ISBuzz Team

Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram techradar report. While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well as when users don’t opt-in for E2EE. MTProto is Telegram’s version of transport level security (TLS) which is used to secure data in transit and to protect users from man-in-the middle attacks. The researchers also took a deeper look into Telegram’s clients for Android, iOS and desktop where they discovered…

It has been reported that the Department of Homeland Security has announced new requirements for U.S. pipeline operators to bolster cybersecurity following Colonial Pipeline ransomware attack. In a statement, DHS said it would require operators of federally designated critical pipelines to implement “specific mitigation measures” to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a “cybersecurity architecture design review.

It has been reported that Northern rail’s new self-service ticket machines have been targeted by a suspected ransomware cyber-attack. The system has been offline since last week and an investigation is underway. It comes just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at a cost of £17m. The government-run operator said it had taken “swift action” along with its supplier, Flowbird, and customer and payment data had not been compromised

Several Western countries have accused China of hacking Microsoft Exchange, which affected at least 30,000 organisations around the world, and China has since slammed claims.

New research by Bitdefender analyst Janos Gergo Szeles examines newly documented Windows malware that’s being distributed widely across the web through cracked software and paid search ads. Researchers dubbed the strain “Mosaic” due to the “intricate internal structure that aims to confuse malware analysts and prevent reverse-engineering. An expert offers perspective.

BACKGROUND: Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

Campbell Conroy & O’Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack. Campbell’s client list includes high-profile companies from various industry sectors and some of its current and past clients include Exxon, Apple, Mercedes Benz, Boeing, Home Depot, British Airways, Dow Chemical, Allianz Insurance, Universal Health Services, Marriott International, Johnson & Johnson, Pfizer, Time Warner, and many others.

It has been reported that security vendor SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials” that are exploiting security holes in current models and those running legacy firmware. Targeted are the company’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) secure VPN appliances with both unpatched and end-of-life (EoL) 8.x firmware. In a Thursday security notice, the company reported that researchers at Mandiant identified “threat actors actively targeting” three SMA 100 models and nine older SRA-series secure VPN products no longer supported by SonicWall.

The United States has announced a bounty of $10 million for tips to help take down foreign cybercriminals, according to Reuters. The State Department will offer a reward of up to $10 million for information that can identify or locate malicious cyber actors working at the behest of a foreign government to target critical U.S. infrastructure. In a statement, the U.S. State Department said that “certain malicious cyber operations targeting U.S. critical infrastructure may violate the CFAA (Computer Fraud and Abuse Act)” and that it has “set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of…

BACKGROUND: As reported in the South China Morning Post (links below), China’s new “Network Product Security Vulnerabilities Regulations” require Chinese firms to report cybersecurity vulnerabilities early, but forbids both companies and independent cybersecurity researchers from disclosing vulns and weaknesses to overseas organizations.