In response to reports that 21% of business decision-makers say they do not trust any of their anti-money laundering (AML) checks to be automated, an expert from Acuant offers perspective.
ISBuzz Team
New findings were published today on the “Gitpaste-12” worm, which uses GitHub and Pastebin to store component code and has at least 12 different attack modules available to exploit a range of vulns. It relies on GitHub and Pastebin to download payloads, two sites that aren’t usually blocked and their connection is encrypted, making it more difficult for traditional security measures to block this attack. Current targets are Linux based x86 servers, and Linux ARM and MIPS based IoT devices. Juniper Threat Labs: Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin – Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
The GEO Group, a company known for running private prisons and illegal immigration detention centers in the US and other countries, says it suffered a ransomware attack over the summer. Personal data and health information for some inmates and residents were exposed during the incident, which took place on August 19. This includes data for inmates and employees at the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville, Pennsylvania, and a now-closed facility in California, the company told ZDNet. “GEO implemented several containment and remediation measures to address the incident, restore its systems and reinforce the security of its networks and…
In response to a new Bitdefender report which found that COVID-19 has left businesses at a far higher risk of cyber-attacks, largely due to their corporate infrastructure being exposed to attack vectors and threats that would not have been considered a year ago, experts from three cybersecurity firms offer perspective.
It has been reported that more than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee. Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their…
Juniper Threat Labs is offering perspective on the newly discovered RegretLockerExperts On RegretLocker Ransomware Strikes Windows Virtual Desktops ransomware, which rapidly encrypts Windows virtual desktops according to researchers. MalwareHunterTeam: https://twitter.com/malwrhunterteam/status/1321375502179905536?s=20 Researcher Vitali Kremez: https://twitter.com/VK_Intel/status/1323693700371914753?s=20 Juniper Threat Labs: https://threatlabs.juniper.net/signatures/#/
US toymaker Mattel revealed today that it suffered a ransomware attack that crippled some business functions, but the company says it recovered from the attack with no significant financial losses.
Cybersecurity researchers discovered about 75,000 files after buying 100 USB drives on an internet auction site, according to BBC News. Tax returns, contracts and bank statements were among the “deleted” files recovered by Abertay University investigators from the used drives, and some even contained files named “passwords” and images with embedded location data. All but two of the drives appeared empty, but the team said it had been “worryingly easy” to retrieve data, as they used “publicly-available tools” to retrieve the sensitive information. They added that only 32 of the drives had been properly wiped, while partial files were extracted…
McAfee has released its Quarterly Threats Report examining cybercriminal activity related to malware and the evolution of cyber threats in Q2 2020. During this past quarter, McAfee saw an average of 419 new threats per minute. What began as a trickle of COVID-19-related phishing campaigns has evolved into a surge of data breaches and threat actors leaking sensitive data - exploiting the realities of large swathes of the workforce working from home. Top findings in the report include: · McAfee’s global network of over a billion sensors registered a 605% increase in total Q2 2020 COVID-19-themed attack detections · McAfee saw PowerShell malware surged 117% due to proliferation of malicious Donoff documents · Attacks on cloud…
Following the NCSC’s Annual Report on the rise of cyber-attacks – and particularly those exploiting fears around COVID-19 – during the pandemic, it is clear that security teams are vastly outnumbered. To cope with the volume of threats, the sophistication of attacks, and the fact that many teams are away from the infrastructure the office provides, advanced technology will be the key to fighting these threats going forward, and filling the skills gap.