What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-02 21:59:59 | World Password Day 2022 – Commentary (lien direct) | Despite employees knowing the risk of bad password habits, many continue to recycle the same passwords out of convenience. However, 95% of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts throughout the year, highlighting the need for more education on password practices. | |||
|
2022-04-28 22:00:32 | Scammers Are Copying News Sites To Push Elon Musk-themed Crypto Scams (lien direct) | According to Malwarebytes, scammers have been capitalising on recent news of Elon Musk's twitter purchase to push scam cryptocurrencies to users. Bot accounts posing as Elon Musk have been posting fake replies to tweets directing users to a fake version of news outlet Medium, on the page of a fake article advertising a cryptocurrency giveaway. […] | |||
|
2022-04-28 21:53:58 | Experts Insight On Coca Cola Potential Breach (lien direct) | Following the news that: Coca Cola Investigates Potential Data Breach Coca Cola is investigating reports of data breach after claim Stormous ransomware group stole data | Daily Mail Online Security experts commented below. | Ransomware Data Breach | ||
|
2022-04-28 21:30:02 | The Subject Of Trusting \'Russian\' Applications (lien direct) | As many readers of Information Security Buzz articles may already be aware, I have had published two articles about 'Trust' in relation to Russian applications, and as such I have set on a personal course to remove all links with such companies, relinquished partnerships, and have removed all said applications of origin from all my […] | |||
|
2022-04-26 15:42:30 | Why Collaboration Is Key To Driving The Future Of Risk Mitigation (lien direct) | With COVID-19 restrictions easing, many employees are starting to make a return to the workplace. But the traditional five-day working week in the office is steadily on its way to becoming obsolete for many. According to recent research, over a half of employers (55%) expect an increase in staff working from home or remotely part […] | |||
|
2022-04-26 15:31:40 | Cyber Security Experts Reacted On T-Mobile Breach (lien direct) | It has been announced that the Lapsus$ hacking group has claimed another victim: U.S. telecom giant T-Mobile. T-Mobile's latest security incident was first revealed by security journalist Brian Krebs, who obtained a week's worth of private chat messages between the core members of Lapsus$. According to the data, Lapsus$ had access to T-Mobile's network by compromising employee accounts, either […] | |||
|
2022-04-26 15:10:57 | Why Is It So Easy To Break Into The Systems That Run The World\'s Most Critical, Expert Weighs In (lien direct) | Last week at Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), contestants earned a total of $400,000 for their exploits. Two Dutch researchers even took home $90,000 and a championship trophy by targeting the software that helps run the world's critical infrastructure. The worst part? They said it was their “easiest challenge […] | |||
|
2022-04-26 15:02:00 | Elon Musk Buys Twitter – Cyber Security Experts Reacted (lien direct) | The New York Times is reporting Elon Musk and Twitter Reach Deal for Sale. Twitter has agreed to be taken over at $54.20 a share, a 38 percent premium over the share price when it was revealed Mr. Musk has been buying up the company's stock. Elon Musk had this to say: “Free speech is […] | |||
|
2022-04-25 12:06:37 | Binance Recovers Over $5.8M From Axie Infinity Bridge Attack (lien direct) | As reported by Decrypt, cypto exchange Binance has recovered a small fraction of the $622 million stolen from Sky Mavis's Ethereum sidechain Ronin last month, according to a tweet by exchange CEO Changpeng “CZ” Zhao. Sky Mavis is the developer team behind the popular play-to-earn crypto game Axie Infinity. Zhao tweeted that the North Korean […] | |||
|
2022-04-24 14:15:14 | The Metaverse Is Coming (lien direct) | Looking at what the big players are doing, it's easy to view the Metaverse as a big thing. Facebook has changed its corporate name in honour of the new trend. Microsoft's CEO acknowledged that their latest and largest acquisition (the game maker Activision Blizzard for $68.7 billion) was a side bet in games but also […] | |||
