Researchers disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities. It was discovered that the flaws could be used to steal personal information (including names, emails, usernames, passwords), modify payment schemes, change grades, forge certificates or access tests in advance. These plugins LearnPress, LearnDash, and LifterLMS are together have been installed on more than 130,000 school websites as part of their learning management systems, including the University of Florida, University of Michigan and University of Washington. https://twitter.com/TasletCom/status/1256139917391884293
ISBuzz Team
A OnePlus 7 security flaw could have exposed users’ fingerprints to hackers, according to Trusted Reviews. Although the vulnerability has now been fixed, it has not yet been revealed how long it was present for, meaning that bad actors may have been able to gain access to bitmap fingerprint images. This technology has previously proven to be vulnerable, with Max Tech publishing a YouTube video on how to hack the fingerprint scanner.
A new variant of Russian malware tricks mobile users into encrypting their files, then impersonates the FBI to force ransom payments, accusing the user of downloading illegal pornographic content Malware is downloaded and installed via social media and instant messenger apps as a video player application Lucy sends ransom note under guise of FBI, stating that user’s details have been uploaded to the FBI Cyber Crime Department’s Data Center Lucy demands ransom of $500 to be paid via credit card Researchers at Check Point discovered a new variant of Android malware called Black Rose Lucy. First discovered by Check Point in September 2018, Lucy is a…
According to reports, the UK government’s Covid-19 contact-tracing app remains on schedule for launch in May despite ongoing privacy concerns and only recently passing through alpha testing, leading UK scientists told MPs.
It has been reported that, in the United States, election officials are preparing for what may the highest election turnout in modern history in the middle of a pandemic. In response, several states will be turning to a relatively new and untested form of Internet-based voting to aid the voters who may have the most trouble getting to the polls. In the latest demonstration of the technology, Delaware will allow voters with disabilities to return their ballots electronically in its primary election next month, becoming the second U.S. state to do so. The decision comes despite grave warnings from the cybersecurity community…
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on “a security vulnerability at a partner company. “Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service. Both Usenet providers have now shut down their websites to investigate the breach.
Cybersecurity experts from Lucy Security and Red Canary reacted to Microsoft’s blog post Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk.
Edtech company Chegg confirmed earlier today that it had suffered its third breach in as many years. The education tech giant, which last year acquired Thinkful for $80 million, said hackers stole 700 current and former employee records, including their names and Social Security numbers.
A Which? Money’s investigation today found a rise in social media scammers and identity theft online – and put the onus on social media platforms to stop them. This follows the Centre for the Analysis of Social Media at Demos last week advising verifying the identities of every social media user to fight trolls and fake news. Mitek, experts in identity verification, believe this approach could also stop rising social media fraud and identity theft. In the below comment Joe outlines how this might take shape, how it would impact consumers, and whether platforms or an independent body are best placed to solve the problem.
Health Secretary Matt Hancock has used emergency powers under the NHS Act of 2006 to give GCHQ special dispensation to access NHS data, according to ComputerWeekly. This access has been granted to allow GCHQ to examine and boost NHS cyber security, amongst other IT systems, in order to better protect the health service from potential cyber threats during the Covid-19 coronavirus pandemic.