Between now and 2025, 37% of people in work expect the number and value of fines faced by employers for data breaches to increase – with 6% anticipating a dramatic rise. Just 3% anticipate a fall. The findings (1), which are from DSA Connect, an IT asset disposal company that specialises in the permanent deletion and destruction of electronic data, also reveal that when it comes to fines for employers linked to the inadequate deletion and destruction of data, the corresponding figures are 32%, 4% and 2% respectively. One of the main reasons for this trend is that employees now have…
ISBuzz Team
It was reported over the weekend that an Instagram star is facing criminal charges over an attempt to steal £100m from a premier league club, amongst others, using Business Email Compromise fraud email attacks.
5,000 developers were mistakenly allowed to gather information from people’s Facebook profiles after a time limit on their rights had expired, according to BBC News. Apps on Facebook are supposed to be prevented from accessing people’s personal data if the app has not been used for 90 days, but this lock-out has not always worked due to a flaw in how it recorded inactivity. Facebook gave an example of the error in action, explaining that if two Facebook friends had both used an app, and only one was still using it after 90 days, the app might gather personal information from…
As of June 16, 2020, a total of 19 vulnerabilities, collectively called Ripple20, were found within an embedded TCP/IP stack software library. This library, developed by Treck, Inc. was used in the manufacturing chain across all industries and could affect several hundred million connected devices. There are at least 21 confirmed affected vendors including Aruba Networks, Cisco, Dell, Digi International, HP, Intel, as well as several OT device manufacturers, such as Rockwell Automation and Schneider Electric/APC. Four vulnerabilities are considered critical and are tracked against CVE-2020-11896, CVE-2020-11897, CVE-2020-11898 and CVE-2020-11901. These four have a CVSS severity score greater than 9 and can lead…
European police and crime agencies have hacked an encrypted communications platform used by thousands of criminals and drug traffickers in one of the largest law enforcement busts ever, according to Endgadget. By infiltrating the Encrochat platform, police across Europe gained access to a hundred million encrypted messages, which – in the UK alone – helped officials arrest 746 suspects, seize £54 million (about $67 million) and confiscate 77 firearms and two tonnes of Class A and B drugs. The encryption code on Encrochat was likely cracked in early March, and law enforcement agencies began collecting data from the platform on April…
The perpetrator has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for payment, threatening to expose the leak, and contact the victim’s local General Data Protection Regulation (GDPR) Enforcement Authority.
Positive Technologies expert Mikhail Klyuchnikov has discovered a vulnerability in the configuration interface of the BIG-IP application delivery controller (ADC) used by some of the world’s biggest companies. Attackers can run commands as an unauthorized user and completely compromise a system, including the interception of controller application traffic. The vulnerability can be exploited remotely. According to threat intelligence monitoring, Positive Technologies experts found that in June 2020 there were more than 8,000 vulnerable devices available from the internet in the world, of which 40% lie in the United States, 16% in China, 3% in Taiwan, and 2.5% in Canada and Indonesia.…
Security researchers found an unsecured AWS S3 bucket belonging to fitness brand V Shred that exposed the personally identifiable information (PII) of roughly 99,000 prospective customers, current clients, and trainers. Files contained names, home addresses, email addresses, dates of birth, some Social Security numbers, social media accounts details, usernames and passwords, age ranges, genders, and citizenship status, and much more.
A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv.
The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework. The employees’ computers were used as a stepping point into their companies’ enterprise networks as part of what looks like a series of targeted drive-by attacks.