|
2022-04-22 14:59:09 | Government Cloud On-Ramping (lien direct) | The UK Treasury is becoming increasingly frustrated by the billions of pounds wasted by government departments on legacy technology and proprietary infrastructure. With Digital Transformation now imperative, there is little patience for the endemic delays in decision making that are adding untenable costs to a government that simply has no more resources. Why are departments […] | ★★★★ | ||
|
2022-04-22 14:48:14 | Bolstering Security Standards: How A Consolidated IT Infrastructure Can Arm Businesses Against Cyber-Criminals (lien direct) | When companies think of security, they often only think of passwords, encryption, and hacking. With the transition to flexible, hybrid, or fully remote work, there are many new aspects that come up in the security equation and, most importantly, must meet corporate standards. As not all users are tech-savvy, software must be user-friendly with intuitive […] | |||
|
2022-04-22 14:41:59 | MS Exchange Servers Found Deploying Hive Ransomware (lien direct) | Analytics company Varonis found one of its customers had multiple devices and file servers compromised and encrypted by the threat group known as Hive. The initial indicator of compromise was the successful exploitation of Microsoft Exchange via vulnerabilities known as ProxyShell. Hive is built for distribution in a Ransomware-as-a-service model that enables affiliates to utilize […] | Ransomware Threat | ||
|
2022-04-22 12:00:45 | International Intelligence Agency Warns Of Russian Cyber Attacks (lien direct) | Following reports this morning of international intelligence agency, Five Eyes, warning of Russian cyber attacks, please find below a comment from cybersecurity expert on the ways to shore up corporate cybersecurity in a climate of tension and raised threat levels. | Threat | ||
|
2022-04-21 19:54:06 | Cybercriminals Are Shifting Their Gaze To Kubernetes (lien direct) | Cybercriminals are now using a more varied arsenal of attack methods to target cloud environments, including shifting focus from Docker to Kubernetes. These findings were revealed in recent research from Aqua Security, which discovered that attackers are increasingly utilising cryptominers, backdoors, rootkits and credential stealers to infiltrate cloud environments. | Uber | ||
|
2022-04-21 19:47:31 | Comment: Linkedin Becomes The Most Impersonated Brand For Phishing Attacks (lien direct) | Following the news that LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks – LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks – Infosecurity Magazine (infosecurity-magazine.com), information security experts reacted below. | |||
|
2022-04-21 19:39:50 | Ponemon Research – Businesses To Invest $172b On Cybersecurity In 2022 (lien direct) | According to research published in April by the Ponemon Institute, on behalf of Intel, businesses will invest $172 billion in cybersecurity in 2022. But surprisingly only 53% of respondents said they refreshed their existing cybersecurity strategies due to the pandemic – which may signal a disconnect between the way businesses invest in cybersecurity and the […] | |||
|
2022-04-21 19:32:02 | FBI Warning On Ransomware Attacks Against The Agriculture Sector (lien direct) | Please see comment below by cyber security experts on how agriculture organisations can protect themselves against cyberattacks after the FBI's warning on increased attacks by ransomware gangs on the sector. | Ransomware | ||
|
2022-04-21 19:23:11 | Attacker Accessed Dozens Of Repositories After OAuth Token Theft (lien direct) | Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below. | |||
|
2022-04-21 19:20:13 | (Déjà vu) Researchers Discover DDoS Botnet, Enemybot (lien direct) | Researchers last week discovered a new DDoS botnet, tracked as Enemybot, that has targedted several routers and web servers by exploiting known vulnerabilities. Please find the expert comment below concerning the botnet, which targets multiple architectures, including arm, bsd, x64, and x86. | |||
|
