Threat actors can publish Skills – the name given to third-party Alexa applications – under any arbitrary developer/company name and also make backend code changes after approval to coax users into revealing unwanted information, according to new research presented at the Network and Distributed System Security Symposium (NDSS) conference. Christopher Lentzsch and Martin Degeling, from Horst Görtz Institute for IT Security at Ruhr-Universität Bochum, and Sheel Jayesh Shah, Benjamin Andow, Anupam Das, and William Enck, from North Carolina State University – analyzed 90,194 Skills available in seven countries and found safety gaps that allow for malicious actions, abuse, and inadequate…
ISBuzz Team
Security researchers have spotted a new malware operation named Silver Sparrow targeting MAC devices and it is believed to have infected 30,000 systems. The malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black. “According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” Red Canary’s Tony Lambert wrote in a report published last week.
City AM has revealed that just over half (51%) of businesses in the UK have suffered a cyber-attack in the last 12 months. Research by the Chartered Institute of Internal Audits (CIIA), which quizzed nearly 200 businesses of all sizes and across various sectors, found the biggest barrier to implementing better cybersecurity practices during the pandemic were competing priorities, employees working remotely, and insufficient budgets.
Android users can now take advantage of the Password Checkup feature that Google first introduced in its Chrome web browser in late 2019, the OS maker recently announced. On Android, the Password Checkup feature is now part of the “Autofill with Google” mechanism, which the OS uses to select text from a cache and fill in forms. The Password Checkup feature takes passwords stored in the Android OS password manager and checks them against a database containing billions of records from public data breaches and see if the password has been previously leaked online. If it has, a warning is…
Victims of ransomware attacks are increasingly facing secondary extortion schemes, where attackers threaten to publish or sell data stolen from the victims’ systems, this led us to sit down with Rick McElroy, Cybersecurity Strategist, VMware Carbon Black to discuss what has led to this escalation.
The CEO of SolarWinds was joined by FireEye chief executive Kevin Mandia, Microsoft President Brad Smith, and CrowdStrike chief executive and president George Kurtz to speak to the Senate Intelligence Committee during the first public congressional hearing on the SolarWinds hack. Many important topics are currently being discussed, including calling for deeper partnerships between the private and public sectors.
It has been reported that Kroger Co. has announced it was among the victims of a data breach involving Accellion’s file-transfer service. The company believed that only 1% of its customers were affected and are being notified of the breach. Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, and that it was notified of the incident on 23 January, when it discontinued the use of Accellion’s services. Commenting on the news are the following cybersecurity experts:
It has been reported that chatroom app Clubhouse has a critical security flaw which allows an unidentified user to stream Clubhouse audio feeds from “multiple rooms” into their own third-party website. The company responded by permanently banning the unidentified user and have installed new security controls to prevent the flaw.
News broke over the weekend that a webcam system that lets parents drop in and watch their children while at nursery school has written to families to tell them of a data breach. NurseryCam said it did not believe the incident had involved any youngsters or staff being watched without their permission, but had shut down its server as a precautionary measure.
When asked why he robbed banks, American bank robber Willie Sutton notoriously answered, “Because that’s where the money is!” Banking is still a number one target for cyber crims – it’s just the money has moved online, and so have robbers. With banking season currently underway this month, many of the big banks have reported their financial results. Yet, as an industry, the sector is facing an uptick in cyber threats, with many UK banks’ customers reporting a flurry of email and phone scams in the first two months of 2021. While banks are diligently investing in cyber defenses, scammers…