A recently revealed bug in Microsoft’s login systems shows how dangerous trusting known vendors can be for enterprise cybersecurity. Though many employees are wary of emails from unfamiliar sources, hackers can just as easily create fake websites or emails that imitate trusted apps or companies. Combined with single sign-ons for third party websites, victims can reveal confidential information without any idea of the danger.
ISBuzz Team
A fake Steam skin giveaway site has been created that states it gives away news skins every day, but in reality it just steals your login credentials. If a user goes to the promoted site they will be shown a pretend ‘$30,000 giveaway’ promotion that contains 26 days of free skin giveaways for Counter-Strike: Global Offensive (CSGO). This phishing landing page also has a fake running chat screen on the left hand side of the page.If a user falls for the scam and clicks the “Sign in via Steam” button, it will pretend to open the login form from Steam,…
New advancements in technology are changing the retail industry in unprecedented ways, further blending the physical and digital worlds and forever evolving customer experience. As the industry changes, so do the methods cybercriminals use to steal sensitive data from companies and consumers. Prior to 2018, cybersecurity data suggested that the most common type of incident in the retail industry was point of sale (POS) intrusion. This included the remote compromise of POS environments, as well as the corresponding malware and payment card exfiltration. Recent data, however, shows that attackers are now targeting retailers through new and improved methods, leaving retailers…
Following the news that Facebook has uncovered a new photo transfer tool, Industry leaders, explains what this means for Facebook and its 2bn users worldwide:
Researchers at Kaspersky have discovered a previously undetected encryption ransomware attack that targets network-attached storage systems. The ransomware findings were revealed in Kaspersky’s Q3 IT Threat Evolution Report.
A new vulnerability, called Strandhogg, has been found to give cyber attackers the ability to create fake login screens that can be inserted into legitimate apps to steal login details and harvest data. https://twitter.com/campuscodi/status/1201531543841333248
According to Devcon researchers, 61% of the malicious ads observed from between July 11 and November 22, 2019 were aimed at Windows users including malicious ad campaigns “designed to redirect the user to malicious sites or to trick the user into downloading a piece of malware.” The research also revealed that malvertising campaigns over the past four months have targeted ChromeOS in surprising numbers https://www.zdnet.com/article/61-of-malicious-ads-target-windows-users/
The “Stopping Grinch Bots Act,” introduced in the Senate on Friday, would ban bots on all online retail platforms. Cyber Grinches use bot technology to bypass security measures and order large batches of popular toys to then resell them at inflated prices
To anyone unfamiliar with the term, ‘sandboxing’ might sound like something that toddlers would like to do at nursery school – or maybe a specialist one-to-one combat beach sport. It’s neither, of course. Sandboxing is actually the term the network security community uses to describe the technique of isolating potentially dangerous files that may contain some kind of malware, while they are thoroughly checked over. Essentially, segmenting the threat away from other devices and files and away from causing havoc on a corporate network. Basically, if your firewall or unified threat management (UTM) device is not certain that a file…
RedSeal released a report revealing that the UK Cyber-security skills gap is ‘at breaking point’ – the story is here.