2022-04-20 14:28:37 | MetaMask Crypto Wallet Seeds Exposed In iCloud Backups, $650K Theft Shows (lien direct) | MetaMask, a cryptocurrency wallet and blockchain app gateway (https://metamask.io/) used by 21 mil+ investors, Tweeted a warning (raw link at bottom) to iOS users that if they have iCloud backup enabled, their wallets could be hacked if someone phishes their iCloud credentials. With iCloud backup enabled, a user's crypto “seed” (a key to their account, […] | |||
|
2022-04-20 14:17:35 | Digital Trust Security Expert On Linkedin\'s Fight Against Phishing (lien direct) | It has been revealed that LinkedIn takes the lead as the most impersonated in phishing attacks. Clearly, our identities are constantly under attack from various social engineering tactics. | Guideline | ||
|
2022-04-20 09:29:58 | Joint Cybersecurity Advisory Warns Of Blockchain Hackers Targeting Developers And DevOps teams (lien direct) | It has been reported that the FBI, CISA and U.S. Treasury Department have issued a joint cybersecurity advisory warning all businesses in cryptocurrency to watch out for attacks from North Korean state-sponsored hackers. The full advisory can be viewed here. Within the advisory there's also warning of how Lazarus attacks start by targeting employees of these firms, […] | APT 38 APT 28 | ★★★ | |
|
2022-04-20 09:19:37 | The New Cyberthreat To Healthcare: Killware (lien direct) | Ransomware in the healthcare sector For years, the focus of cybersecurity efforts in the healthcare sector has been on protecting medical records and other sensitive patient information. Clearly, attention to data security is vital - ransomware attacks and data breaches remain the main threats for the healthcare sector and protection of sensitive information is required […] | Ransomware | ||
|
2022-04-19 12:28:32 | Comment: Pegasus Suspected To Have Infected 10 Downing Street (lien direct) | It has been reported that Pegasus spyware is suspected to have been used to infect the 10 Downing Street network, researchers at Canadian internet security watchdog Citizen Lab have concluded. A device connected to that network was infected using the spyware on 7 July 2020, according to a report on the research by the New Yorker. […] | |||
|
2022-04-19 12:23:54 | Expert Insight On Funky Pigeon Cyberattack (lien direct) | Please see below expert comments on Funky Pigeon suffering a cyberattack. The comment focuses on the impact this could have on both the business and customers, and how organisations can protect themselves against cyberattacks. | |||
|
2022-04-15 14:29:29 | Russia Is The Most Breached Country Of Q1\'2022, Spike In Victims Spotted In March (lien direct) | Australia ranks 7th, shows an 87% spike in cases quarter-over-quarter Cybersecurity company Surfshark’s study found that Russia is first in terms of breached accounts from January-March 2022, with more than 3.5M internet users affected. Since the start of Ukraine's invasion in March, 136% more Russian accounts were breached than in February. The second place in […] | |||
|
2022-04-15 14:24:42 | Q1 Reported Data Compromises Up 14% Over 2021 (lien direct) | The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years. Among stated findings: Publicly reported data compromises totaled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021. […] | Data Breach | ||
|
2022-04-14 15:24:49 | Skybox Security Research Reveals 42% Rise In New Ransomware Programs In 2021 (lien direct) | Critical infrastructure in the crosshairs: operational technology vulneabilities jump 88% News summary Enormous aggregate cyber risk: 3x increase in vulnerabilities over the past decade Adversaries exploit weaknesses faster: 24% uptick in new vulnerabilities exploited in the wild These and other findings published in new Skybox Research Lab Report Threat intelligence analysts at Skybox Research Lab uncovered […] | Ransomware Threat | ||
|
2022-04-14 15:18:45 | Security Expert Re: Critical RCE WordPress Flaw May Affect 500K+ Sites (lien direct) | A critical RCE flaw identified in the Elementor WordPress plugin could 500k or more sites. its critical severity is given by the fact that anyone logged into the vulnerable website can exploit it, including regular subscribers. A threat actor creating a normal user account on an affected website could change the name and theme of the […] | Threat | ||
|
