As reported by the Daily Record, Windows and Android users have been urged to be aware of criminals infiltrating popular websites and apps as part of a large-scale cyber campaign. Hackers are using deliberately misspelt domains for some of the world’s most popular websites, and reports of cyber-crime have skyrocketed as hackers constantly conjure up new ways to target innocent victims. Some disguise these vicious bugs as other apps, which can steal personal login details of online profiles, while others have the ability to drain bank accounts. This type of hacking is known as “typosquatting”, according to Marijus Briedis, Chief Technology Officer…
ISBuzz Team
Following news of a critical zero-day vulnerability in OpenSSL, a component that allows nearly all encryption across the Internet to happen, please see comment below from Information security and industry experts. This is only the second critical vuln to be identified in OpenSSL since the Heartbleed bug in 2014 (which was considered a disaster), but given the potential severity of the issue, experts are concerned about the level of preparedness in many organisations.
Following the news that: Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity
It has been reported that tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges.
It has been reported that the Ukrainian authorities have posted information warning of a new ransomware campaign against organizations in the war-torn country. In a brief notice, the Ukrainian CERT said it had discovered phishing emails spoofed to appear as if sent from the “Press Service of the General Staff of the Armed Forces of Ukraine.” The full story can be found here: https://www.infosecurity-magazine.com/news/ukraine-warns-of-cuba-ransomware/
A recent poll of 700 C-level, CISO’s and office workers in the U.S. and U.K. found that 54% of the office workers said that if a business experienced a recent cyber breach, it would influence their decision to work there, with just one third saying it would not affect that decision. In the study, prepared for security provider Encore, researchers also found that while most C-level executives (57%) knew they had been breached in the last 12 months, just 39% of the office workers believed their company had been breached in the same period. This lack of transparency could impact…
It has been reported that Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai.
UK finance has urged people to stay ‘alert for fraud’, as they become more susceptible to online scams amid financial uncertainty.
The construction company Interserve received a hefty fine of £4.4 million from the ICO due to a security breach. Below is a comment from cybersecurity experts on this large fine and how it will help industry as a whole.
It has been reported that U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). The full story can be found here: https://thehackernews.com/2022/10/cisa-warns-of-daixin-team-hackers.html