The U.S. Secret Service has announced the creation of the Cyber Fraud Task Force (CFTF) “designed to improve the coordination, sharing of expertise and resources, and dissemination of best practices for all its core investigations of financially-motivated cybercrime. The CFTFs will leverage the combined resources and expertise of both the ECTFs and FCTFs to collaboratively investigative the range of cyber-enabled financial crimes, from business email compromise (BECs) scams to ransomware attacks, from data breaches to the sale of stolen credit cards and personal information on the Internet.”
ISBuzz Team
A previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system, security researchers said Thursday. A hacker who successfully exploits the vulnerability could access files on the vulnerable computer, said Mitja Kolsek, chief executive of ACROS Security, the Slovenian cybersecurity firm that highlighted the issue. “If the user is a local administrator, the attacker could completely take over the computer,” Kolsek told CyberScoop. The “zero-day” vulnerability applies to Zoom software running on Windows 7, or even older operating systems. More information: https://www.cyberscoop.com/zoom-zero-day-windows-7-acros/
A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. A patched version of the plugin, version 2.9.5, was released on June 29. While approximately 62% of users have updated to version 2.9.5, around 38% of websites with KingComposer enabled are still at risk of exploit.
Webmasters who use WordPress plugin Adning Advertising are urged to patch against a critical vulnerability that is reportedly being exploited in the wild. Exploitation of the flaw enables an unauthenticated attacker to upload arbitrary files, leading to remote code execution (RCE) and potentially a full site takeover. Such is the flaw’s seriousness, MITRE has assigned it the highest possible CVSS score – 10.0.
A critical vulnerability was found in smartwatch software used to help elderly patients. The vulnerability would have allowed hackers to access the watches, sometimes designed to help elderly patients with dementia, and fatally interfere with their treatment.
Video conferencing software Zoom is working on patching a zero-day vulnerability that was disclosed online earlier today in a blog post by cyber-security firm ACROS Security. The security firm said the zero-day impacts Zoom’s Windows client, but only when the clients are running on old Windows OS versions, such as Windows 7 and Windows Server 2008 R2 and earlier.
According to researchers at Abnormal Security, Microsoft Office 365 users are being targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins. So far the phishing campaign impersonating automated Zoom account suspension alerts has landed in over 50,000 mailboxes based on stats provided by researchers as email security company Abnormal Security who spotted these ongoing attacks. Those targeted by this campaign are a lot more willing to trust such emails during this time since the number of remote workers taking…
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti’s distribution is increasing.
As reported by CNET, the governments of the UK and Australia are investigating a facial recognition company that grabbed billions of people’s pictures from across the internet for use in its database. The inquiry will look at Clearview AI and whether its scraping and handling of data violated the UK Data Protection Act and the Australian Privacy Act. The joint investigation comes three days after the Office of the Privacy Commissioner of Canada said that Clearview AI will be leaving Canada in response to a separate investigation by that agency. The office of Canada’s privacy commissioner said it’s still investigating how Canadian police used the…
As reported by Infosecurity, just 5% of Brits are able to recognize all scam emails and texts, a study from Computer Disposals Limited has found. Scam emails purporting to be from Facebook were shown to be most likely to trick people. Additionally, participants found it harder to spot scams via SMS messages compared to emails. For the study, Computer Disposals created a quiz comprised of genuine recreated messages and emails from organizations including the UK government, Amazon, Disney Plus and Netflix alongside scam texts and emails that included the exact tactics being used by hackers to gain access to users’ accounts and personal details.…