Security researchers have discovered a new set of “fleeceware” apps that appear to have been downloaded and installed by more than 600 million Android users. A new set of 25 Android apps were caught illegally charging users at the end of a trial period, due to them being able to abuse the ability for Android apps to run trial periods before a payment is charged to the user’s account. https://twitter.com/Panda_Lv0/status/1218111252674830336
ISBuzz Team
Researchers at cybersecurity firm Proofpoint have observed that the prolific botnet Emotet has returned to the email threat landscape after a hiatus at the end of 2019. The Trojan-turned-botnet is being distributed by threat group TA542, using attachments and malicious links containing the botnet payload. So far in 2020, Proofpoint has observed Emotet targeting pharmaceutical companies in the US, Mexico, Germany, Japan and Australia amongst other regions and sectors.
An alternative to costly commercial bug bounties, there is record growth in Open Bug Bounty program. We contacted the security expert to provide his comments on the growth of this open bug bounty program. From their site: “With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless and steady growth in 2019 attained with your valuable support and contribution that we greatly appreciate: 203,449 security vulnerabilities were reported in total (500 per day), representing a 32% yearly growth 101,931 vulnerabilities were fixed by website owners, likewise showing a 30% growth compared to the previous year 5,832 new security researchers joined…
The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from data breaches and allowed users to pay to access it. To access this data, visitors could subscribe to various plans ranging from a $2 trial to a $70 three-month unlimited access account. These plans would then allow a user to perform searches that retrieve information exposed in these data breaches. https://twitter.com/notdan/status/1217824340076630018
From tech giants and gamers to politicians and retailers, nobody is safe from today’s mutating threat landscape. 2019 was another frenzied maelstrom of cyberattacks, mitigations, pre-emptions and preventions, with the old (phishing and DDoS et al) rubbing havoc-wreaking shoulders with the new (new vistas in cyberwars, automation and AI). As ever, continuous pressure also begets continuous innovation, and new levels of risk are also driving operational, philosophical and digital transformations across EMEA. Here are three key cybersecurity trends we expect to drive both challenges and opportunities in 2020. Application Fog Lheadlights: On Most organisations still can’t tell you what’s going…
P&N Bank in West Australia (WA) is informing its customers that hackers may have accessed personal information stored on its systems following a cyber attack. The financial organisation says in the breach notification sent to customers that the compromised system contained the following information: names, addresses, emails, age, customer and account numbers, as well as the account balance. All this counts as personally identifiable information that is protected under the Privacy Act in Australia. As many as 100,000 individuals may be impacted by the incident, which was labelled as “sophisticated” by Andrew Hadley, the bank’s chief executive officer. The attack did not…
As reported by Digital Trends, Google has today announced that iPhones can now function as physical two-factor security keys for logging into the company’s own services like Gmail in Chrome. This authentication method, Google claims, is a lot more secure than ordinary two-factor prompts, as it requires the iPhone to be physically in the computer’s proximity.
Yesterday saw the release of the 15th edition of the World Economic Forum’s Global Risks Report. According to the report, both sets of respondents to the Global Risks Perception Survey—the multi-stakeholder community and the Global Shapers—identify cyber-related issues, such as cyberattacks on critical infrastructure and data fraud or theft, within the list of top 10 short and long-term risks.
It has been reported that an unsecured database on Amazon has been discovered, exposing sensitive information and passport scans on thousands of employees. The information, including thousands of passport scans, tax documents, background checks, job applications, expense forms, scanned contracts, emails, and salary details, was stored on an Amazon Web Services (AWS) S3 bucket. The unencrypted database was exposed for an unknown amount of time impacting consultancy firms such as Garraway Consultants, Dynamic Partners, IQ Consulting, Eximius Consultants Limited, Winchester Ltd, Partners Associates Ltd, and others. While many of these firms are no longer in business, the exposed PII still…
Russian military hackers have been boring into the Ukrainian gas company, Burisma, at the centre of the Trump impeachment affair, according to security experts. The hacking attempts against Burisma, on whose board Hunter Biden (Joe Biden’s son) served, began in early November, as talk of the Bidens, Ukraine and impeachment was dominating the news in the United States. It is not yet clear what the hackers found, or precisely what they were searching for. But the experts say the timing and scale of the attacks suggest that the Russians could be searching for potentially embarrassing material on the Bidens — the…