Newly released research, which looks at the ethics involved in offensive security engagements, finds that security professionals, like red teamers and incident responders, are more likely to find it ethically acceptable to conduct certain kinds of hacking activities on other people than they are with having those activities run against themselves https://techcrunch.com/2020/02/02/red-team-ethical-limits/
ISBuzz Team
Freight giant Toll Group has shut down “a number” of IT systems due to a “cyber security incident”, with customers reporting shipment tracking is down and drivers are reverting to manual receipts. Toll said in a brief statement on its website late Friday last week that “as a precautionary measure, Toll has made the decision to shut down a number of systems in response to a suspected cyber security incident.” https://twitter.com/johndagge/status/1224245373658529793
French media is reporting that the Bouygues Group’s construction subsidiary has been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested, and at least 200GB of data already stolen. https://twitter.com/Bouygues_C/status/1223282448798310400
In response to reports that a new Emotet malware targets victims using spam emails that contain malicious attachments under the guise of coronavirus reports, an expert commented below.
The Japanese NEC electronics giant was the target of a cyberattack that resulted in unauthorized access to its internal network on Thursday according to information leaked to Japanese newspapers by sources close to the matter. The electronics and information technology giant is a major contractor for Japan’s defense industry, engaged in various defense equipment projects with the Japan Self-Defense Forces (JGSDF or Jieitai), including but not limited to 3D radar, broadband multipurpose radio systems and may have leaked relevant information, Bleeping Computer reported.
Two vulnerabilities found in Microsoft Azure services could have allowed cybercriminals to take over cloud services according to a new report from Checkpoint.
In response to reports from Microsoft detailing that a new TA505 phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, expert provide an analysis below.
Social Captain, the social media boosting service, which bills itself as a service to increase user’s Instagram followers, has exposed thousands of Instagram account passwords after storing them in unencrypted plain text. https://twitter.com/Protecit_online/status/1223175891167129601
It has been reported that SpiceJet, one of India’s largest privately owned airlines, has acknowledged a data breach involving the details of over a million of its passengers. The database included a rolling month’s worth of flight information and details of each commuter, they said, adding that they believe that the database was easily accessible for anyone who knew where to look. https://twitter.com/ARGS_EVA/status/1223180186298015744
A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites. The vulnerability tracked as CVE-2020-8417 and rated as high severity was patched with the release of version 2.14.0 on January 25, two days after it was discovered and reported to the plugin’s developer by Wordfence’s Threat Intelligence team. This CSRF “flaw allowed attackers to forge a request on behalf of an administrator…