63 percent of British workers do not realize that unauthorized access to an email account without the owner’s permission is a criminal offense, according to a new study from Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises. This news comes just a few months prior to the 30-year anniversary of the Computer Misuse Act – a piece of law that deals with the crime of accessing or modifying data stored on a computer without authorization to do so. As it stands, the lowest level of penalty, if you are found guilty of gaining access to a…
ISBuzz Team
Russia has put in place its “sovereign internet” law, giving its officials wide-ranging powers to restrict traffic on the Russian web. If successful, this could have significant implications on Russian citizens and businesses as well as the cybersecurity landscape and the ability for other nation states to launch counter-cyber attacks against Russia as part of their defence strategy.
Google’s Chrome product manager recorrected “misinformation” and promised it won’t “force users to change their DNS provider” in upcoming builds of the browser. Yet, Chrome is still “optimistic about the opportunities DoH offers for improving user privacy and security”.
McAfee researchers today reported that an uptick in phishing scams using audio voicemail messages have been spotted targeting Microsoft Office 365. These partial audio voicemail messages convince targets to login to hear the full recording. .com/news/security/new-office-365-phishing-scams-using-audio-voicemail-recordings/
Over the past six months, the xHelper Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove. First spotted back in March but slowly expanded to infect more than 32,000 devices by August, eventually reaching a total of 45,000 infections this month. The malware is on a clear upward trajectory. Symantec says the xHelper crew is making on average 131 new victims per day and around 2,400 new victims per month.
Security researchers became aware of a new variant of Adwind jRAT, a remote access Trojan that uses Java to take control and collect data from a user’s machine–namely login credentials. Malware that takes advantage of common Java functionality is notoriously difficult to detect or detonate in a sandbox for the simple fact that Java is so common on the web. In fact, any effort to block or limit Java would result in much of the internet breaking down–a non starter for users who increasingly rely on rich web apps or SaaS platforms for their day-to-day responsibilities. https://twitter.com/virusbtn/status/1189629301026672641
It has been reported that developer and digital explorer Jane Manchun Wong has discovered an unnerving “feature” in Facebook’s giant’s smart display. Wong has successfully added another user’s photo album to her own Portal’s Superframe. The problem is Facebook states that a person can only add photo albums to Portal’s screensaver that are part of their Facebook account. Wong reported this to Facebook, but she says the company doesn’t “think this is a security vulnerability.”
It has been reported the network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit. https://twitter.com/NarangVipin/status/1189159651771912192
In response to the recent Counter-Strike: Global Offensive news, please find below expert commentary on security risk for gaming industry.
According to a recent report by ImmuniWeb, more than 21 million login credentials stolen from Fortune 500 companies have been found in various places on the dark web, many of them already cracked and available in plaintext form. Most of them were from tech companies, closely followed by organisations in the financial industry. Entities in the healthcare, energy, telecommunications, retail, industrial, transport, aerospace and defence sectors are also on the list. The researchers reveal a worrying statistic: “95% of the credentials contained unencrypted, or brute-forced and cracked by the attackers, plaintext passwords.” Despite finding as many as 21 million login records, the report notes that…