ISBuzz Team

BACKGROUND: With the new OS from Microsoft already highly-anticipated, many users have flocked to the Windows Insiders program to experience and download Windows 11 preview versions. However, security experts have warned eager users to take care when downloading and installing preview versions of Windows 11 after detecting malware-laden fake installers, reports Tech Radar. Hundreds of such attempts have already been nullified, according to Kaspersky, who have detected fake malware-laden Windows 11 downloaders that install and run other applications in the background. In one example, a 1.76GB installable file called ‘86307_windows 11 build 21996.1 x64 + activator.exe’, made to look like…

BACKGROUND: It has been reported that Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren’t getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware. 

MITRE has released their top 25 list of Common Vulnerability Exposures (CVE’s). The winners were culled from roughly 27,000 CVE’s in the National Vulnerability Database and represent the most common and dangerous weaknesses from the last two years (2019-2020). The list provides descriptions and research links for each of the weaknesses with examples of how they might be abused. Excerpt: … Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely…

A new Microsoft “HiveNightmare” vuln has surfaced in the MS KB5004605 update that added AES encryption on OS versions from Windows 10 build 1809 and newer, as confirmed by Twitter user Jonas L and @GossiTheDog.  Microsoft says in CVE-2021-36934 that the zero-day can enable users to escalate to SYSTEM privileges on windows 10 & newer systems.  A Haystack Solutions expert offers thoughts.

Australian Information Commissioner and Privacy Commissioner has determined that Uber interfered with the privacy of an estimated 1.2 million Australians. Uber provided details of the data breach back in 2017, stating that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that Uber used.

BACKGROUND: It has been reported that Saudi Aramco is being held to ransom by cybercriminals, who are demanding $50 million over the leakage of some of the company’s data. 

BACKGROUND: Following the news that credentials for Paralympic and Summer Games ticket holders have been leaked online, please see below for comments from experts highlighting the importance of identity access management.

BlueFort Security is announcing the results of a new survey of 600 UK CISOs which reveals the cybersecurity challenges they have faced during the Covid-19 pandemic, their concerns about the future and their adoption of new technologies to redress the balance.Key findings of the study include: 75% of CISOs surveyed state that since transitioning to working from home, they feel their organisation is at greater risk of cybersecurity attacks, and it’s only going to get worse30% of CISOs have lost track of movers, joiners and leavers.29% have said they are missing corporate devices.27% of CISOs surveyed said gaps in staff…

It was reported yesterday that the European Commission regulators have proposed changes to EU law that would force companies that transfer Bitcoin or other crypto-assets to collect details on the recipient and sender. The proposals would make crypto-assets more traceable, the EU Commission said, and would help stop money-laundering and the financing of terrorism. The package also includes the proposal for the creation of a new EU authority to fight money laundering.

Ethical researchers at the Massachusetts software company WizCase, discovered over 1,000 GB of data belonging to over 100 local municipalities across the Northeast in misconfigured Amazon S3 buckets. The over 1.6 million files were open to anyone. It appears that the commonly used municipal mapping program, Mapsonline.net, was storing unencrypted public data with no password or login required for access.  Almost every city in the US has put their residents’ data online in a form of GIS based mapping. These apps allow user access to individual property data on any property, generally without any password or login. This is “public record” data that…