Currently, there is widespread public uncertainty and distrust around how organisations handle their data. In fact, almost half (45%) of the British public don’t trust that third-party organisations can keep their personal information safe or private. From a survey of 2,000 UK based respondents, key findings include: The majority (80%) of UK consumers “don’t have a clue” how many organisations use, store or have access to their personal data, including their email addresses, contact numbers, and bank details.Yet almost half (48%) of UK consumers say they are very aware of the laws that protect their personal data. As a result,…
ISBuzz Team
Comparitech researchers have analyzed the prices of stolen credit cards, hacked PayPal accounts, and private Social Security numbers on more than 40 different dark web marketplaces, looking at prices based on account balance, credit limit, country, and what information is included with a given listing.
Yesterday, the 2021 World Economic Forum report was released. The annual risk report – with this year’s edition being the 16th – identifies and analyses critical global risks facing the world. It is based on a Global Risks Perception Survey, which is completed by over 650 members of the World Economic Forum’s diverse leadership communities. Among the highest likelihood risks of the next ten years, cybersecurity failure is ranked 4th in the ‘clear and present danger’ section (short term risk; 0-2 years). IT infrastructure breakdown is also cited as being a major issue in the next 3-5 years (ranked #2).
As reported by TechRadar, vulnerabilities found in Signal, Google Duo, Facebook Messenger, and other messaging apps allowed attackers to listen in on users without their permission, security experts have warned. “On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent,” Natalie Silvanovich, a security engineer at Google’s Project Zero, wrote. Following the discovery of the FaceTime vulnerability, Project Zero found similar flaws affecting Signal, Google…
Following the recent debate of security concerns around IoT devices such as President Bidens Peloton bike, cybersecurity experts have provided the following comments:
There are a host of measures that businesses need to consider when ensuring their IT systems are compliant. These include keeping software up to date such as operating systems, maintaining the best practice security and firewall measures, meeting the requirements of industry specific measures such as the Payment Card Industry Data Security Standard (PCI DSS) or the General Data Protection Regulation (GDPR), and accounting for local and regional government regulations. Failure to ensure currency in processes can lead to non-compliance issues across large swathes of different operations within a business, and can open up the possibility of numerous negative consequences…
A report by research centre Ponemon Institute, commissioned by password manager Keeper Security, revealed that 70% of UK financial firms suffered a cyber-attack in 2020. The attacks were exacerbated since most of the employee are working from home because of the COVID-19 and cyber attackers use this opportunity to steal or access sensitive information due to not enough security controls are implemented to reduce risk of working from home.
It has been reported that a group of cybercriminals believe to link with the Chinese government is actively targeting the airline industry to obtain passenger data. It is believed that a threat actor Chimera is being such an attack. Believed to be operating in the interests of the Chinese state, the group’s activities were first described in a report and Black Hat presentation from CyCraft in 2020.
A hacker has leaked 1.9 million user records of popular photo editing app Pixlr containing information that could be used to perform targeted phishing and credential stuffing attacks. Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. The alleged Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information. ShinyHunters stated he downloaded the…
Enterprises and Government bodies continue to rely on outdated TLS certificates, according to a security advisory published by the US National Security Agency. Earlier this week, the Dutch NCSC released a similar alert, to bolster encryption for public sector bodies that up till now has left them open to attacks and created a ‘false sense of security’. Web browsers have been gradually moving away from TLS 1.0 and 1.1, but the shift has been slower for the public sector, and various national cybersecurity agencies are being forced to act.