“Shark Tank” star Barbara Corcoran recently admitted to losing nearly $400,000 due to a convincing email phishing scam. A cybercriminal pretending to be Corcoran’s assistant emailed a fake invoice for a real estate renovation to Corcoran’s bookkeeper. The scam was found out only after the money was wired and the bookkeeper sent a message to the real email address of Corcoran’s assistant to let her know that the payment was made.
ISBuzz Team
According to an annual report on the state of ethical hacking published by HackerOne, the money earned in bounties this year was nearly equal to the entire amount awarded in all prior years combined. Since launching in 2012, companies have paid the platform’s ethical hackers a grand total of $82 million, in return for their successful detection of over 150,000 vulnerabilities. High-profile organizations – which, according to the report, include General Motors, Google, Goldman Sachs, Toyota and IBM – are invested in employing HackerOne’s security researchers to dig out the vulnerabilities in their products and services before malicious hackers do.
Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on. What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on, BleepingComputer reported.
Google has announced that it recently added deep learning capabilities to its malware scanner for Gmail, as part of an effort to detect and block malicious attachments. The search giant’s existing document scanner handles more than 300 billion attachments every week to block malicious content. Google notes that 63% of the malicious documents it blocks take different forms on a daily basis. To help address this increasingly evolving threat landscape, the deep learning-based document scanner will work to bolster Gmail’s detection capabilities.
A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, according to The Register. The leak, which came from an unsecured S3 bucket, also revealed detailed care plans and precisely how much councils paid for individual patients’ care. Rotherwood Care Group, trading as Rotherwood Healthcare, were also caught out by their website privacy policy, which consisted solely of lorem ipsum placeholder text.
In response to recent reports a vulnerability in some popular WiFi chips can be leveraged to partially decrypt user communication and expose data in wireless network packets, cybersecurity experts offer perspective.
In response to the Krebs on Security report indicating that Zyxel 0day affects firewall products, experts offer perspective.
Facial-recognition company Clearview AI which contracts with powerful law-enforcement agencies has reported that an intruder stole its entire client list, according to a notification it sent to its customers. In the notification Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.” The company also said it fixed the vulnerability and that the intruder did…
Google has warned people not to bypass the ban on Google apps that affects newer Huawei phones. Manually installing app files found online is highly risky, as the files can be compromised.
As reported by BBC News, the Financial Conduct Authority (FCA) has admitted that it inadvertently published online the personal data of people who made complaints against it. The UK’s City watchdog said the names of the complainants, along with some addresses and telephone numbers, were accessible. It will contact the most affected people to apologise and offer advice on next steps, it said. The watchdog added it had referred itself to UK privacy authorities. The personal information was published in November in response to a Freedom of Information request as part of a spreadsheet. The watchdog discovered the incident in early…