New research from Tessian reveals the extent to which people post online and how hackers exploit this information for sophisticated social engineering attacks A new report from Tessian, the human layer security company, reveals that 84 per cent of people post information to their social media accounts every week, with two-fifths (42 per cent) posting every day, and are unknowingly giving away information that helps hackers launch successful social engineering or account takeover attacks. The report, titled How to Hack a Human, includes findings from a survey of 4,000 professionals in the UK and US and interviews with hackers from…
ISBuzz Team
The personal unemployment claims data of at least 1.4 million Washingtonians may have been stolen in a hack of software used by the state auditor’s office, Auditor Pat McCarthy said Monday. In a news release, McCarthy said the data, including Social Security numbers and banking information, was exposed in a breach in December of Accellion, a software provider the auditor’s office used to transfer large computer files.
The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research. It operates across the country with a budget of more than £6 billion, funded by the Department for Business, Energy, and Industrial Strategy. Given the funds it works with, the agency is an attractive target for big-game ransomware gangs that target organizations with large…
Tallahassee-based children Medicaid health plan Florida Healthy Kids Corp. began notifying members on Jan. 27 of a 7-year data breach that exposed the personal information of hundreds of thousands of health plan applicants. The health plan said it discovered that several thousand applicants’ information was inappropriately accessed and tampered with as a result of the breach. Information of applicants and enrollees that was exposed included Social Security numbers, dates of birth, names, addresses, and financial information.
Data protection post-Brexit was not the most polarising subject facing EU and UK trade deal negotiators last year. It was, however, of fundamental importance for both sides to agree a framework. Whether this was achieved in the resulting Trade and Cooperation Agreement is subjective – the data provisions in the Agreement provide some degree of short-term certainty for businesses and organisations, but the long-term arrangements are yet to be settled. Under the Trade and Cooperation Agreement, data has continued to flow from the EU and EEA to the UK since 1 January 2021. This is because the Agreement allows for…
Asian delivery and rental company Bykea exposed its production server information and allowed access to over 200GB of data containing more than 400 million records showing customers’ full names, locations and other personal information. BYKEA response: We would like to clarify that a vulnerability was reported to BYKEA in an ethical manner and was patched before it could be exploited.
A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time. The tool is named “LogoKit” is tracked by RiskIQ beleived to be install on more than 300 domains over the past week and more than 700 sites over the past month. It worked by sending phishing links that contain their email addresses and once a victim navigates to the URL, it fetches logo from third party services such as Clearbit or Google’s favicon database
A “treasure trove” of rifled personal data including user names, addresses and loyalty card balances was uncovered by the consumer campaign group. Cyber security experts say the information could be used to clone customer identities and gain illegal access to online shopping services. One seller on the dark web – hidden websites often used for illegal activities – claimed to have thousands of Tesco Clubcard account details for sale at 42p each.
A new study by Wordfence showed that WordPress sites were most threatened in 2020 by pirated (aka nulled) themes and plugins, brute-force attacks against login forms and the use of exploit code that takes advantage of unpatched vulnerabilities.
It has been reported that casual gaming provider VIP Games has suffered a data breach, exposing millions of records relating to users of the service. VIP games have more than 20,000 active daily players and includes the popular games such as Hearts, Crazy Eights, Euchre, Rummy, Dominoes, Backgammon, Ludo, and Yatzy. The exposed data includes usernames, emails, device details, IP addresses, hashed passwords, Facebook IDs, Twitter IDs, Google IDs, in-game transaction details, bets, and details regarding banned players. Although the password is encrypted with the Bcrypt algorithms using 10 rounds but it can be cracked with some effort.