposed thousands (at least 10,000) of medical documents that contained names, dates of birth, Social Security numbers of patients, lab test results and diagnostic data. While…

Read more →

The UK government has decided to allow Huawei to continue to be in its 5G networks, despite US officials warning to do so would pose a severe security risk. Reactions on Twitter: John Nicolson was also critical of the “broken” Westminster system…

Read more →

New Year’s resolutions are notoriously hard to keep. In fact, according to this YouGov poll, most Brits failed to keep all the resolutions they made for 2019. It may be hard to believe but we’re now firmly into 2020. In…

Read more →

According to BBC News, the UK government is developing laws that would require manufacturers to ensure their smart gadgets cannot be hacked and exploited via the internet. This is in the face of concerns that many internet-enabled devices lack basic security…

Read more →

Connectivity as a concept has become an essential part of life, as opposed to just a luxury. The Internet of Things (IoT) has already become commonplace in our lives, thanks to all the connected devices and smart technologies we own,…

Read more →

It has been reported that Gedia Automotive Group has been the victim of a cyber-attack by a gang using ransomware known as Sodinokibi. The German automotive parts maker, which is based in Attendorn, supplies lightweight chassis parts to carmakers across the world from locations…

Read more →

It has been reported that an antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world’s biggest companies, a joint investigation by Motherboard and PCMag has found. The Avast division…

Read more →

All Internet of Things and consumer smart devices will need to adhere to specific security requirements, under new government proposals. The aim of the legislation is to help protect UK citizen and businesses from the threats posed by cyber criminals increasingly targeting Internet…

Read more →

A spike in fraudulent transactions has forced the Google Security team to suspend all publishing and uploading of paid Chrome extensions to the Chrome Web store. Paid extensions on the Chrome Web Store are being suspended due to an increase in fraudulent transactionshttps://t.co/nIrWLwXnYH — Android…

Read more →

Hackers could eavesdrop on scores of Zoom Meetings by generating and verifying Zoom Meeting IDs; Zoom rolls out a series of security changes to fix flaws  Check Point Research identified a major security flaw in Zoom, the popular video conferencing…

Read more →

In response to reports that the Chrome Web Store has experienced a wave of fraudulent transactions prompting a temporary suspension or updating of any commercial Chrome extensions on the official Chrome Web Store, security experts commented below. The ISBuzz Post: This Post Chrome Web…

Read more →

It has been reported that the US Cybersecurity and Infrastructure Agency (CISA) today issued an advisory for six high-severity security vulnerabilities in patient monitoring devices. These flaws could allow an attacker to make changes at the software level of a device and in…

Read more →

Cofense has released release its Q4 2019 Malware Trends report, shedding light on the malware families, delivery methods and campaigns that dominated the past quarter. Q4 2019 demonstrated an overall decrease in malware volume, as Emotet (also known as Geodo)…

Read more →

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. CARROTBALL came in…

Read more →

Two New York state senators have proposed two bills that ban local municipalities and other government entities from using taxpayer money for paying ransomware demands. Bill (S7246), proposed by Republican NY Senator Phil Boyle on January 14 ,and bill (S7289)…

Read more →

Following widespread criticism of Nick Clegg’s suggestion that end-to-end encrypted messages could not be hacked, please find the comments below from security experts Derek believes companies such as Facebook risk opening the door to hackers by neglecting software hygiene. Clegg’s lack of…

Read more →

Colin Bastable, CEO of security awareness & training company Lucy Security, has issued comment and analysis of the newly reported Citibank phishing scam. The ISBuzz Post: This Post Citibank Phishing – Expert Comment And Analysis From Lucy Security CEO Colin Bastable appeared…

Read more →

NETGEAR recently issued a security advisory about a Transport Layer Security (TLS) certificate private key disclosure vulnerability on several of its routers. And this is apparently not the first time the company left TLS certificates and private keys exposed in their wireless…

Read more →

Artificial intelligence (AI) has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition (to unlock our smartphones), and even suggests music for us to listen to. Machine learning, a subset of AI, is…

Read more →

Active Directory expert Gerrit Lansing, field CTO at STEALTHbits Technologies, addressed this week’s discovery of a new module for the TrickBot trojan that targets the Active Directory database stored on compromised Windows domain controllers. The ISBuzz Post: This Post TrickBot Steals AD…

Read more →

Cybercriminals targeted a U.S. government agency with a spear-phishing campaign that leverages the increasing geopolitical relations issues surrounding North Korea to lure targets into opening malicious email attachments that contain malware strains, including a never-before-seen malware downloader, coined “Carrotball”. The fraudulent…

