ISBuzz Team

Norway, Bahrain, and Kuwait are amongst the “most dangerous” for privacy in their deployment of COVID-19 contact tracing apps, as they track their citizens’ locations on a live or near real-time basis. These apps adopt an “invasive centralised approach” and pose a “great threat to privacy”, according to an Amnesty International study. The group’s research, however, does not include countries in Asia or the US. Conducted by Amnesty’s Security Lab, the study assessed contact tracing apps from Europe, Middle East, and North Africa, and included detailed technical analyses of 11 apps in Algeria, Bahrain, France, Iceland, Israel, Kuwait, Lebanon, Norway,…

Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot (also known as Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features used to steal banking credentials and financial data, as well as to log user keystrokes, deploy backdoors, and drop additional malware on compromised machines. Among the banks whose customers have been targeted in this Qbot campaign, the researchers found JP Morgan, Citibank, Bank of America, Citizens, Capital One, Wells Fargo, and FirstMerit Ban.

Google is pushing ahead with a test to shorten URLs in Chrome’s address bar to help users avoid malicious websites.  The company is experimenting with a new feature that will clip a URL domain down to just the basic address information.

113 NHSmail mailboxes were hacked at the beginning of the month, sending malicious emails to external recipients, according to a spokesperson from NHS Digital. The NCSC has confirmed that this activity is part of a widespread credential-harvesting phishing campaign that is targeting a broad range of organisations across the UK, and are working with the NHS to mitigate against cyber-attacks. There is currently no evidence to suggest that patient records were accessed, but with the NHS managing a huge range of sensitive information, the implications of this attack could be incredibly serious.

Hacker groups that engage in web skimming (also known as Magecart) attacks have breached the web stores of two of the world’s biggest retail chains — accessories store Claire’s and sporting goods retailer Intersport. According to reports published today by security firms Sanguine Security and ESET, hackers breached the two companies’ websites and hid malicious code that would record payment card details entered in checkout forms.

In response to news that South African bank Postbank was forced to replace 12-million bank cards after employees stole the ‘master key’ and more than $3 million, cybersecurity experts commented below.

HackerOne Pentest enables organisations to accelerate digital transformation while meeting compliance requirements LONDON, 15 JUNE 2020 — HackerOne, the number one hacker-powered security platform, today announced the expansion of its penetration testing solution in Europe. This latest product from HackerOne compliments its existing offerings dedicated to helping organisations find and fix vulnerabilities before they can be exploited. HackerOne Pentest enables customers to meet compliance standards and requirements easier and faster with hacker-powered security. In a recent report, McKinsey Insights predicts the COVID-19 pandemic will accelerate businesses’ digital transformation, putting pressure on organisations to deliver digital products and services faster while expecting security…

It has been reported that the US Congress wants to know which foreign governments are using commercially available spyware. According to the bill’s draft, the Director of National Intelligence will have to submit a report to Congress on the status of surveillance tools, the companies that make these, and which foreign governments have adopted the technology.

The European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network. Detected on June 7, the incident is the work of EKANS (SNAKE) ransomware operators, the group that also targeted Honda earlier this week. https://twitter.com/InfoSecHotSpot/status/1271471990164029442

TAIT, one of the world’s leading live event solutions providers, disclosed a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees. The TAIT group of companies (Brilliant, Kinesys, Production Glue, Stage Technologies, TAIT UK, and TAIT Navigator) employs over 900 people in 14 office locations around the world and has been a provider of live experience solutions in over 30 countries, on all seven continents. TAIT “worked on 17 of the top 20 highest-grossing concert tours of all time” [1] and its client roster…