Researchers have today published the results of a five-month-long investigation into what it has called the “largest-scale sextortion campaign” they have ever seen. What’s more, the threat actors behind the sexual blackmail scam could be using your computer to help distribute their demands for payment without your knowledge; up to 15,000 per infected computer.
ISBuzz Team
It has been reported that millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. Using this attack, bad actors can decrypt packets sent by clients in order to steal sensitive information that is sent over plain text. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping.
The ONS released its annual Crime Statistics in England and Wales today https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingjune2019 revealing a decline in computer misuse and computer virus offences. In case you’re planning to cover this news at all, please see below for comments in response from Mike Fenton, CEO at Redscan, the UK-based cyber security firm. Mike points to the current flaws in reporting cybercrime and highlights other numbers which suggest just how wrong the ONS numbers may be – including this story from the BBC https://www.bbc.com/news/technology-50065713
Technology has transformed the world of banking, bringing all manner of new services to the table and revolutionising the way that customers manage their finances. Gone are the days of fixed branches and localised appointments. Today’s banking is done with the click of a button. However, technology has also brought with it new challenges, particularly in regard to identity and authentication. These two things are no longer as easy to achieve as they used to be. Customers can interact with banks through a growing number of channels. As a result, there are myriad factors that banks need to take into…
A Russian cyberespionage operation which was one of the groups which hacked into Democratic National Committee in the run-up to the 2016 US Presidential election has been busy with attacks against government departments across Europe and beyond. The Cozy Bear hacking group – also known as APT29 – is believed to be associated with the Russian intelligence service and, alongside Russian military hacking group Fancy Bear, was involved in a number of high profile attacks between 2014 and 2017. In the time since then, Cozy Bear appeared to go quiet, but now cybersecurity analysts at ESET have detailed how the group – which they refer to as…
It has been reported that Sonic Jobs, a UK retail and restaurant jobs app used by the Marriott and InterContinental hotel chains, has exposed over 29,000 CVs online revealing job-hunters’ names, addresses, phone numbers and career histories to potential cyber criminals. The firm made the settings on their cloud storage buckets public, which meant that when someone applied for a job their CV was available for anyone who knew the location of the bucket to see and download it.
Zimperium is releasing a new piece of research today which investigates 30 of the world’s leading travel applications to understand how they manage users’ security and privacy risks. The data is based on the most downloaded travel applications on iOS and Android, and as part of the study, mobile security researchers from Zimperium’s zLabs team assigned each application a grade: Passing: The app has very few risks and does an above average job of protecting user data. Average: The app has risks that need to be addressed and does an average job of protecting user data. Failing: The app has significant risks…
It has been reported that a joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks on ATMs in Germany in 2017 that saw thieves make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port. Please see below for commentary from cybersecurity experts.
“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from “BriansClub” encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone. https://twitter.com/neirajones/status/1184346989804314625
A malicious website posing as checkrain[.]com was launched by hackers this week, which poses as the real site that researchers are building to modify and jailbreak iPhones. The fake site instead launches a hacking tool that tries to take over affected devices.