Read more →

This coming Tuesday, January 28, marks International Data Privacy Day.  Powered by the National Cyber Security Alliance, Data Privacy Day “encourages consumers to own their privacy and businesses to improve their data privacy practices.” The ISBuzz Post: This Post Cybersecurity Experts…

Read more →

According to Reuters, Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations. The tech giant’s reversal, about two years ago, has not…

Read more →

Microsoft disclosed a security breach that led to the accidental exposure of around 250 million customer support and service records, some containing personally identifiable information, between 05 and 31 December 2019. The exposure was caused by a misconfigured internal customer…

Read more →

According to security researchers, over 2,000 WordPress sites have been hacked to fuel a campaign that redirects visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. Security firm Sucuri detected this hacking…

Read more →

It has been reported that researchers at Trend Mirco built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target. Trend Micro launched the…

Read more →

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorised person had used a phishing attack to gain…

Read more →

It has been reported that a district encompassing Greater Seattle is set to become the first in which every voter can cast a ballot using a smartphone — a historic moment for American democracy. The King Conservation District, a state environmental agency that…

Read more →

The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, as reported by the Guardian. The encrypted message from…

Read more →

As reported by SC Magazine, hackers are actively exploiting a zero day vulnerability in Internet Explorer, prompting a warning from the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). “Microsoft is aware of limited targeted attacks” in a…

Read more →

As reported by Bleeping Computer, a new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices. BitPyLock was first discovered by MalwareHunterTeam on January 9th, 2020 and has since seen a…

Read more →

The National Institute of Standards and Technology (NIST) just released its first version of its privacy framework, a tool to give organizations guidance on how to manage risks and be in compliance with new privacy laws. The ISBuzz Post: This Post Panorays…

Read more →

Hackers are targeting MSPs in an effort to infiltrate a large audience all at once without being detected as they hit targets upstream. Synoptek, a California Managed IT Services Provider,  was one example of an MSP who got hit with ransomware…

Read more →

In response to reports prolific phishing campaign Shop16 has expanded its operation with new attacks that target PayPal accounts, an expert from KnowBe4 offers perspective. The ISBuzz Post: This Post EXPERT COMMENT: Shop16 Phishing Campaign Now Targets PayPal Customers appeared first on…

Read more →

Hanna Anderson, a company that offers children’s clothes online, has been the target of a Magecart attack wherein their customers’ credit card information was stolen as they were making purchases. The attack was discovered after the credit cards were found for sale…

Read more →

In a blog post, security researchers said that many mobile operators aren’t asking the difficult security questions to ensure the caller is the legitimate mobile phone user. Researchers pointed to a particular Princeton study, where researchers made around 50 attempts across five…

Read more →

Mitsubishi Electric released a statement today confirming that the company was hit by a data breach dating back to late June last year. It’s speculated that the cyberattack is linked to a Chinese cyber-espionage group, Tick (or Bronze Butler), that…

Read more →

Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review. Sales staff at Regus had been recorded showing researchers posing as clients around office space available to…

Read more →

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation, GDPR, came into force. The number of breaches and other security incidents being reported each day continues to rise and the…

Read more →

In a change of policy, state elections officials will be notified by the FBI of possible cyber threats to election infrastructure.  Homeland Security has also provided election officials with best practices for securing election systems. The ISBuzz Post: This Post CEO Comments On…

Read more →

Betting companies were inappropriately provided access to information sourced from a government database containing the records of 28 million children, reports suggest. The UK’s Department for Education (DfE) is responsible for the database, which contains the details of minors aged 14…

Read more →

The number of Council devices reported lost or stolen over the three most recent Financial years has more than doubled from 304 in 2016-17, to 635 in 2018-19, according to research collated by the Parliament Street Think Tank. The data,…

Read more →

In response to reports the European Commission is considering a temporary facial recognition ban in a new AI white paper, security experts commented below on this temporary ban if approved. The ISBuzz Post: This Post Experts Comments On European Commission…

Read more →

Security researchers have discovered a new set of “fleeceware” apps that appear to have been downloaded and installed by more than 600 million Android users. A new set of 25 Android apps were caught illegally charging users at the end…

Read more →

From tech giants and gamers to politicians and retailers, nobody is safe from today’s mutating threat landscape.  2019 was another frenzied maelstrom of cyberattacks, mitigations, pre-emptions and preventions, with the old (phishing and DDoS et al) rubbing havoc-wreaking shoulders with…

Read more →

The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from data…

Read more →

Researchers at cybersecurity firm Proofpoint have observed that the prolific botnet Emotet has returned to the email threat landscape after a hiatus at the end of 2019. The Trojan-turned-botnet is being distributed by threat group TA542, using attachments and malicious links containing…

