BACKGROUND The Prime Minister’s personal mobile phone number has in the public domain for the past decade and a half. The discovery of Boris Johnson’s mobile phone number on a press release from 2006 has been identified as a huge security oversight by many. But is the fact that Boris didn’t change his phone number surprising.
Author: ISBuzz Team
It has been reported that a new SMS malware campaign capable of stealing passwords and banking credentials has started spreading like wildfire in recent weeks. So much so that mobile carriers and law enforcement agencies alike have been prompted to issue warnings about the so-called FluBot campaign. Although the hook to the SMS phishing message is an old one, based on the ‘you have a parcel delivery’ theme, the exploitation method and the way the campaign is evolving are real causes for concern.
BACKGROUND: A new report- Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound from Coveware ’s Quarterly Ransomware Report, Coveware notes “Data exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data.” The report notes 77% of attacks now include threats of sensitive data leaks such as financial or healthcare data. Experts with Byos, Veridium, and YouAttest offer thoughts.
BACKGROUND: A recent survey has found that in emerging markets such as Brazil, Indonesia, South Africa, and Thailand, 16 percent of mobile devices that processed a transaction was found to be infected with malware. Insights come from Secure-D processing 1 billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets covering nearly 840 million users. The report reveals the scale of the impact of the COVID-19 pandemic on mobile ad fraud and malware. 46,000 malicious apps were detected in circulation, with a global block rate of 95 percent. This translates as 16 percent of mobile devices carrying at least one…
BACKGROUND UK rail network, Merseyrail has confirmed that it has been targeted by cyberattackers. The cybercriminals used its email system to notify employees and journalists about the ransomware, deemed to be Lockbit after finding an email from the 18th of April with the subject: “Lockbit ransomware attack and Data Theft”. The situation is currently under investigation, but a few cybersecurity experts have offered their insights below:
BACKGROUND: Cisco Talus discovered an information-disclosure security vulnerability in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.
BACKGROUND: First Horizon Bank in Memphis, Tenn., has disclosed that a number of online customer bank accounts were targeted by a data security breach. The $87.5 billion-asset company said that an unauthorized party obtained login credentials from an unknown source and exploited a vulnerability in third-party security software to gain access to less than 200 accounts, obtaining “less than $1 million” from some of the accounts.
Over the past three months, users of the popular messaging app Telegram have seen over 130 attacks using a new multi-functional remote access trojan (RAT) dubbed ‘ToxicEye’, according to recently released research. Following controversial changes to privacy settings from Facebook’s WhatsApp, cloud-based IM platform Telegram has enjoyed a surge in popularity, becoming the most downloaded app worldwide for January 2021 with more than 63 million installs. Unfortunately, this popularity also extends to the cyber-criminal community. Malware authors are increasingly using Telegram as a ready-made command and control (C&C) system for their malicious products, because it offers several advantages compared to…
Background World Password Day is coming up on May 6. It is a day designated to remind us of the importance of this first line of defense against ransomware, spyware, and other bad actors. This was especially true over this past year during which the World Health Organization reported a fivefold increase in cyber attacks.Yet, contrary to prevailing advice on picking strong passwords, Security.org’s second annual report on America’s password habits and strategies revealed that 14 percent of us used “COVID” in our passwords; 21 percent used “Trump” or “Biden” and 20 percent used a curse word.
Spam Prevention, Anti-Virus, Intrusion Prevention – these are just a few solutions you may already be using as part of your cyber security strategy. Whilst these are all effective in their own right, have you ever taken the time to look at your entire Cyber-attack chain, your end-to-end defences, and wondered what would happen if they were bypassed? Analysing vulnerabilities within your entire Cyber-attack chain (also known as the cyber-kill chain) can help put strategies, or technologies in place to “kill” or contain attacks at various stages to better protect your systems, data and employees. Our SOC and red teaming…