2022-04-14 15:16:33 | Expert Insight On PIPEDREAM, The 7th Known Malware To Specifically Target Industrial Control Systems (lien direct) | Amid escalating threats to global critical infrastructure, last night Dragos announced the discovery of new malware specifically developed to disrupt industrial processes: PIPEDREAM. This is the seventh ever publicly known ICS-specific malware, following INDUSTROYER2, STUXNET, HAVEX, BLACKENERGY2, CRASHOVERRIDE, and TRISIS. Since early 2022, Dragos has been analyzing PIPEDREAM malware. PIPEDREAM was developed by a new threat […] | Malware Threat | ||
|
2022-04-14 14:26:28 | 87% Of European Cybersecurity Professionals See Government-led Initiatives As Critical To Enhancing National Cyber Defences (lien direct) | Concerns over government readiness for and responsiveness to cyber-attacks on critical infrastructure have been exacerbated by the recent conflict in Ukraine. New vulnerabilities, emerging tactics and digital exposurehave forced decision makers to re-evaluate existing strategies to respond to these threats in an effective way. Trellix, formerly McAfee Enterprise and FireEye, carried out research in the […] | |||
|
2022-04-14 14:13:06 | Nordex Issues Statement Following Cyber Attack, Expert Reaction (lien direct) | It has been reported that German wind turbine manufacturer, Nordex Group, was hit by a cyber-attack on 31 March 2022, with an update issued by the firm this week. The cyber-attack was detected by IT security team at an early stage, according to Nordex, and response measures were taken quickly. | |||
|
2022-04-14 14:03:40 | Microsoft\'s RPC Remote Code Execution CVE Update Vulnerability (lien direct) | In response to Microsoft's “Patch Tuesday” update revealing a new RPC Remote Code Execution CVE that affects numerous servers and workstation versions of Microsoft Windows, Information Security Experts reacted below. | Vulnerability | ||
|
2022-04-13 14:54:39 | (Déjà vu) “JekyllBot:5” Allows Remote Hacking Of Hospital Robots (lien direct) | Cynerio cybersecurity researchers specializing in healthcare IoT have discovered five serious vulnerabilities that allow remote hacking of Aethon's TUG autonomous mobile robots. The TUG robots are used by hundreds of hospitals across the globe to transport goods, materials and clinical supplies. … these robots require a lot of sensitive data and freedom of movement to be […] | |||
|
2022-04-13 14:49:57 | FBI Seize Control Of Popular Hacking Forum (lien direct) | Information Security Experts commented below on the news that the FBI and international partners seized control of a popular hacking forum. | |||
|
2022-04-13 14:29:12 | Trust In The New Age Of The Cold War (lien direct) | The sad kinetic situation of the Russian war in Ukraine has created much instability on the world stage – observing the fallout of human tragedies and loss of life – facts we are all very much aware of and tuned into from the daily reports from the media. However, there are several unknown unknowns, of […] | |||
|
2022-04-13 14:24:05 | How Can You Spot Fake News? And What Should We, As A Society, Do About Mass Disinformation? (lien direct) | Link to the whole report: Easy Ways to Spot Misinformation & Fake News in 2022.Some of our coolest findings include: 87% of social media users believe they have encountered disinformation bots. More than half of them (55%) have reported suspicious activity online at least once. While 61% declare they can spot disinformation, most of them […] | |||
|
2022-04-12 15:38:38 | Understanding The Risk And Phenomenon Of Crypto Assets (lien direct) | As the world evolves from Web 2.0 to Web 3.0 – think decentralised protocols for crypto assets, identities, and computer-services leveraging blockchain technology – cyber threat teams too must evolve their understanding of the technology at play to stay ahead of threats. Although the industry has evolved considerably since its inception, there is significant room […] | Threat | ||
|
2022-04-12 15:03:22 | Identity Management Day Is On April 12 – Industry Experts Comments (lien direct) | Identity Management Day on April 12 is a global day of awareness to educate about the importance of managing and securing digital identities. Industry leaders commented below on the importance of identity management. | Guideline | ||
