It has been reported that security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities in 5G, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether. 5G is said to be more secure than its 4G predecessor, but the researchers’ findings confirm that weaknesses undermine the newer security and privacy protections in 5G. Worse, the researchers said some of the new attacks also could be exploited on existing 4G networks.
ISBuzz Team
Krebs is reporting that Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired. https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ Experts have commented below.
Banks and financial institutions have more reason to worry about the threat of jailbroken devices attempting to access their mobile financial services, with the release of the new Checkra1n jailbreak tool this week.
Mexico’s state-owned oil company, Pemex, has suffered a ransomware attack that demanded $4.9 million. According to Bloomberg, the attack is disrupting the company’s billing systems; Pemex is relying on manual billing that could affect payment of personnel and suppliers and hinder supply chain operations. Invoices for fuel to be delivered from Pemex’s storage terminals to gasoline stations were being done manually on Tuesday. https://twitter.com/Reuters/status/1194505300885299200
Just one month before the UK’s general election, Labour has revealed it has been hit by two large-scale cyberattacks on its digital platforms. Whilst the Labour party states its IT systems have withstood the first attack with no detected data breaches, the distributed denial of Service (DDoS) attack has left the website running at sub-optimal speed, with a second attack now plaguing its platform.
Yesterday, Twitter shared a draft of its new deepfake policy and opened it up for public input before it goes live. It says when it sees synthetic and manipulated media intentionally trying to mislead or confuse users it will notify them, warn them before they share or like Tweets containing the content and add a link in order to inform and educate. Commenting on the announcement are the following security experts:
Is your business ready for 5G security threats? That is the question that AT&T Cybersecurity answers in its latest Cybersecurity Insights Report: Security at the Speed of 5G. The extensive research makes clear that there is some anxiety about 5G across the security community. With the fifth generation of cellular network technology on the horizon, it potentially brings opportunities for businesses as well as security challenges for those not prepared. Indeed, new methods of cyber-attacks that take advantage of an expanded attack surface brought about by more connected endpoints will be spawned by 5G. Being prepared for these previously…
It has been reported that a pair of security researchers have discovered two vulnerabilities in ATMs widely used across the United States that could allow a determined criminal to steal cash and customer data. They found the flaws in machines manufactured by Nautilus Hyosung America Inc., the largest provider of ATMs in the U.S. By gaining access to the same network as the target ATM, the researchers were able to obtain full control of the machine and bypass its security measures. They also discovered master keys to the ATMs for sale on Amazon.com.
Cloud-based network security solutions are becoming increasingly prevalent, and it’s not difficult to understand why when the two worlds responsible for it are currently colliding. On one side, the ever-increasing cybersecurity discussion is forcing companies to take drastic and immediate action, often in response to a climate that may well change only months later. And in the other corner, software-as-a-service (SaaS), as a trend, continues to rise in popularity in the wake of ‘big data’. The end result and culmination is this aforementioned notion of cloud-based network security to bring businesses the requisite flexibility and scope to protect their data…
A university is investigating after mistakenly sharing the personal details of about 2,000 students in an email promoting a lecture. The email from the Creative Arts school at the University of Hertfordshire included an attachment with the recipients’ names and email addresses. The university said it had contacted the data protection watchdog, the Information Commissioner’s Office. The BBC has covered the story here: https://www.bbc.co.uk/news/uk-england-beds-bucks-herts-50333367