In response to reports that a new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks, a cybersecurity expert provides insight on this new phishing campaign.
ISBuzz Team
In relation to the news story that Microsoft Teams has fixed a funny Gifs cyber-attack flaw, please find below comments from experts.
Kubernetes’ popularity has skyrocketed. In 2018, Forrester declared it the victor in the “war for container orchestration dominance”. However, a 2019 Gartner report highlights both the immaturity of the container ecosystem and a general lack of operational best practice. Another issue is that Kubernetes adoption can significantly increase both internal application and associated management-related traffic. This is because it is designed to use small detached chunks of an application that communicate using a company’s internal network (including internal cloud networks). Unfortunately, logging and detecting errant traffic between containers can be complex. For example, security tools need to be able to…
A news release issued by the World Health Organization (WHO) today says this week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. WHO is now migrating affected systems to a more secure authentication system.
Nintendo confirmed that 160,000 Nintendo Accounts were breached, and a number of the impacted accounts were reported to have purchased digital items without owner consent. Hackers may have also gained access to users’ personal information, including date of birth, gender, country/region, email addresses and more.
Vice is reporting that developers have made bots and other tools that automatically hunt for available food delivery slots on Amazon and Whole Foods and grab them before others can.
It has been reported that Zoom is upgrading the encryption features on its video conferencing app to better safeguard meeting data and offer protection against tampering. The new version of the app, Zoom 5.0, will release within the week, the company said in a statement. Zoom, which has soared to 200 million daily users from 10 million in less than three months, had faced backlash from users after security researchers found bugs in its codes and the company failing to disclose that its service was not end-to-end encrypted. The app’s issues, including “Zoombombing” incidents where uninvited guests crash meetings, led to several companies, schools and…
According to researchers, since August 2019, a hacker group has been taking over ad servers and inserting malicious ads into their ad inventory that redirect users to malware download sites. The hackers are targeting ad networks running old versions of the Revive open-source ad servers.
It has been reported that millions of records belonging to users of a fitness technology app were exposed online for almost a month due to a misconfigured database, including a swathe of personal details. Approximately 40GB worth of information belonging to users of Kinomap, a service that creates immersive workout videos for people on rowing and cycling machines as well as treadmills, was discovered by security researchers in March. This enormous amount of data amounted to 42 million records and affected the platform’s entire user base, including people from a number of countries across the UK, Europe and the US. The data was…
Paay, a New York-based card payments processor, left about 2.5 million credit card transactions publicly exposed for roughly three weeks. The organization forgot to put password protection on the server, allowing anyone to access the data inside. Specifically, the housed data contains plaintext credit card numbers, expiration dates, the amount spent and partially masked copies of each credit card number – cardholder names, CVVs were not included.