Read more →

An alternative to costly commercial bug bounties, there is record growth in Open Bug Bounty program. We contacted the security expert to provide his comments on the growth of this open bug bounty program. From their site: “With almost half-a-million…

Read more →

Yesterday saw the release of the 15th edition of the World Economic Forum’s Global Risks Report. According to the report, both sets of respondents to the Global Risks Perception Survey—the multi-stakeholder community and the Global Shapers—identify cyber-related issues, such as cyberattacks on critical…

Read more →

P&N Bank’s data breach has exposed personally identifiable information (PII) and account data of 100,000 customers. The breach was likely caused by a third party that was providing hosting services when P&N was performing a server upgrade. Security experts commented…

Read more →

As reported by Digital Trends, Google has today announced that iPhones can now function as physical two-factor security keys for logging into the company’s own services like Gmail in Chrome. This authentication method, Google claims, is a lot more secure than…

Read more →

It has been reported that an unsecured database on Amazon has been discovered, exposing sensitive information and passport scans on thousands of employees. The information, including thousands of passport scans, tax documents, background checks, job applications, expense forms, scanned contracts,…

Read more →

The resurgence of an Android banking trojan, dubbed Faketoken, is draining victim’s banking accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. Besides using fake logins and phishing overlay screens to steal credentials and exfiltrate mTAN…

Read more →

Emotet operators launched a sophisticated phishing attack against email addresses associated with users at the United Nations. The Emotet attackers are impersonating representatives of Norway at the United Nations in New York by sending malicious emails that state that there…

Read more →

Russian military hackers have been boring into the Ukrainian gas company, Burisma, at the centre of the Trump impeachment affair, according to security experts. The hacking attempts against Burisma, on whose board Hunter Biden (Joe Biden’s son) served, began in early…

Read more →

A website collecting donations to help Australia’s Bushfire relief efforts has been hit with a Magecart attack according to researchers from MalwareBytes.   The ISBuzz Post: This Post Panorays Comments On Magecart Attack On Aussie Bushfire Donation Website appeared first…

Read more →

Dating apps including Grindr, OkCupid and Tinder leak personal information to advertising tech companies in possible violation of European data privacy laws, a Norwegian consumer group said in a report Tuesday.  The Norwegian Consumer Council said it found “serious privacy infringements” in…

Read more →

US President Donald Trump has attacked Apple over their refusal to unlock iPhones “used by killers, drug dealers and other violent criminal elements”.  On Monday US Attorney General William Barr accused Apple of not being helpful in an inquiry into a shooting that…

Read more →

Overnight, Microsoft announced a patch for a vulnerability discovered by the NSA in Windows 10. The vulnerability could have been exploited by hackers to create malicious software that looked legitimate.    The ISBuzz Post: This Post Major Flaw In Windows…

Read more →

Data from an exposed LimeLeads Elasticsearch server has ended up on a hacking forum, being sold by a well-known individual on underground hacking forums named Omnichorus, who has build a reputation for sharing and selling hacked and stolen data. A…

Read more →

It has been reported that thousands of baby videos and images are being left unsecured and exposed to the internet by Peekaboo Moments, a mobile app. This is due to the app’s developer, Bithouse Inc., leaving an Elasticsearch database open on the internet. The ISBuzz Post:…

Read more →

Brian Krebs posted a story last night about an emergency patch Microsoft sent to government agencies, branches of the US military and other organisations responsible for managing internet infrastructure. The vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module…

Read more →

Whether it is an EPOS system at a fast food venue or large display system at a public transport hub, interactive kiosks are becoming popular and trusted conduits for transacting valuable data with customers. The purpose of interactive kiosks, and…

Read more →

TechCrunch broke news of research last Friday that A billion medical images are exposed online, as doctors ignore warnings.  Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records…

Read more →

The Manor Independent School District, which is located about 20 minutes away from the state capital, Austin, reported that it had been hit with a phishing scam on Friday. According to CNN, the scam involved three separate fraudulent transactions that were carried out…

Read more →

Tomorrow, Microsoft will end regular update and patch distributions for Windows 7, leaving those without preparations in place at risk.  Ken Galvin, Senior Product Manage of Quest KACE, believes that migrating doesn’t have to be a daunting task for businesses,…

Read more →

Tomorrow, Microsoft will end regular update and patch distributions for Windows 7, leaving those without preparations in place at risk.  Ken Galvin, Senior Product Manage of Quest KACE, believes that migrating doesn’t have to be a daunting task for businesses,…

Read more →

The Manor Independent School District, which is located about 20 minutes away from the state capital, Austin, reported that it had been hit with a phishing scam on Friday. According to CNN, the scam involved three separate fraudulent transactions that were carried out…

