A new email phishing scam, falsely purporting to be from the ‘Government Digital Service Team’, has been uncovered by the Parliament Street think tank’s cyber research team. The sophisticated phishing attack targets low-income earners and claims that the addressee will be receiving a Council Tax Reduction of almost £400. The fraudulent email uses official branding and government logos to trick the user into thinking the content is legitimate, before redirecting them to a malicious site designed to harvest personal information, such as bank card details, account number, sort code and security code, as well as a home address and mobile…
ISBuzz Team
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory recommending Immediate Actions to Reduce Exposure Across all Operational Technologies and Control Systems. The advisory warns of foreign cyber threat actors potentially targeting US critical infrastructure and provides “immediate steps to ensure resilience and safety of US systems should a time of crisis emerge in the near term.” It notes that “Legacy OT assets that were not designed to defend against malicious cyber activities, combined with readily available information that identifies OT assets connected via the Internet (e.g., Shodan1 [2], Kamerka [3]), are creating a “perfect storm” of…
The personal details of the Instacart customers are sold on dark web conatining the last four digits of credit card numbers, and order histories. The information is being sold by sellers on two dark wen stores and has impacted “millions of customers across the US and Canada,” according to a company spokesperson. https://twitter.com/BuzzFeedNews/status/1286094671542808577
CouchSurfing is investigating a security breach affecting 17 million users. The CouchSurfing data is currently being sold for $700 on Telegram channels and hacking forums. As part of our expert comment series, the cybersecurity expert reacted below on this breach.
It is being reported by the BBC that a premier league club almost lost £1m to hackers during a transfer deal. A new report from the NCSC says the email address of a Premier League club’s managing director had been hacked during a transfer negotiation. It was only the intervention of the unnamed club’s bank that stopped the theft.
Twitter has revealed that hackers viewed private direct messages (DMs) from 36 of the accounts involved in last week’s hack. It has not disclosed who they belonged to beyond saying one was owned by an elected official in the Netherlands. Twitter added that it does not believe any other former or current politicians had their DMs accessed. It is not clear how many of the accounts overlap with the 45 that tweeted a Bitcoin scam. Although Twitter has not named the Dutch official affected, local reports have indicated it is likely the far-right politician Geert Wilders. More information: https://www.bbc.co.uk/news/technology-53510574
It’s said that the devil never sleeps. Perhaps no other industry demonstrates this so pointedly as cybersecurity, where the enemy could be anywhere in the world — and in any time zone. Finding time to relax is tough enough in today’s digital 24/7 world. But having a job where the bad guy could sit down to begin his “work” day with a hot cup of coffee at the same moment I’m rolling over to turn off the light, is a surefire recipe for insomnia. And that doesn’t take into account the challenge of keeping on top of an ever-evolving slew…
Apple will start loaning special research iPhones with unprecedented access to skilled and vetted researchers, enabling them to find and report security vulnerabilities in which Apple can address through its iOS Security Research Device program. https://twitter.com/9to5mac/status/1285987410195746824
The newly-issued Skybox Security 2020 Vulnerability and Threat Trends Report is out this morning, analyzing the vulnerabilities, exploits, and threats active in 1H:2020 in the chaos surrounding the COVID-19 pandemic. Among key findings: 20,000+ new vulnerability reports predicted for 2020, shattering previous records 50% increase in mobile vulnerabilities highlights the dangers of blurring the line between corporate and personal networks Ransomware thrives during COVID-19 pandemic, with new samples increasing by 72% Attacks on critical infrastructure, including healthcare companies and research labs, have added to the chaos.
In response to Family Tree Maker, a popular family tree software, exposing tens of thousands of its users’ personal information online via a misconfigured cloud server, cybersecurity experts provide an insight below.