ISBuzz Team

The Ponemon Institute and SecureLink report “A Crisis in Third-party Remote Access Security” shows the gaps between stated third-party access threats and the security measures an organization actually uses. The report notes the threat surface increase due to remote access over the last 12 months. Among other key findings:  44% of respondent organizations experienced a breach in the last 12 months, with 74% faulting too much-privileged access among third parties. Also, 63% state that the third party’s reputation is the reason they’re not evaluating those privacy and security practices; 61% said their third-party management program does not define or rank…

Over 40% of online shoppers are concerned about how brands use their data, says new poll of 4,000 consumers from Empathy.co LONDON, 5th May 2021 – Nearly one in four (22 per cent) shoppers regularly use guest accounts to purchase online goods to avoid handing over personal data, according to a major new report from Empathy.co, the global commerce search and discovery platform. The data was obtained via a Censuswide survey of 4,000 online shoppers from the UK. It also revealed that nearly half of consumers much prefer to shop with brands they trust, 20 per cent are more willing to share personal…

As reported by teiss, as many as 92% of organisations who paid a ransom in the past 12 months did not get all of their data back, with the average organisation getting back just 65% of its data, Sophos’ State of Ransomware 2021 report has revealed.  In 2020, there was a major rise in the number of ransomware attacks targeting organisations, with security firm SonicWall recording a 40% surge in global ransomware attacks in the third quarter of 2020 compared to the corresponding quarter in 2019. The surge was attributed mainly to the global shift towards remote work as organisations…

BACKGROUND: As World Password Day is coming up on the 6th of May it reminds us of the importance of protecting ourselves through strong passwords. World Password Day helps people to improve passwords that they use for their online accounts and provide sources to learn more about cybersecurity. 

The recent Ransomware Task Force report, “Combating Ransomware,” that was delivered to the Biden administration this week and calls for an international coalition to combat ransomware criminals. Experts below provide response on this subject.

Following the breaking news story which found the UK telecoms regulator is warning the public not to trust caller ID on their phones as it tries to help stop people from becoming victims of fraud. A director at Ofcom, says caller ID should not be used as a means of verifying a caller’s identification. Fraudsters are increasingly changing their caller ID to disguise their identity, known as number spoofing. 

BACKGROUND: In an SEC filing on Wednesday, First Horizon Bank of Tennessee revealed that login credentials were used by “an unauthorized party,” exploiting third-party security software to remove millions from approximately 200 accounts.  Excerpt: In mid-April, First Horizon Corporation (the “Company”) became aware of a data security incident affecting a limited number of customer accounts. Based on its ongoing investigation, the Company determined that an unauthorized party had obtained login credentials from an unknown source and attempted access to customer accounts. Using the credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer…

Researchers recently showed how a drone can launch an attack via Wi-Fi to take full control of a Tesla’s infotainment by exploiting flaws in a 3rd party component.  (These vulnerabilities have since been patched.)

BACKGROUND: Proofpoint Research has released findings of a new variant of the Buer malware loader distributed via emails masquerading as shipping notices. The new strain is rewritten in a coding language called Rust. Key findings include: malware written in Rust enables the threat actor to better evade existing Buer detection capabilities, as well as Proofpoint observing RustyBuer campaigns delivering Cobalt Strike Beacon as a second-stage payload in some campaigns. Saumitra Das of Blue Hexagon offers perspective.

BACKGROUND: Breached online food ordering platforms have exposed hundreds of restaurants, according to researchers.