While organisations have endeavoured to adapt to the huge changes brought on by the coronavirus pandemic, there has been an increase in cyber attackers looking to exploit the situation for their own gain. These were the findings of a recent Mimecast report, which found that email-borne impersonation fraud attacks increased by 30 per cent in the first 100 days of the COVID-19 pandemic. Also known as ‘phishing’, this method involves infiltrating systems by replicating known authentication processes and tricking users into handing over their log in credentials. It is often conducted on a large scale, with attackers choosing targets indiscriminately.…
ISBuzz Team
It has been reported that researchers from the Norwegian University of Science and Technology (NTNU) put 2,500 Docker images from Docker Hub to the test. In a research paper, the computer security researchers describe how they used the open-source Anchore Engine security scanner and their own scripts to analyse a sample set of 2,500 Docker images. They found about 17.8 per cent (430) of the Docker images contained no known vulnerabilities, or 21.6 per cent (533) if you ignore negligible vulnerabilities.
Credential stuffing sounds simple: attackers test stolen usernames and passwords across sites to see what works. After the hype and complexity of vulnerabilities like Heartbleed and Spectre, password reuse seems easy to dismiss. This has caused credential stuffing to become the most underrated attack of the 2010s and it hints at the future of application level attacks. This class of attacks remained largely unchanged for years. There was no reason to change, they weren’t blocked. As adversity increased, attackers started to iterate faster, now bypassing defenses in a matter of months or even weeks. Dozens of companies, large and small,…
It has been reported that Israeli security firm JSOF revealed today a collection of vulnerabilities it’s calling Ripple20, a total of 19 hackable bugs it has identified in code sold by a little known Ohio-based software company called Treck, a provider of software used in internet-of-things devices. JSOF’s researchers found that one bug-ridden part of Treck’s code, built to handle the ubiquitous TCP-IP protocol that connects devices to networks and the internet, in the devices of more than 10 different manufacturers—from HP and Intel to Rockwell Automation, Caterpillar, and Schneider Electric—and likely dozens more, JSOF believes. The result, the researchers say, is the better…
Data security is now more vital than ever. Today’s cybersecurity threats are incredibly smart and sophisticated. Security experts face a daily battle to identify and assess new risks, identify possible mitigation measures and decide what to do about the residual risk. This next generation of cybersecurity threats require agile and intelligent programs that can rapidly adapt to new and unforeseen attacks. AI and machine learning’s ability to meet this challenge is recognised by cybersecurity experts, the majority of whom believe it is fundamental to the future of cybersecurity. Paul Vidic, Director, Certes Networks, outlines how AI and machine learning will…
Security researchers at Noam Rotem and Ran Locar have found 845 gigabytes of exposed data from dating apps online. The data is of users from a number of dating sites and contained particularly sensitive material including sexually explicit photos and audio recordings.
A new hack allowed researchers to discern sound — including “Let it Be” by the Beatles, and audio from a Donald Trump speech — from lightbulb vibrations. Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are caused by nearby sounds. All an attacker would need is a laptop, as well as a telescope and an electro-optical sensor (altogether costing less than $1,000). They…
Cycling retail giant Wiggle (revenue over £400m) has made a statement on Twitter after it received hundreds of complaints from customers about fraudulent purchases made on their account. The retailer has been forced to make a statement on Twitter to its customers. https://twitter.com/Wiggle_Sport/status/1272913096294772738
Bottomline 2020 Business Payments Barometer reveals: Only 1 in 10 small businesses report recovering more than 50% of losses due to fraud Despite an increase in new payments initiatives and regulations, just 59% of businesses feel prepared for Open Banking – down 8% from 2019 Accelerating digitisation is crucial to navigate challenges posed by COVID-19 pandemic Bottomline (NASDAQ:EPAY), a leading provider of financial technology that makes business payments simple, smart and secure, revealed today that 58% of financial decision makers in businesses surveyed across Great Britain view financial loss due to payment fraud as ‘part and parcel of running their…
It has been reported that thousands of T-Mobile, Metro by T-Mobile, AT&T, Verizon, and Sprint customers all reported outages in areas including Florida, Georgia, New York, and California on Monday afternoon. While some have speculated this could be the “largest DDoS attack in history”, others are not so sure it was a cybersecurity issue.