In one of the most complex and innovative hacking campaigns detected to date, a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites, according to ZDNet. This attack is often referred to as web skimming, where hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms. However, this campaign was more sophisticated than most, as the only thing modified on the hacked sites was the favicon – the logo image shown in…
ISBuzz Team
Israel, Singapore, India, China and the Czech Republic are amongst some of the countries already using official contact tracing apps in an attempt to halt the spread of COVID-19. This week the UK began testing of its NHS COVID-19 app which has ben in production since early March. However, much speculation surrounds the production of such an app, bringing the privacy vs protection debate to the forefront of public consciousness.
Intel created World Password Day (the first Thursday of May, which is May 7 in 2020) to address the critical need for solid passwords to protect our critical assets such as our bank accounts, our health records or maybe just our emails. We spoke with number of experts to highlight the importance of password and what are the best practices to create an effective password.
Online scams are increasingly prolific because they piggyback on human weaknesses rather than software vulnerabilities that take significant effort to exploit. Simply put, it’s easier for criminals to pull the right strings in users’ conscience than to go the tedious route of writing and deploying complex malicious code. Crooks love shortcuts and therefore it comes as no surprise that Internet hoaxes are spreading like wildfire these days. A manipulative technique known as sextortion (sex + extortion) occupies a separate niche in this ecosystem and it’s gearing up for a rise. First spotted in 2018, these hoaxes revolve around people’s natural…
The scourge of ransomware is mutating into a phenomenon with two-pronged extortion at its core. It used to rely solely on encryption making a victim’s data inaccessible, but a game-changing tweak in the “classic” attack chain took place in late 2019. A number of ransomware strains have since adopted a blackmail model that additionally involves info-stealing foul play. In addition to demanding bitcoins for decryption, the criminals now threaten to upload the victims’ files to publicly accessible resources in case of nonpayment. This article describes the ransomware families going this route of double trouble. Maze Ransomware Takes Extortion to a…
Bleeping Computer is reporting that a feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. Started in September 2019, LockBit is a relatively new Ransomware-as-a-Service (RaaS) where the developers are in charge of the payment site and development and ‘affiliates’ sign up to distribute the ransomware. As part of this setup, the LockBit developers earn a percentage of the ransom payments, typically around 25-40%, while the affiliates receive a more significant share at about 60-75%.
It has been reported that the government’s anticipated coronavirus tracing app has failed crucial security tests and is not yet safe enough to be rolled out across the UK. It is understood the system has failed all tests needed in order for it to be included in the NHS Apps Library, including cyber security, clinical safety and performance. The NHSX app is being trialed across households on the Isle of Wight this week and is due to be rolled out nationally, if successful, later this month. The app uses Bluetooth to alert a mobile user when they have spent more than 15…
It has been reported that a joint warning from UK and US agencies says government-backed hackers are attacking healthcare and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus outbreak. Britain’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had targeted pharmaceutical companies, research organizations and local governments. The NCSC and CISA did not say which countries were responsible for the attacks. But one U.S. official and one UK official said the warning was in response to intrusion attempts by suspected Chinese and Iranian…
During yesterday’s COVID-19 briefing, Foreign Minister Dominic Raab announced that the UK’s National Security Centre and the US Cyber Security and Infrastructure Security Agency have published a joint warning to organisations and the public over cyber scams.
A recent English High Court decision means that extorted cryptocurrency payments may now be recovered by obtaining an injunction. The High Court case of AA v Persons Unknown arose in the aftermath of a ransomware attack on a Canadian company’s computer system. The hackers installed malware which encrypted the system and then demanded a USD$1.2 million payment in Bitcoins for the decryption software. The company had insurance against such cyberattacks and the insurer rapidly became involved. It hired an incident response company to liaise with the hackers and a ransom payment of $950,000 was agreed. The insurer then paid the…