Following the news that the University of Lancashire has suffered a cyberattack that has left remote-working students unable to submit assignments, experts commented below.
ISBuzz Team
A popular iPhone call recording app exposed the recordings of thousands of users data, a security researcher at PingSafe has found. The Call Recorder app contains a security vulnerability that enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily need an app to facilitate the function. The app makers proudly claim the app has been downloaded over 1 million times and says it was a top 20 business app in 20 countries. Noted security researcher Anand…
Forcepoint X-Labs have recently been dealing with invoice-flavored campaigns utilizing a more advanced infection chain than normally appreciated. It relies on special data exchange between different Microsoft Office document formats and the techniques used to showcase a very high level of knowledge within that domain.
Checkpoint has issued an alert on its blog: Dangerous Malware Dropper Found in 9 Utility Apps on Google’s Play Store. The new dropper – Clast82 – is being spread via 9 malicious Android apps on the official Google Play store, allowing attackers to obtain access to victims’ financial accounts and take full control of their mobile phone, while avoiding detection by Google Play Protect. An expert with Approov offers perspective.
In relation to the news that security firm Verkada, is investigating a massive hack said to have affected 150,000 of its security cameras, where the security company provides cameras to companies including carmaker Tesla and stolen footage included the insides of hospitals, schools, and businesses; cybersecurity experts reacted below.
It has been reported that the website of English Premier League football club West Ham Utd has leaked the personal details of the clubs’ supporters. The club website is showing several error messages including “Drupal already installed”. Experts commented below.
A bipartisan group of House lawmakers has just introduced a new bill that would allow Americans to sue foreign governments and their employees for malicious cyber activity. The legislation was introduced as the federal government and global organizations continue to cope with the fallout of cybersecurity events.
Microsoft has released 89 security fixes for software including the Edge browser, Office, and Azure that patch critical issues including vectors for the remote execution of arbitrary code. Experts below provide an insight on these critical patches.
The damage of Microsoft’s recent email hack continues as criminal groups rush to take part in the action, exploiting vulnerabilities and compromising victims before it is secured. The attack targeted flaws in email software that allowed criminals to steal valuable data due to the lack of end-to-end encryption (E2EE). Unencrypted email, unless PGP, is just a sitting target if your server gets breached, much like Microsoft’s. An increasingly attractive target too, when you consider the average office worker spends 40 emails per day.
It has been reported that tens of thousands of US-based organisations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application. KrebsOnSecurity was the first to report the mass hack. Citing multiple unnamed people, reporter Brian Krebs put the number of compromised US organisations at at least 30,000. Worldwide, Krebs said there were at least 100,000 hacked organisations.