BACKGROUND: Facebook has released an intel report on Iranian threat activity. The report discloses actions the company took against a group of hackers in Iran, known as Tortoiseshell, to disrupt their ability to use their infrastructure to abuse the platform, distribute malware and conduct espionage operations across the internet, targeting primarily the United States.
ISBuzz Team
BACKGROUND: Yesterday, cybersecurity firm SonicWall sent an urgent warning to users of some of their legacy products about an ‘imminent ransomware campaign using stolen credentials’ and told some users to disconnect products immediately.
BACKGROUND: WooCommerce, the popular e-commerce plugin for the WordPress content management system, has been updated to patch a serious vulnerability that could be exploited without authentication. WooCommerce is installed on more than 5 million websites globally.
BACKGROUND: A new vulnerability applies to a family of Schneider Electric programmable logic controllers (PLCs) widely used in manufacturing and commercial controllers. In a report released Tuesday, researchers at Armis dubbed the vulnerability “ModiPwn” because it takes advantage of undocumented commands in the Schneider Modicon device code of the M340, M580 and other models in the Modicon series of controllers. No Simple Patch Available: Schneider has released a set of mitigations for the bug but no one patch is available.
BACKGROUND: The number of scams rose by a third in 2020, reaching more than 410,000 cases, according to an analysis by consumer rights group Which? They found that online shopping and auctions fraud were the most frequent by a wide margin, with approximately 103,254 incidents.
BACKGROUND: New research has revealed that 94% of organisations have experienced insider data breaches in the last year. Additionally, Human error was the top cause of serious incidents, according to 84% of IT leaders surveyed; Almost three-quarters (74%) of organisations have been breached because of employees breaking security rules;73% have been the victim of phishing attacks.
BACKGROUND: The UK government is investing £700k to boost cyber skills across the UK. Is this investment enough to address the cyber skills?
BACKGROUND: In light of the recent events, such as the Florida water hacker and the JBS ransomware attack, we are starting to see critical infrastructure become a lucrative target for cyber criminals – as they look to capitalise and make maximum impact. In addition, this is combined with the fact that we are also seeing supply chain attacks high on the agenda. They are growing in popularity, with criminals able to infiltrate and hold hostage multiple organisations through one attack. SolarWinds and the recent Kaseya attack acting as pivotal examples.
BACKGROUND: As posted on Redditt, a number of Mint Mobile subscriber’s phone numbers were ported to another carrier without authorization. Mint is stating that the ported information potentially included subscribers’ personal information, including account number, phone number, call history, names, addresses, emails, bill amount, and passwords. According to the post, the breach occurred between June 8th and 10th. Experts with Approov and Gurucul comments.
BACKGROUND: The Proofpoint has uncovered an Iranian group called “SpoofedScholars” targeting universities and academic individuals. It is believed that the group has successfully compromised the website belonging to the School of Oriental and African Studies (SOAS) and the University of London to try to steal the confidential information. They also operate with a different name “Charming Kitten” and mainly target in US and UK using sophisticated techniques.