Microsoft says it detected and worked to stop a series of cyberattacks from the threat actor Phosphorous masquerading as conference organizers to target more than 100 high-profile individuals. Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia. The Munich Security Conference is the most important gathering on the topic of security for heads of state and other world leaders, and it has been held annually for nearly 60 years. Likewise, T20 is a highly visible event that shapes policy ideas for the G20…
ISBuzz Team
Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems.[1] A total of 3,514 hosts were scanned, including network devices, servers, and workstations. The results show the presence of high-risk vulnerabilities at most companies. However, half of these vulnerabilities can be eliminated by installing the latest software updates.[2] The research shows high-risk vulnerabilities at 84 percent of companies across finance, manufacturing, IT, retail, government, telecoms, and advertising. One or more hosts with a high-risk vulnerability having a publicly available exploit are present at 58 percent of companies. Publicly available exploits exist for 10 percent of the vulnerabilities found, which…
Collaborative robots were gaining momentum in the marketplace before the COVID-19 pandemic arrived. They create situations where humans and machines work safely, side by side. However, the global health threat forced companies to cope with reduced operations and the possibility of having an entire team of workers isolate due to virus exposure. These advanced machines — commonly known as cobots — became even more appealing. Keeping Companies Running With Smaller Workforces If authorities categorized a company’s offerings as essential, it could stay open during lockdowns meant to control the virus. Receiving permission to continue operating didn’t remove obstacles for those…
Don’t Let Spooky Season Get Any More Chilling – Here’s How You Can Keep the Ghouls & Goblins from Stealing your Data Cybersecurity Awareness Month aims to provide individuals with the resources they need to be safer and more secure online. It’s appropriate that this holiday falls during the month of Halloween, as hackers are the ghouls and goblins of the online world and even mentioning them causes chills. The last thing we need are more frights during this spooky season. With so many breaches making news headlines every day, it’s easy to feel as though there’s nothing that we…
In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of clients globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations…
The multinational energy company Enel Group has been hit by a ransomware attack for the second time this year. This time by Netwalker, who is asking a $14 million ransom for the decryption key and to not release several terabytes of stolen data. Enel is one of the largest players in the European energy sector, with more than 61 million customers in 40 countries. As of August 10, it ranks 87 in Fortune Global 500, with a revenue of almost $90 billion in 2019.
Following the news that Zoom is rolling out end-to-end encryption for users globally, Cybersecurity expert has provided the below comment.
True, which bills itself as the social networking app that will “protect your privacy,” has experienced a security lapse which left one of its servers exposed without a password — spilling private user data to the internet for anyone to read, browse and search the database. The dashboard contained daily server logs dating back to February, and included users’ registered email address or phone number, the contents of private posts and messages between users, and the user’s last known geolocation, which could identify where a user was or had been. The dashboard also exposed the email and phone contacts uploaded by…
The UK’s Information Commissioner’s Office has found that the credit agency Experian has been sharing the personal information of millions of people without their consent in a blatant disregard of GDPR. More details of this story here: Experian: Credit agency told to stop sharing data without consent
It has been reported that an Iranian threat actor has successfully compromised attendees of two global conferences – including ambassadors and senior policy experts – in an effort to steal their email credentials. Microsoft linked the attack, which targeted more than 100 conference attendees, to Phosphorus, which it said is operating from Iran. The group – also known as APT 35, Charming Kitten, and Ajax Security Team – has been known to use phishing as an attack vector.