|
2022-04-12 10:48:32 | CyRC Vulnerability Advisory: Stored XSS In Directus (lien direct) | CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus. Overview Synopsys Cybersecurity Research Center (CyRC) research has identified a stored cross-site scripting (XSS) vulnerability in Directus, a popular open source headless content management system (CMS) built in JavaScript. Directus is a web-based admin application that allows […] | Vulnerability Guideline | ||
|
2022-04-12 10:42:11 | Over 16,500 Sites Hacked To Distribute Malware Via Web Redirect Service (lien direct) | As reported by Hacker News, A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. Traffic direction systems are used by threat actors to determine whether or not a target is of interest and should be redirected to a malicious domain under […] | Malware Threat | ||
|
2022-04-12 10:38:17 | Microsoft Announces Windows Autopatch, Cybersecurity Experts Weigh In (lien direct) | Following the news that Microsoft announced the Windows Autopatch-Microsoft Autopatch feature to make Patch Tuesday ‘just another Tuesday’ for enterprises (computing.co.uk), IT security experts commented below. | |||
|
2022-04-12 10:29:16 | BlackFog: Italian Luxury Fashion House Zegna Confirms August 2021 Major Ransomware Attack (lien direct) | Following the news that Italian luxury fashion house Zegna has just confirmed it was victim of a ransomware attack in August 2021, joining Moncler, Boggi Milano and Guess, amongst others, that have been victims, Industry leaders commented below on how data exfiltration is the common thread between all ransomware attacks. | Ransomware Guideline | ||
|
2022-04-08 10:44:36 | Cash App Breach By Ex-Employee ImpactsOver 8 Million Users (lien direct) | As the Cash app breach story unfolds, it is clear why Zero Trust & Least Privilege Access matter. In the SEC disclosure of the breach, Block, Inc. (parent co) reported: “it recently determined that a former employee downloaded certain reports… While this employee had regular access to these reports as part of their past job […] | |||
|
2022-04-08 10:37:55 | Cyber Talent Shortage Remains A Top Problem For Sec Pros – CEO Perspective (lien direct) | The new report from Cobalt The State of Pentesting 2022: How Labor Shortages Are Impacting Cybersecurity and Developer Professionals finds that the lack of qualified people has become the No. 1 problem for security pros and especially pen testers, and notes: “The majority of vulnerabilities stem from not staying on top of configurations, software updates, or […] | |||
|
2022-04-08 10:34:17 | Security Expert Re: 13 Million Records Leaked By Fox News (lien direct) | A configuration error exposed millions of internal records at Fox News. | |||
|
2022-04-08 10:28:44 | Why Supply Chain Security Risks Provide Backdoor For Hackers And How To Prevent It, Experts Insight (lien direct) | New research suggests that cyber-attacks on supply chains increased by 51% in the last six months of 2021. Organisations have an opportunity to reduce their third-party risk by clarifying whether they or their suppliers are responsible for supply chain risk management, according to new global research of 1400 cyber security decision makers by NCC Group. Around […] | |||
|
2022-04-08 10:25:24 | Hacker Stole $300,000 From Blockchain-based Mobile Game (lien direct) | As reported by Vice, WonderHero, a cryptocurrency-based play-to-earn game, announced on Thursday that it was suspending all services after the price of its token crashed dramatically after a hacker was able to mint the game's token and cash out for around $300,000. In an official announcement, WonderHero confirmed that “there was an attack on our […] | |||
|
2022-04-07 12:08:55 | Why Paying The Ransom Isn\'t The Answer For Ransomware Victims (lien direct) | Increased reliance on multiple cloud environments during the last couple of years and the growing number of employees opting for a hybrid working norm have created numerous opportunities for ransomware gangs to target organizations. As a response to the increasing impact of ransomware attacks, businesses of all sizes are investing in a zero-trust approach to […] | Ransomware |
To see everything:
Our RSS (filtrered)
