It has been reported that security researchers have uncovered a new Russian-based hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data. Named RedCurl, the activities of this new group have been detailed in a 57-page report released today by cyber-security firm Group-IB. The company has been tracking the group since the summer of 2019 when it was first called to investigate a security breach at a company hacked by the group. Since then, Group-IB said it identified 26 other RedCurl attacks,…
ISBuzz Team
Amazon’s Alexa platform had bugs that a hacker could have exploited to grab a target’s entire voice history, according to Wired. This left the entirety of users’ recorded audio interactions with Alexa vulnerable, as well as additional personal information. Since, Amazon has patched the flaws, which could have yielded profile information, including home address and the “skills,” or apps, the user had added for Alexa. An attacker could have even deleted an existing skill and installed a malicious one to grab more data after the initial attack.
Not sure if you saw the recent news that California’s public health department failed to renew a server certificate required to transfer COVID case-related data to Quest labs. A backlog of 250,000-300,000 records resulted from the outage, which caused under-reporting of COVID cases, and a full investigation into the incident.
CI Security has released today its healthcare data breach report, which analysed data from the US Department of Health and Human Services (HHS). The analysis found that healthcare breach reports in the first half of this year were down 10.4% compared to the second half of 2019, with the number of breached records falling by nearly 83%. Below are some comments from cybersecurity experts explaining why we have observed such a decline in healthcare breaches in 2020.
At one point this spring, a single set of money-hungry hackers controlled nearly a quarter of the endpoint infrastructure through which the anonymizing internet browser Tor routed traffic, a researcher who tracks Tor claimed this week.
White hat hackers CyberNews recently discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018. This unsecured bucket of data was hosted on an Amazon S3 server and exposed for around 18 months in total before Amazon shut it down in June. CyberNews says it’s unclear if malicious actors accessed the data, however, anyone who knew it was there could have downloaded the files.
Tripwire has today released the results of a survey on the implementation of cloud security best practices. Conducted by Dimensional Research last month, the survey evaluated the opinions of 310 security professionals. According to the survey, a number of organizations face shortcomings in monitoring and securing their cloud environments. A majority of security professionals (76%) state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment. Almost all (93%) are concerned about human error causing accidental exposure of their cloud data. Attackers…
The US Department of Commerce, in a joint press release with the European Commission, is calling for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16th judgment of the Court of Justice of the European Union in the Schrems II case, which ruled the current EU-US framework “is no longer a valid mechanism to transfer personal data from the European Union to the United States.” (Note: Mr. Schrems claimed in a complaint against Facebook Ireland that the United States does not offer sufficient protection of data transferred to other countries. The case is seen to have broad implications on the…
The initial move to working from home had many teams making huge adjustments to this way of working. IT departments all over the world worked miracles to make sure staff had access to whatever they needed, wherever they were, to keep businesses up and running. But, as any IT person will tell you: the battle is not over. It’s one thing to get everything up and running, but another to keep it up and running. One of the main challenges for IT teams has been that not only are their users logging in remotely, but so are they. With the lockdown having lasted…
Cybersecurity researcher Mazin Ahmed discovered Zoom vulnerabilities that allowed data theft and malware deployment. According to findings presented at DEF CON 2020, Zoom left a misconfigured development instance exposed that wasn’t updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched.