Bank of England Deputy Governor Jon Cunliffe today remarked that the implosion of cryptocurrency exchange FTX shows the need to regulate the crypto world, and to bring in these controls as soon as possible.
ISBuzz Team
The FBI has recently warned of a spate of cyberattacks and data extortion efforts by the Hive ransomware group, particularly focusing on the health and public health sectors. Hive actors have successfully exploited more than 1,300 companies globally, just this year, receiving approximately $100 million in ransom pay-out. Comparitech recently released some related research looking at the true cost of ransomware on healthcare organisations over the past 4 years. It highlights how the ransomware pandemic is only getting worse, and how threat-actors have targeted healthcare organisations specifically, aware of the fact that any downtime could cost lives (in the worst-case scenario.)…
E-commerce malware detection firm Sansec is tracking a surge in cyberattacks targeting Magento stores. At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks. There is a big increase of active scanning for the file that contains the backdoor (health_check.php). This is a sign of attacker groups are trying to take over infected sites from other groups. November is on track to see more Magento 2 template attack probes than the previous ten months combined.…
It has been reported that hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins.
Reports have suggested that the Zendesk vulnerability could have given hackers access to customer data. Full story: Zendesk Vulnerability Could Have Given Hackers Access to Customer Data | SecurityWeek.Com
As reported by The Times, the government has issued “burner phones” to all officials and ministers at the Cop27 climate conference in an attempt to stop the Egyptian hosts snooping on them. Activist groups and some of the nearly 200 countries attending the meeting in Sharm el-Sheikh have increased their security efforts compared with recent rounds of climate talks. The UK is taking the issue particularly seriously. New phones and temporary Sim cards have been issued to more than a hundred officials and ministers at the talks. Grant Shapps, the business secretary, Thérèse Coffey, the environment secretary, and Baroness Vere of…
Barclays Bank has today revealed that purchase scams rose by 34% following Black Friday weekend last year, putting this year’s Christmas shoppers at huge risk. It comes as almost nine in 10 Britons say they will rely on Black Friday to do some or all of their Christmas shopping this year.
Following the news that Biden’s officials are being pressed by lawmakers on cyber reporting legislation as overseas threats and ransomware evolves, Information security experts reacted below.
It has been reported that security researchers have uncovered a sophisticated phishing campaign using tens of thousands of malicious domains to spread malware and generate advertising revenue. Dubbed “Fangxiao,” the group directs unsuspecting users to the domains via WhatsApp messages telling them they’ve won a prize, according to security vendor Cyjax. The phishing site landing pages apparently impersonate hundreds of well-known brands including Emirates, Unilever, Coca-Cola, McDonald’s and Knorr.
State-Sponsored Actor Targets Cert Authority, Government Agencies In Multiple Asian Countries A new state-sponsored actor has targeted multiple Cert Authorities (CAs) and government agencies in multiple Asian countries, FireEye researchers warn. The actor, dubbed TEMP. Periscope by the security firm. Uses phishing emails as an attack vector to deliver malware to organizations based in Nepal and Indonesia that have ties with the Indian government and military. The espionage campaign started in August 2017 and it’s still ongoing; FireEye discovered it after detecting two phishing emails sent to two different entities in the region. Which at first glance were unrelated to…