Over a quarter of people have willingly given away their passwords to someone else, according to a survey that Jake Moore, Cybersecurity Specialist at ESET, recently ran on Twitter, receiving over 2,700 responses. The survey into the ways that people share their media service accounts with friends and family gives some great insight into how people treat their passwords, finding that: 60% of people share their accounts with at least one other person, such as family members and friends. One in three account holders shared their services with two or more others.More than 1 in 5 people gave their password…
ISBuzz Team
Researchers with Lacework have published new findings on Muhstik, the long-active botnet currently employing several web application exploits to mine cryptocurrency and target Oracle WebLogic and Drupal. The botnet is monetized via XMRig, cgmining and with DDoS attack services. Lacework researchers note: “Muhstik leverages IRC for its command and control and has consistently used the same infrastructure since its inception. The primary method of propagation for IoT devices is via home routers however there are multiple attempted exploits for Linux server propagation. Targeted routers include GPON home router, DD-WRT router, and the Tomato router… (its activities are) tied to cryptomining and Linux backdoors.
A delayed transition of power from President Trump to Biden fueled by lawsuits and efforts to stall Biden-Harris’ team on getting up to speed, could threaten U.S. national security and leave the new administration flat-footed in responding to cyberattacks.
Earlier this week, the Federal Trade Commission announced a settlement with Zoom, requiring the company “to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.” The FTC alleges that Zoom provided a lower level of encryption than promised to its users.
Privacy and security experts commented on news that the Ragnar Locker ransomware group is running ads on Facebook to pressure victims to pay.
Fleeceware applications, posing as Minecraft mods, lure hundreds of dollars per month from their users for simple services such as new wallpapers Avast (LSE:AVST), a global leader in digital security and privacy products, has identified a wave of malicious mobile applications in the Google Play Store targeting gamers, particularly fans of the popular Minecraft video game. These so-called “fleeceware” applications offer new skins, colorful wallpapers, or modifications for the game, but disproportionately charge users hundreds of dollars per month. Avast has reported seven of these apps to Google, but as of this publication they are all still active. Fleeceware, a…
New research by Zscaler, analyzing 6.6 billion security threats, has discovered a 260% increase in attacks during the first nine months of 2020. Among the encrypted attacks was an increase of the amount of ransomware by 500%, with the most prominent variants being FileCrypt/FileCoder, followed by Sodinokibi, Maze and Ryuk.
Egress’ recent Outbound Email Security Report has revealed that stressed, tired employees are behind almost four in ten of the most severe data breach incidents. As stress levels rise, rushed employees are more likely to make simple mistakes such as sending an email to the wrong person, or attaching the wrong file. With remote workers facing distractions from childcare to delivery drivers ringing the doorbell, employees are likely to make simple mistakes such as sending an email to the wrong person, possibly exposing sensitive data. In fact, Egress’ research found that 80% of organisations have had sensitive data put at risk because of an employee sending an email to…
After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia.
As reported by TechDirt, a new EU “Draft Council Resolution on Encryption” has come out as the EU Council of Ministers continues to drift dangerously towards banning end-to-end encryption. The organisation says they just want “lawful access” to encrypted content, but there are fears that any such backdoor would effectively remove the protections of end-to-end encryption: The European Union fully supports the development, implementation, and use of strong encryption. Encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry, and society. At the same time, the European Union needs to ensure the ability of competent…