The Infocomm Media Development Authority (IMDA) have announced their plans to introduce requirements that provide a safer experience for users of IoT devices in their homes. The new rules proposed state that home routers need to meet requirements that include stronger password administration in order to prevent hackers stealing personal information. The IMDA and the new Cyber security labelling scheme proposed by the Cybersecurity Agency of Singapore (CSA) claim that these new rules protect users from the increased use of IoT devices and creates awareness around security.
ISBuzz Team
On March 4, researchers discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites, including one that allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, to export a list of all newsletter subscribers, export system configuration information, and grant themselves access to various features of the plugin.
New Government report, released today, on cyber security skills in the UK labour force. Some of the headline statistics include: Approx. 653,000 businesses (48%) have a basic skills gap. That is, the people in charge of cyber security in those businesses lack the confidence to carry out the kinds of basic tasks laid out in the government-endorsed Cyber Essentials scheme, such as setting up configured firewalls, storing or transferring personal data, and detecting and removing malware It is not common for businesses overall to invest in training for staff in cyber roles (24% have done so) Around 7 in 10 cyber…
Cheney Bros, Inc., the 10th largest food distributor in the U.S., had one of its sites hacked and retrofitted with code that steals credit card and login data leveraging a new domain that easily hides in a hacked site’s source code.
The US is at risk of a “catastrophic cyber attack” and the government needs to adopt sweeping structural changes to address cybersecurity challenges, according to a report from the US Cyberspace Solarium Commission following a year-long investigation. https://twitter.com/CyberSolarium/status/1237801537566658561
As reported by Forbes, TikTok is amongst around 50 iOS apps which have been discovered by researchers to be reading the content of users’ clipboards. The researchers explored popular iOS and iPadOS apps investigating whether they access the clipboard and get information from it and found that many popular apps do this very frequently. The logs clearly indicate that TikTok is reading the content of the clipboard whenever it is opened. There is no claim that TikTok is doing anything with that user data, but it is being read and it’s not obvious why.
A government report has shown that half of UK businesses suffer from a basic cybersecurity skills gap. Setting up configured firewalls, storing or transferring personal data, and detecting and removing malware, are among the most common skills lacking in approximately 653,000 businesses. Additionally, 64% of cybersecurity firms have faced problems with a technical skills gap, either among existing staff or among job applicants for vacant positions.
Researchers at Comparitech have uncovered a leak stemming from third-party apps used by Amazon UK, Ebay and Shopify, exposing 8 million sales records containing customers’ personal data. Exposed data includes customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers. Leaked Personally Identifiable Information (PII) opens customers up to the very real possibility of phishing attacks. Whilst SonicWall’s 2020 Threat Report noted that phishing attacks were down 42% last year, this is because they are becoming more targeted and malicious, leveraging much-trusted PDFs and Microsoft Office as the delivery vehicle of choice.
Self-quarantined employees are forcing organizations to allow access to critical data remotely. Coronavirus is presenting organizations with a unique opportunity to adopt modern security protocols and enable an efficient remote workforce. Fear of Coronavirus infections has resulted in organizations ruling out large meetings. Healthy individuals are in home-quarantine for weeks at a time, even though they are not necessarily thought to carry the virus. This large number of individuals complying with house arrest is putting a strain on many organizations that have not shifted their working styles to accommodate large-scale remote workers. Sales forces are accustomed to working “from the…
As reported by TechRadar, an investigation by The Washington Post has revealed that Whisper (a social media platform that’s core focus is to allow its users to anonymously share secrets ) left the information of nearly 900 million users exposed to anyone that wanted to view it, located in a database that wasn’t password protected and was accessible by the public. The database contained a variety of compromising user details that are tied to each ‘whisper’ (the platform’s name for a post), including sexual orientation, gender, age, ethnicity, nickname, place of work and the location data for the user’s last post.