Following the news around the UK government considering plans to use the NHS contact-tracing app to boost social distancing, CTO leading data privacy experts company offers the following comment.
ISBuzz Team
Attackers are taking advantage of the increased popularity of the Zoom video conferencing service to distribute installers that are bundled with malware and adware applications. Today, TrendMicro reports that they have found a Zoom Installer being distributed that will also install a cryptocurrency miner on the victim’s computer.
It has been announced that the Italian email provider Email.it and now the data of more than 600,000 users is being sold on the dark web.
The Key Ring app data leak has exposed 44 million images uploaded by users – compromising data including government IDs, NRA membership cards, medical marijuana ID cards, credit cards with all the details. https://twitter.com/Adam_K_Levin/status/1246273576816140288
As reported by Forbes, ethical hacker Ryan Pickren has found seven zero-day vulnerabilities that enabled him to construct a kill chain, using just three of them, to hijack the iPhone camera successfully, or any iOS or macOS camera for that matter. During December 2019, Pickren opted to delve into Apple Safari for iOS and macOS, to “hammer the browser with obscure corner cases” until weird behavior was uncovered. Pickren focused on the camera security model, and found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the…
Microsoft says that an Emotet infection was able to take down an organisation’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment. “After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s core services,” DART said.
Following on from the FBI warning about using the American remote conferencing services company Zoom, due to the rise in “Zoombombing”, please see below for comments from cybersecurity expert on what the real risk of using Zoom and how to mitigate these risks.
Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Qihoo said it discovered more than 200 VPN servers that have been hacked in this campaign. https://twitter.com/RigneySec/status/1247106035308888064
What lessons can be learned from reviewing how we manage cybersecurity and applying it to an anti-Coronavirus campaign? In recent years, some in the cyber world recognize that there is a lot to learn from the biological world when protecting systems against viruses. Now, the Corona epidemic presents an opportunity for the medical world to learn something from the cyber world. To analyze the strategies selected by various countries, let’s review it through the lens of cyber strategies. Let’s begin by recognizing that cybersecurity is built in layers. There is no one magic solution or layer which will prevent all…
It has been reported that online threats have risen by as much as six-times their usual levels over the past four weeks as the COVID-19 pandemic provides new ballast for cyber-attacks, according to security researchers.