It has just been revealed that South Korea’s largest Cryptocurrency Exchange, Upbit, has been hacked. Approximately $50 million equivalent of ETH was stolen from the exchange.
ISBuzz Team
MSPs and their supply chains will be the targeted more heavily by cyberattacks in 2020 according to Trend Micro’s new report – The New Norm.* By hitting MSPs and other third party vendors, cybercriminals will increase their ability to steal sensitive data, credentials and more.
Phishing has emerged as one of the most dangerous types of security threats for businesses, with phishing attacks growing in the second quarter of this year, especially against software-as-a-service and webmail services. That’s according to a recent report by the Anti-Phishing Working Group (APWG), a nonprofit industry association that fights phishing, crimeware and e-mail spoofing. The APWG defines phishing as “a criminal mechanism employing both social engineering and technical subterfuge” to steal data on personal identities or financial credentials. The APWG tracks the number of unique phishing Web sites as a primary measure of phishing volumes across the globe. A…
With Black Friday fast approaching, retailers need to take the right steps to ensure their websites are safeguarded from potential attacks to customer data. Security expert comments are below on the three tools every retailer should invest in before Black Friday to ensure they and their customers are safe from cybercrime.
It has been reported by the HIPPA Journal that more than 38 million healthcare records were exposed in breaches throughout 2019. October in particular was the month with the highest number of data breaches being formally reported by the healthcare sector. 28 of the incidents were caused by unauthorized access or disclosure, while 18 of them originated from hacking or IT incidents. This shows that the healthcare industry is still a target that is both appealing and easy to attack. https://twitter.com/BleepinComputer/status/1199243935723524096 Commenting on the story are the following cybersecurity professionals:
News has broken that 1.2 billion records were found online on an exposed, unsecure single server. While it doesn’t include sensitive information such as passwords, credit card numbers, and Social Security numbers, it does contain profiles of hundreds of millions of people. This includes home and cell phone numbers associated social media profiles like Facebook, Twitter, LinkedIn and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses. https://twitter.com/WIRED/status/1197887700495470592
An attack ad on Google run by the Conservatives broke Google rules because of an error by Google. The ad was shown as the top result on a Google search for “Labour” as the Labour Party launched its manifesto. It initially appeared without a disclaimer, in breach of Google’s terms and conditions which state that “all election ads in the EU… show a disclosure that identifies who paid for the ad”.
The CISA and the DHS’s main cyber division announced the launch of Arlo, a new tool to help election and government officials audit voting machines to determine they’ve been tampered with, and it has already been distributed in six states.
A new keylogger called Phoenix that started selling on hacking forums over the summer has now been linked to more than 10,000 infections, researchers from Cybereason said today in a report. Released in July on HackForums, the Phoenix Keylogger is a new threat that has slowly gained a following on the malware scene.New malware distribution campaigns are being spotted every few weeks, according to threat intelligence shared on Twitter. https://twitter.com/whizsec/status/1197079993295110146
It has been reported that two critical security vulnerabilities in Oracle’s E-Business Suite (EBS) could allow potential attackers to take full control over a company’s entire enterprise resource planning (ERP) solution. The Oracle EBS improper access control flaws come with CVSS scores of 9.9 out of 10. If successfully exploited in an attack, the two security flaws enable threat actors to avoid detection while printing bank checks and making electronic fund transfers. At the moment, Onapsis’ research team estimates that approximately 50% of all Oracle EBS customers have not yet deployed the patches. https://twitter.com/TasletCom/status/1197376562376527872