Read more →

According to researchers, multiple European websites for the Perricone MD anti-aging skin-care brand have been infected with scripts that steal customer payment card info when making a purchase. Two Magecart groups were competing for the credit card data on sites in…

Read more →

PayPal has recently confirmed that a researcher found a high-severity security vulnerability in CAPTCHA that could expose user passwords to an attacker. The researcher, Alex Birsan, earned a bug bounty of $15,300 (£11,700) for reporting the problem, which was disclosed…

Read more →

It has been reported that open-source software projects continue to struggle with handling sensitive information, according to automated scans of hundreds of millions of commits to code repositories. Driven by increased research into software security, more software under development, companies’ greater openness to…

Read more →

In 2019 we saw a steady increase in the number and modes of cyberattacks. In fact, more than half of all British companies reported cyberattacks in the last year alone. To prepare for  2020, Tanium looked into the biggest concerns…

Read more →

According to new research, attacks on the SHA-1 hashing algorithm just got a lot more dangerous with the discovery of a cheaper, more practical version of SHA-1 collision attacks. Hashing algorithms are used to compute the keys used in public key…

Read more →

In response to reports that a US–funded mobile carrier that offers phones via the Lifeline Assistance program is selling mobile devices pre-installed with malicious applications, cybersecurity expert offers perspective. The ISBuzz Post: This Post Expert Reaction On Pre-Installed, Unremoveable Malware Found On…

Read more →

On January 14th, Microsoft will discontinue support for Windows 7. This means any PCs still running the software will no longer receive security updates, software updates, or technical support for any issues. If people continue to use a Windows 7 PC after the…

Read more →

In response to reports that an Iranian state-sponsored hacking group has been ‘password-spraying’ U.S. electric utilities for the past year, experts commented below. The ISBuzz Post: This Post EXPERT COMMENTS: Iranian Hackers Have Been ‘Password-Spraying’ US Electric Utilities appeared first on Information Security Buzz.  …

Read more →

A North Korea-backed hacking campaign that targets both Windows and macOS systems has been updated with new techniques and tools, it has been reported. This campaign, dubbed ‘Operation AppleJeus’, is designed steal cryptocurrency from organisations and individuals around the world. Attacks…

Read more →

It has been reported that multiple vulnerabilities have been found within video sharing app TikTok. Security researchers found that it was possible to spoof text messages to make them appear to come from TikTok. Once a user clicked the fake link, a hacker would…

Read more →

According to TechRadar, Google’s Project Zero has revealed that it will be trialling a new policy where the security team will give companies a full 90 days before disclosing issues in their systems or software. The search giant’s team of security analysts…

Read more →

It has been reported that the FBI and Department of Homeland Security warned of the terror threats Iran poses to the US in a joint intelligence bulletin sent to law enforcement throughout the country on Wednesday. In the bulletin, which was obtained by CNN,…

Read more →

Engineering & Technology have announced that South Wales Police will once again target football fans with facial-recognition cameras at the Cardiff City Stadium on Sunday 12 January.This is not the first time police have used this technology, neither is it the…

Read more →

In response to the news that SNAKE ransomware is targeting entire corporate networks, expert offers perspective. SNAKE Ransomware is The Next Threat Targeting Business Networks – by @LawrenceAbramshttps://t.co/U6b9Pfs0zJ — BleepingComputer (@BleepinComputer) January 8, 2020 The ISBuzz Post: This Post EXPERT COMMENTS: SNAKE Ransomware…

Read more →

Apple has started scanning photos uploaded from iPhones to check for child sexual abuse images, as tech companies come under pressure to do more to tackle the crime. Jane Horvath, Apple’s chief privacy officer, revealed at CES 2020 that the company…

Read more →

A data breach in Las Vegas comes amid tensions with Iran and a warning from homeland security of quote “potentially disruptive and destructive” Iranian cyber operations. The city released the following statement to News 3: The city of Las Vegas…

Read more →

It has been reported that some of the UK’s biggest high street banks have been impacted following the cyber attack on Travelex – with Royal Bank of Scotland, HSBC and Barclays among those left with no online travel money services. More than a…

Read more →

The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. The Alexandria, Minnesota-based locally-governed hospital started notifying its patients of the security breach incident on January 3,…

Read more →

Personal information such as private addresses and email addresses were vulnerable to exposure in one the world’s most trending apps  Check Point Research revealed today that it uncovered multiple vulnerabilities in TikTok which could have allowed attackers to manipulate content…

Read more →

Chase Bank is going to ban third-party access to customer accounts through customer passwords according to new reports. It is an effort to tighten up security on customer accounts.   The ISBuzz Post: This Post Comments On Chase Bank Move To Restrict…

Read more →