Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in Microsoft Office suite, including Excel and Office online. Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook. Malicious code could have been delivered via Word documents (.DOCX) , Outlook Email (.EML) and most office file formats.Vulnerabilities are the result of parsing errors made in legacy code, leading CPR to believe security flaws have existed for yearsCPR responsibly disclosed to Microsoft, who…
ISBuzz Team
BACKGROUND: The popular websites including Reddit, Spotify, Twitch, Stack Overflow, GitHub, gov.uk, Hulu, HBO Max, Quora, PayPal, Vimeo, Shopify, and news outlets CNN, the Guardian, the New York Times, BBC, Financial Times are currently facing an outage. A glitch at Fastly, a popular CDN provider, is thought to be the reason, according to a product manager at Financial Times. Fastly has confirmed it’s facing an outage on its status website.
BACKGROUND: A leaked spreadsheet circulating around WhatsApp has exposed the personal details of more than one thousand UK Special Forces soldiers, which are meant to remain secret. The Register, which has seen the leaked spreadsheet, says it contains details of 1,182 British soldiers who were recently promoted from corporal to sergeant. Some included soldiers posted in sensitive units, such as the Special Reconnaissance Regiment, Special Boat Service and Special Air Service.
It has been reported that researchers have tracked down the origins of several increasingly prevalent info-stealers – including Redline, Taurus, Tesla and Amadey – that threat actors are delivering via pay-per-click (PPC) ads in Google’s search results. On Wednesday, breach prevention firm Morphisec posted an advisory in which it said that over the past month, it’s investigated the origins of paid ads that appear on the first page of search results and that lead to downloads of malicious AnyDesk, Dropbox and Telegram packages wrapped as ISO images.
BACKGROUND: Last week, NCSC announced it is investigating another increase in ransomware attacks against schools, colleges and universities in the UK. SonicWall’s threat research reveals that: The UK was the 4th worst-affected country for ransomware, with 8.5 million attacks, making up 4.2% of all global attacksGlobal ransomware attacks rose 62%, with 304.6 million attacks worldwideApril 2021 was the highest single month of ransomware ever on record (48.3M)There has been a 90% year to date increase in ransomware (Jan-April’20 vs. Jan-April ’21)
BACKGROUND: The US government’s response to the ever growing threat of ransomware is long overdue, but is it too late? With more priority set to be placed on ransomware attacks and the consequential investigations, we’re in a prime position to make strides in preventing these attacks.
BACKGROUND: It has been reported that almost 16,000 cyber ‘attacks’ were made against Hertfordshire County Council between January and March this year, according to the latest figures. The data is included in a report due to be presented to a meeting of the council’s resources and performance cabinet panel on Wednesday (June 9). It says the exact number of attacks – between January 1 and March 31 this year – was 15,964.
BACKGROUND: Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, has issued an open letter to corporate executives and business leaders on escalating ransomware attacks. The letter urges heightened vigilance and specific cybersecurity protection and prevention steps be taken immediately to protect US corporations against attacks. Experts with Gurucul and YouAttest offer thoughts and additional perspective.
The latest Feedzai Financial Crime Report Q2 2021 Edition which factors in some 12 billion global transactions between January-March 2021, shows that bank fraud is up 159%, including internet, telephone, and branch banking. Card-not-present (CNP) transactions were just 18% of all transactions, but drove 83% of all fraud attempts. The five most commonly attempted scams were Account Takeover (ATO)-up 47%; account opening identity theft-up 23%; impersonation scams-up 21%, purchase of goods that never arrived-up 15%, and phishing scams-up 7%. A cyber and passwordless authentication expert with Veridium offers perspective.
BACKGROUND: FUJIFILM, a Japanese multinational conglomerate with more than $20 billion in revenues, is investigating a ransomware attack and has shut down portions of its global network to prevent the attack’s spread.