A technical paper from the researchers at Leiden Institute of Advanced Computer Science details how researchers discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware. In an inspection of 47,313 downloaded and checked repositories, fully 10.3% (4893), were found to “have symptoms of malicious intent.” This number excluded fakes and prankware.
ISBuzz Team
Th social media app WhatsApp has gone down this morning and we have comments from cyber security experts on the matter below.
It has been reported that a PoS payment card attack involving a pair of malware variants was used to steal more than 167,000 payment records from 212 infected devices mostly in the U.S. Full story: Researchers uncover more than 167,000 stolen credit card numbers, primarily from the U.S. – CyberScoop
It has been reported that the Typosquat campaign mimics 27 brands to push Windows, Android malware. Full story: Typosquat campaign mimics 27 brands to push Windows, Android malware (bleepingcomputer.com)
Symantec has just released a report on BlackByte ransomware’s new double extortion capabilities – see here. This comes just months after the FBI released an advisory on the strain following its use to breach three companies in the US’s critical infrastructure.
The FBI has released a warning that scammers may be targeting individuals seeking to enroll in the Federal Student Aid program to steal their personal information, payment details, and money.
A lot has changed over the last decade, making 2023 the year that every organisation could be hit by ransomware – unless they act on it. Survey after survey shows that the vast majority of organisations faced a ransomware attack in 2021 and 2022 – a significant percentage of which were harmful, and the rate of attack continues to evolve in numbers and sophistication. Businesses across Europe need to strengthen their cyber-resilience to ensure they can recover from the near-inevitability of cybercriminals attacking data on-premises, in the cloud and even in SaaS services.
2022 (ISC)² Cybersecurity Workforce Study sheds light on the demand for cybersecurity talent with the gap growing twice as much as the workforce with a 26.2% year-over-year surge (ISC)² – the world’s largest non-profit association of certified cybersecurity professionals – today highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022 (ISC)² Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. Despite adding 464,000 more cybersecurity professionals this year, the data revealed that 3.4 million more cybersecurity workers are needed to…
Following the news this morning that Medibank, Australia’s biggest health insurer has suffered a data breach, cybersecurity experts reacted below.
It has been reported that a ransomware group which unusually targets Russian organizations has upped its efforts this year, demanding larger ransoms from its victims and developing new malware for Linux, according to Group-IB. The security vendor yesterday released what it claimed was the first comprehensive report on the group known as “OldGremlin,” which was first spotted in 2020.