Facebook recently fixed a critical flaw in the Facebook Messenger for Android messaging app by which one can listen to other users’ surroundings without their knowledge. As per official Play Store page, it is used by nearly 1 billion users.
ISBuzz Team
Earlier last week, Verizon issued its first-ever Cyber-Espionage Report. The 2020 Cyber Espionage Report (CER) draws from seven years of Verizon Data Breach Investigations Report (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise. Verizon said that it published the CER to serve as a guide for cybersecurity professionals searching for ways to improve their organisation’s cyber-defence posture and incident response (IR) capabilities. Key findings of the report are that for cyber-espionage breaches, 85% of actors were state affiliated, 8% were nation-state affiliated, and just 4% were linked with organized crime. Former employees made up 2%…
It’s that time of year again, all you CISOs and other security leaders: time to reflect on the year past and to promise yourself you’ll make next year so much better, both personally and professionally. Considering how most of 2020 played out, no one could blame you for thinking it can only get better. For security practitioners, 2020 was a year of extraordinary disruption. For many, the coronavirus pandemic meant scrapping their carefully crafted strategic plans and focusing their security efforts and resources on adapting to the new normal. Business models—and the IT needed to support the business—changed overnight. Resiliency…
The effectiveness of MFA solutions continues to be a big debate, following the news of Microsoft urging users to abandon telephone-based multi-factor authentication (MFA) solutions in favour of newer MFA technologies, it poses the question – what more can organisations be doing?
Cybercriminals will use AI in multiple ways: as a weakness, since it can increase the potential attack surface, while other forms of AI, such as deep fakes, are being weaponised to attack. A new report from Europol warns that new screening technology will be needed to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets. More on the story here:
A popular Christian faith app has unwittingly exposed the personal data of up to 10 million users dating back several years, after misconfiguring its cloud infrastructure, researchers have warned. Santa Monica-headquartered Pray.com claims to be the “#1 App for daily prayer and biblical audio content” and has been downloaded over a million times from the Play Store. Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the company. Although it had made private around 80,000 files, it failed to replicate these security measures on its Cloudfront CDN, which also had access to the files. This means a hacker…
A cyberattack has hit Manchester United’s systems, but it is not yet clear if there is any breach of personal data for fans or customers. The club has acknowledged the attack but added that forensic tracing is being carried out in an attempt to establish further details about the attack.
Members of Parliament (MPs) have been targeted by 22,321,459 malicious email attacks over the last 8 months, from 1st January to 31st August – averaging out at roughly 2,790,182 attacks per month. The attacks, which were all successfully blocked, include emails suspected of being phishing, spam and malware. The data was obtained via a Freedom of Information (FOI) act request from a Parliament Street think tank. In comparison, last year’s Parliament Street report showed just 1,747,759 monthly average attacks were aimed at MPs. This means there has been a rise of nearly one million email attacks per month, or 60…
11 smart doorbells purchased from online marketplaces have failed Which? security tests, in the latest example of smart products that could pose a risk to you and your home. These doorbells were found on eBay and Amazon, many of which had scores of 5-star reviews, were recommended as ‘Amazon’s Choice’, or on the bestseller list. One was labelled as the number one bestseller in ‘door viewers’, but vulnerabilities were found in every single one. Among the smart doorbells reviewed were the Victure Smart Video Doorbell Camera, Qihoo 360 D819 Smart Video Doorbell, Ctronics CT-WDB02 Wireless Video Doorbell, and an unbranded…
With Black Friday and Cyber Monday just a week away, an expert with Juniper Threat Labs offers insight into why Magecart attacks are likely to be on the increase for the 2020 holiday shopping season, and what hyper-connected enterprises can do to help defend against them.