WannaCry, notorious as the largest ransomware epidemic in history, reached its peak on May 12, 2017. To raise awareness of this ongoing threat, INTERPOL dubbed the 12th of May Anti-Ransomware Day and urged organisations to back up their data and adopt relevant security protections. Failing to take all possible steps to secure a business against a ransomware attack can be a very expensive mistake.
ISBuzz Team
The joint alert last week issued by CISA, the FBI, the NSA, and UK’s National Cyber Security Centre (NCSC) asks organizations to aggressively patch certain known vulnerabilities in response to updated Tactics, Techniques, and Procedures (TTP’s) used by Russian Foreign Intelligence Service (SVR) Cyber Operations group, known as APT29, Cozy Bear, etc. The alert follows the recent public attribution of the SVR to the SolarWinds compromise in 2020. An expert with Veridium offers perspective.
Researchers identified a high severity security vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips, (including the latest 5G-capable versions), that could enable attackers to access mobile phone users’ text messages, call history, and listen in on their conversations.
BACKGROUND: A new type of attack could increase the energy consumption of AI systems, according to research undertaken at Cornell University. Similarly to DDoS (distributed denial-of-service) attacks on the internet seeking to clog up a network and make it unusable, the new attack forces a deep neural network to tie up more computational resources than necessary and slow down its “thinking” process. The slowdown attack targets a type of AI called an input-adaptive multi-exit neural network, which can be deployed on small devices like smartphones and smart speakers. Theoretically, if an attacker had full information about the neural network, they…
BACKGROUND: A student’s attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute. After the research institute suffered the attack, Sophos’ Rapid Response team responded and neutralized the cyberattack. This attack lost the institute a week’s worth of research data and a week-long network outage as servers were rebuilt from scratch and data restored from backups.
BACKGROUND: It was reported today that the Spanish delivery startup Glovo, valued at $2 billion and aims to become Amazon’s rival in Europe, has been breached. A hacker was selling access to customers and couriers accounts with the ability to change their passwords.
BACKGROUND: Consumer watchdog ‘Which?’ recently examined 13 Wi-Fi router models, provided by major names such as Sky, EE and Virgin Media, and found that almost two-thirds had significant cybersecurity flaws, putting millions at risk. These flaws come in the form of weak default passwords, network vulnerabilities which could concede full control to hackers, and lack of firmware updates from as far back as 2018.
UnitingCare Queensland, which had fallen victim to a cyberattack at the end of last month, has now revealed that the ransomware gang REvil/Sodin was behind the attack. The organisation, which provides aged care, disability supports, health care, and crisis response services, said its systems are still impacted, with some still inaccessible.
This week Apple reported that there are currently two iOS 0-days that allow hackers to compromise fully patched devices. This comes a week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0.
BACKGROUND: New research reveals that the majority of top-rated fertility apps collect and even share intimate data without the users’ knowledge or permission, a collaborative study by Newcastle University and Umea University has found.