Today, a brief published on how Voatz wrongly prosecuted an ethical hacker across the board on security research as a part of the Van Buren Amicus briefing.
ISBuzz Team
Following this week’s news, that Apple accidentally approved one of the most popular Mac malware threats, OSX.Shlayer, as part of its security notarisation process, please see below for a comment from cybersecurity expert, Kaspersky.
Music recording powerhouse Warner Music Group has disclosed a months-long web skimming security incident that involved some of the company’s online stores. Warner Music said hackers compromised a number of US based e-commerce between April 25 and August 5 hosted by external serviec provider.
Following the NCC Group’s warning that businesses are increasingly vulnerable from a rise in cyberattacks due to home working as a result of the COVID-19 pandemic, please see below for a short comment from David Emm, principal security researcher at Kaspersky.
Collaboration company Slack disclosed a Remote Code Execution (RCE) flaw on August 31st, 2020, affecting users of its Windows, Mac OS, and Linux desktop application versions. Users that click on an HTML injected image are redirected to an attacker’s server where a malicious JavaScript payload is executed within the Slack application on the user’s local machine, which could gain an attacker access to any sensitive data held within the Slack application. This vulnerability was initially reported by a security researcher through HackerOne in January, patched by Slack in February but went undisclosed until recently. It is recommended that all users of…
This week the Nuspire Security Analytics Team observed a new spike on TA505 activity targeting industries such as Finance, Automotive, Healthcare, and Government, among others. The threat group has modified and stabilized their social engineering technique, they were observed sending emails with an attached HTML page that contained malicious JavaScript code, which directed the victims to a compromised website that mimicked legitimate website pages, such as OneDrive, Dropbox, or Naver, through a compromised machine controlled by the intrusion set. Nuspire continues to monitor threat actors and new and renewed exploits to share potential ways to mitigate risks. Also, the company…
Here’s a comment from leading cyber-security vendor Check Point on the news that a Twitter account of Indian Prime Minister Narendra Modi has been hacked.
It has been reported that corporate CEOs could soon be personally liable if they fail to adequately secure IT systems connected to the physical world, Gartner has warned. The analyst firm predicted that as many as 75% of business leaders could be held liable by 2024 due to increased regulations around so-called “cyber-physical systems” (CPSs) such as IoT and operational technology (OT).
CISA and the FBI have released a joint statement to reassure the public that the agencies have seen no cyberattacks on voter registration databases this year, following news reports about Michigan voter data appearing on a Russian hacking forum. https://twitter.com/CISAgov/status/1300887388366004225
Apps, social media platforms and online games that are specifically targeted at children will now have to put privacy at the heart of their design. A code of practice outlining how children’s data should be protected has come into force and firms have 12 months to comply with the new rules. If they do not, they could face huge fines imposed by the Information Commissioner’s Office. The ICO has the power to fine firms up to 4% of their global turnover if they breach data protection guidelines. More information: https://www.bbc.co.uk/news/technology-53985421