Microsoft’s security team has issued an advisory today warning organizations around the globe to deploy protections against a new strain of ransomware that has been in the wild over the past two months. Infections have been reported in India, Iran and the United States. The intrusion point is usually an account on a company’s systems management server, which the PonyFinal gang breaches using brute-force attacks that guess weak passwords. Once inside, Microsoft says the PonyFinal gang deploys a Visual Basic script that runs a PowerShell reverse shell to dump and steal local data. In addition, the ransomware operators also deploy “a…
ISBuzz Team
Following the release of the Public Health England privacy notice stating that PII collected by the new NHS Test and Trace initiative will be kept for 20 years.
The Japanese telecommunications leader NTT disclosed today a security breach in which hackers gained access to their internal network and stole customer data.
As reported by TechRadar, Germany’s federal cybersecurity agency has issued a warning urging all iOS users to install Apple’s latest security updates which patch two zero-click security vulnerabilities that impact the company’s default email app. The vulnerabilities were first discovered by the US-based security firm ZecOps which found that they were being actively exploited in attacks targeting iOS users since at least January of 2018. Apple has acknowledged the security flaws though the company says it has found “no evidence they were used against customers”.
Modern-day businesses are becoming victims of ‘digital tartar’ – the accumulation of sensitive data in the nooks and crannies of file shares – which clogs up systems and leads to the increased risk of operational inefficiencies, added expenses and damage to brand reputation. In most cases, bad data hygiene is to blame. It’s predicted that in 2020, about 1.7 megabytes[1] of new information will be created every second for every human being on the planet. However, less than 0.5%[2] of all data is ever analysed and used, thereby significantly increasing the risk of digital tartar. The business consequences of excessive data build-up Bad digital…
The coronavirus pandemic has unexpectedly affected all aspects of life, including businesses, schools, events, and even social factors. In line with government directives for less travel, social distancing, and stay at home, companies have encouraged their workers to telework to reduce the spread of COVID-19. Compellingly, governments will reorder budgeting to fund the healthcare sector adequately. In effect, the unforeseen measures will have implications on CMMC implementation efforts. What is CMMC CMMC is a combination of an array of cybersecurity standards and best practices mapped across multiple maturity levels ranging from cyber hygiene to advanced. In this case, each CMMC…
When the storm over a cybersecurity event settles, it’s easy to look back on a seemingly obvious technical deficiency like an unsecured elastic search server or missing patch and point fingers. Most of the time, security leaders will voluntarily or involuntarily take the fall, and soon thereafter the organization will start a fresh security journey, with a newly installed security leader and blank check to “get it right” this time. It’s sad to see these technical post-ops continue to be the norm, when evolving to a business and risk approach to cybersecurity can produce a much better outcome, even if…
Android smartphone devices produced by the world’s most prominent manufacturers, including Huawei, Samsung and Xiaomi, are being openly shipped and sold with radically different levels of on-board security in different countries, according to researchers at Finland’s F-Secure.
As reported by TechRadar, Samsung has developed a new secure element (SE) chip and enhanced security software to better protect sensitive data on mobile devices. The new chip, dubbed S3FV9RR, offers protection for booting, isolated storage, mobile payments and other applications. It has also received a Common Criteria Evaluation Assurance Level (CC EAL) of 6+ and this is the highest level ever acquired by a mobile component from Common Criteria which certifies the security level of IT products from EAL0 to EAL7.
According to a new report, a lack of clarity from the government is leaving people worried that the NHSX Covid-19 contact-tracing app will expose them to a heightened risk of cyber-attack, and that the app will be used to track their location and collect data on them. The report revealed that 43% of respondents were concerned that the app would give cybercriminals an opportunity to run manipulative phishing campaigns that was too good to pass up, while a further 33% of respondents feared the government might use the app to track their whereabouts, and slightly more than that – 36% – were worried that…