An unsecured database has led to the exposure of customer data at Rogers Communications, a Canadian ISP.
ISBuzz Team
Brian Krebs is reporting that a security breach has disrupted operations at London-based fintech firm Finastra, which provides services to most of the world’s top 50 banks. Finastra has over 9,000 customers across 130 countries; sources at two different U.S. financial institutions forwarded a notice they received from Finastra saying the outage was expected to disrupt certain services, particularly for clients in North America. https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/ https://www.finastra.com/statement-coo-finastra
In response to today’s findings from Krebs on Security of a new strain of Mirai targeting IoT devices for exploitation in attacks and for use as proxies, an expert offers perspective.
Senators Mark Warner and Richard Blumenthal have formerly complained to the FTC that Google is adding to the shortage of medical masks by not taking down advertisements that show up next to Coronavirus stories. These are ads that Google had promised to take down.
In response to the Bleeping Computer report that explains some ransomware operators have agreed to no longer target health and medical organizations during the pandemic, experts from cybersecurity firms Cerberus Sentinel and KnowBe4 offer perspective.
Cybercriminals are exploiting anxiety and uncertainty by luring the public into malware and ransomware traps. These “Scareware” attacks will escalate as online searches increase and people work from home, moving outside of the in-built security that corporate networks offer. Hackers are targeting people’s need for help and advice, deploying a malware strain known as Azorult.RK which poses as an app overing diagnosis support. Made up of 12 layers of malware, this malware strain was discovered by the SonicWall Capture Labs Threat Research Team on March 16th.
With the spread of the Coronavirus and people working from home, there has been a 53% spike in Virtual Private Network (VPN) usage in the US and a significant increase from around the world according to Atlas VPN.
According to ITProPortal, the UK’s Student Loans Company (SCL) was hit by more than 5,000,000 email attacks last year, new figures from Griffin Law suggest. Data obtained via a Freedom of Information (FOI) Act request suggests the organisation encountered 10,125 malware attacks and 19,188 phishing attacks – the remaining 5,415,960 were spam. The SCL says it managed to successfully defend itself from all the attacks.
It has been reported that researchers at the University of York have shown that some commercial password managers (depending on the version) may not be a watertight way to ensure cybersecurity. After creating a malicious app to impersonate a legitimate Google app, they were able to fool two out of five of the password managers they tested into giving away a password. The research team found that some of the password managers used weak criteria for identifying an app and which username and password to suggest for autofill. This weakness allowed the researchers to impersonate a legitimate app simply by creating a rogue app with an identical…