Computer hackers have attacked Italy’s social security website, forcing it to shut down on Wednesday just as people were starting to apply for coronavirus benefits, the head of the welfare agency said.
ISBuzz Team
In response to a Reuters report that discusses hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, an expert from KnowBe4 offers perspective.
Threatpost is reporting 44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig due to unsecured AWS S3 buckets. Key Ring allows users to upload scans and photos of membership and loyalty cards onto a digital folder on one’s phone; however, many users also use it to store copies of IDs, driver licenses, credit cards, and more.
The FBI has just issued a warning about the growing threat of hackers targeting remote education platforms as schools and universities are forced online by COVID-19. Malicious actors are now escalating the intensity of their attacks, posting student information online to help identify targets.
COVID-19 has driven the global workforce to examine some of the longest-held aspects of workplace culture – working in a physical office. Recently, many businesses have been encouraging employees to work from home to safeguard business continuity. As such, businesses are relying on video conferencing tools more than ever. However as use of and reliance upon these tools has surged, the issue of whether we can we trust them, and if they are really secure, remains. Recent reports have shown a series of “Zoombombing” incidents, in which unwanted guests have joined in on open calls – often with ill intent.
With no vaccine yet developed, and with much of the world undergoing intense social distancing measures and near-total lockdown procedures, threat actors are flooding cyberspace with emailed promises of health tips, protective diets, and, most dangerously, cures. Attached to threat actors’ emails are a variety of fraudulent e-books, informational packets, and missed invoices that hide a series of keyloggers, ransomware, and data stealers. The problem expands beyond pure phishing scams. On March 14, Twitter user @dustyfresh published a web tracker that found 3,600 coronavirus- and COVID-19-related hostnames that sprung up in just 24 hours. On March 17, security researcher and python developer @sshell_ built a tool, hosted…
The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link. When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface. When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser, Bleeping Computer reported.
A company claiming to provide “the world’s most secure online backup” leaked metadata and customer information in over 135 million records after misconfiguring an online database, Infosecurity has learned. The trove included PII such as names, emails, phone numbers, business details (for corporate customers) and account usernames. The team at vpnMentor discovered the privacy snafu as part of its ongoing web mapping project that has already uncovered major cloud data leaks at brands including Decathlon, PhotoSquared and Yves Rocher. “The exposed database contained over 135 million records, totalling almost 70GB of metadata related to user accounts on SOS Online Backup.…
As reported by Computer Weekly, Supermarket chain Morrisons has succeeded in its appeal to the Supreme Court against judgments that held it liable for an insider data breach caused by a disgruntled employee. The breach occurred in 2014 when payroll data on thousands of Morrisons employees was leaked on a file-sharing website by Andrew Skelton, a member of its internal audit team. A number of the affected employees subsequently brought proceedings against Morrisons personally and on the basis of what is termed vicarious liability for the acts of the employee.
The FCA has today announced that it will relax rules around the use of selfies for identification purposes of customers. This is something of a shift for the FCA, and poses some challenges for FS organisations in ensuring that they correctly verify someone’s identity.