As a result of the wholesale changes that COVID-19 has brought to the working world, hackers are successfully ramping up their attacks on cloud services. That’s according to a recent warning from the US Cybersecurity and Infrastructure Security Agency (CISA). Last week, CISA put out an official statement reporting that hackers have been using a number of methods, including bypassing multi-factor authentication (MFA) protocols to breach cloud service accounts. The federal agency states that much of the risk stems from remote workers using insecure devices to access the cloud.
ISBuzz Team
As reported by Android Central, Google is launching a few new features with Chrome 88 to boost the password security.It will be availble soon for users on iOS or desktop. It has a “check password” feature to search for any compromised or weak password. Google is also simplifying the password manager so that users can quickly and easily manage all of their login information in one place.
It has been reported that Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices. What is Dnsmasq, it is an open-sourced DNS forwarding software with DNS caching and DHCP server capabilities. It is used by a number of companies including Android/Google, Comcast, Cisco, Redhat, Netgear, Qualcomm, Linksys, Netgear, IBM, D-Link, Dell, Huawei, and Ubiquiti.
Please see below for comment from cybersecurity experts on the new strain of malware, Raindrop found in relation to SolarWinds:
Researchers with Check Point have reported a FreakOut botnet that has targeted vulnerabilities in Linux systems. The IRC botnet can be used for DDoS attacks as well as crypto-mining. The attacks aimed at devices that run one of the following: TerraMaster TOS(TerraMaster Operating System) – the operating system used for managing TerraMaster NAS (Network Attached Storage) serversZend Framework – a collection of packages used in building web application and services using PHP, with more than 570 million installationsLiferay Portal – a free, open-source enterprise portal. It is a web application platform written in Java that offers features relevant for the development of…
Following the news that Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online, Webroot, a market leader in cyber resilience, has released new statistics demonstrating how far cybercriminals are prepared to leverage the pandemic to their advantage. In the month following the first UK/global Pfizer vaccine dose was given to 90-year-old Margaret Keenan, Webroot’s Real-Time Anti-Phishing protection system found a rise in malicious URLs and terms to target vulnerable people, using subjects like the vaccine, COVID Cures and travel to compel them to click on malicious links and open illegitimate emails. This includes: Over 4,500 new suspicious domains found, which contained a combination of words…
Sun Tzu, the fifth-century B.C. Chinese general and philosopher, knew that knowledge is power and stated this in his oft-cited work, Art of War, as follows: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This wisdom of the military strategist is not only applied on real battlefields, but also on the digital frontlines of cyberspace. At least since the emergence of the first real malware about 25 years ago (e.g. ‘Melissa’ and ‘ILOVEYOU’), it became clear that criminals lurk in the expanses of the World Wide Web. Nevertheless, it is no…
Security researcher Kirk Sayre discovered the new phishing campaign using the Finger Command to infect Windows 10 device with malware. Finger command is used display information about users on the remote machine but can be used to download MineBridge malware on an unsuspecting victim’s device. It works in this way: The victim received the phishing email containing the document;The victim then clicks to enable editing the document, a macro will run that uses the Finger Command to download a Base64 encoded certificate that is actually a malware executable;The downloader then uses DLL hijacking to sideload the MineBridge malware.
The m, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed breach involving customers’ personal data. The Register also reported that the company wrote to customers mid-last week to inform them of a “breach of security resulting in the unauthorised access to data from our user database”. The data is question is: Customers’ names;Customers’ emails; andCustomers’ password hash.
If 2020 taught us anything it’s that an organisation needs to be able to anticipate, prepare for, respond and adapt to pretty much anything in order to survive and prosper. The first step is understanding that organisational resilience is a strategic capability that goes way beyond just crisis management. It involves learning from experiences and adopting best practices to deliver business improvement by delivering secure communication and building competence and capability across all aspects of an organisation. Almost 12 months down the line from an unprecedented global pandemic, during which organisations were forced to take a head-on approach to managing…