In recent news, Twitter’s former Security Chief accused the company of ‘misleading’ public on security practices.
ISBuzz Team
This week A-Level students received their results, with many of them now working out next steps. In the UK, top grades for A-level results have fallen since last year, with 36.4% of all grades marked at A* or A, to try and tackle rising grade inflation over the last two years. A near-record high number of students have been offered a university or college place too, and the first T-level grades were revealed for those taking new technical qualifications, with an overall pass rate of 92%. But are school leavers fully prepared for the worlds of higher education and work…
Following the news that: Hackers Steal Session Cookies to Bypass Multi-factor Authentication
Onfido survey finds that portrayals of fraud in popular culture are influencing views on criminal activity The leading global digital identity verification and authentication provider, today announces the results of a study exploring the impact of popular true-crime documentaries on UK consumers’ trust and behaviour with people online, and with digital businesses and services. Identity fraud has found a prominent place in popular culture with true-crime documentaries such as The Tinder Swindler, and dramatisations such as Inventing Anna, but while this makes viewers more aware of fraud, the audience’s reactions vary. Onfido surveyed 1000 UK consumers to understand how documentaries…
Following the news that: Here’s how attackers are circumventing Microsoft’s multi-factor authentication Here’s how attackers are circumventing Microsoft’s multi-factor authentication – OnMSFT.com
It has been reported that cyber-criminals are increasingly hijacking home IP addresses to hide credential stuffing activity and increase their chances of success, the FBI has warned. Credential stuffing is a popular method of account takeover whereby attackers use large lists of breached username/password ‘combos’ and try them across numerous sites and apps simultaneously to see if they work. As many individuals reuse their credentials, they often do. The full story can be found here: https://www.infosecurity-magazine.com/news/fbi-beware-residential-ips/
Security researchers at CYFIRMA have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that’s easily exploitable via specially crafted messages sent to the vulnerable web server. According to their whitepaper on the subject, tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update. CYFIRMA researchers have observed … multiple instances of hackers looking to collaborate on exploiting Hikvision cameras using the command injection vulnerability (CVE-2021-36260) Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale. 80,000+ devices vulnerable100 Nations impacted450+…
A recent Microsoft report lays out how the proliferation of ransomware as a service (RaaS) is fast becoming a dominant business model, enabling most anyone, regardless of their technical expertise, to deploy ransomware. Exceprts: RaaS (Ransomware as a Service) lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs have 50+ “affiliates,” as they refer to the users of their service, with varying tools, tradecraft, and objectives. RaaS kits are easy to find on the dark web and are advertised in the same way goods are advertised across the internet. A RaaS kit…
In response to reports that the Center Hospitalier Sud Francilien, a 1000-bed hospital located outside of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center sending patients to other establishments and postponing appointments for surgeries, cybersecurity experts offer the following comments.