Almost 16,000 cases of coronavirus in the UK went unreported because of a glitch caused by an Excel spreadsheet, it has been reported. Public Health England (PHE) said 15,841 daily COVID-19 cases between 25 September and 2 October had been left out of UK totals. The error has caused delays in tracking the contacts of people who tested positive. On Monday, the Press Association (PA) news agency reported that the problem was caused by a Microsoft Excel spreadsheet reaching its maximum file size. Commenting on the news are the following cybersecurity experts:
ISBuzz Team
Her Majesty’s Revenue and Customs (HMRC), the British central tax office, has been bombarded with 521,582 malicious email attacks over the last three months, according to official figures released today. The data, which was obtained by the Parliament Street think tank cyber security research team using the Freedom of Information (FOI) Act, showed an average of over 5,000 spam, phishing, and malware attacks were recorded by the organisation over the a three month period between June and September. Spam and junk made up the largest proportion of attacks – contributing to 377,820 of the total 521,582 recorded by HMRC. Whereas, phishing, made up 128,255…
Cybercriminals sent tens of thousands of malicious email attacks yesterday asking recipients to volunteer for the Democratic Party ahead of the November U.S. election, according to cybersecurity researchers at Proofpoint. The emails borrow language from the website of the Democratic National Committee and seek to leverage interest in the U.S. presidential election following the first televised debate Tuesday between Republican President Donald Trump and Democratic contender Joe Biden. The over 30,000 emails were designed to deliver the Emotet malware, and show cybercriminals using lures aiming to entice recipients to click. The full details of the findings are online here: https://www.proofpoint.com/us/blog/threat-insight/emotet-makes-timely-adoption-political-and-elections-lures.
It has been reported that the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing this advisory to highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities. Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business. Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations. This advisory…
It has been reported that researchers at an Israeli operational technology (OT) company have discovered multiple critical vulnerabilities in two popular industrial remote access software solutions. The flaws can be used to access industrial production floors, break into company networks, tamper with data, or steal highly sensitive trade secrets.
A couple of days ago, WhiteSource released its DevSecOps Insights Report, which was aimed at better understanding the level of DevSecOps maturity inside organisations. 20% of respondents described their organisations’ DevSecOps practices as “mature”, while 62% said they are improving practices and 18% as “immature”. Additional key insights from the report included: In order to meet short deployment cycles, 73% of security professionals and developers feel forced to compromise on security. AppSec tools are purchased to ‘check the box’, disregarding developers’ needs and processes, resulting in tools being purchased but not used. Developers don’t fully use the tools purchased by the security team. The more…
Amazon has announced a new payment system for real-world shops which uses a simple wave of the hand. Its new Amazon One scanner registers an image of the user’s palm, letting them pay by hovering their hand in mid-air “for about a second or so”, it says.
Victims of ransomware schemes and financial institutions could violate sanctions or anti-money-laundering rules—and face stiff penalties—if they facilitate or make payments to attackers, the U.S. Treasury Department said in a pair of advisories Thursday. The notices, issued by units of Treasury’s Office of Terrorism and Financial Intelligence, warned victims and businesses that assist them to be particularly wary of making ransomware payments to blacklisted individuals and entities, including hacker groups in countries such as Iran, North Korea and Russia. More information: https://www.wsj.com/articles/treasury-warns-against-keeping-ransomware-payments-quiet-11601587735 Treasury advisory: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20201001
As reported by Reuters, cyber insurers and other financial institutions that facilitate payments to hackers to end cyberattacks risk running afoul of sanctions rules, the U.S. Treasury Department warned on Thursday. The warnings, which referenced malicious programs known as ransomware, came in advisories from Treasury’s Office of Foreign Assets Control (OFAC)and Financial Crimes Enforcement Network (FinCEN).
New research “Priority threat actors adopt Mirai source code” from Juniper Threat Labs shows how threat actors are adopting and evolving Mirai source code for new targets. Juniper researcher Jesse Lands also warns that many organizations are becoming unduly complacent about Mirai attacks, placing them at heightened risk.