One of the most important commands in Linux contained a rather nasty security flaw that could have let malicious types gain root access to the operating system. The bug, which has since been squashed by developers, was found in the sudo command that is used by developers to carry out tasks and run stuff with elevated privileges. Sudo only enables this if users of the command have the right permissions to do so on a Linux machine or know the root user’s password. But the command appears to have been a little too effective. It could have allowed hackers with…
ISBuzz Team
As part of “experts dots (comments) on the latest information security news” publication, please find below the expert comments on the news that Instagram is stepping up its security features to make it easier for users to block apps from accessing their data.
MailGuard has detected a new phishing email scam purporting to be from Telstra. First detected yesterday, the 15th October, the scam purports to be from Telstra and masquerades as a notification from the telecommunications giant. Using a display name of ‘Telstra’ with a domain to match, the email originates from a single forged email address. It is titled ‘$500 Citibank Visa prepaid gift card reward’. The email’s body incorporates the Telstra logo and branding and advises the recipient that they need to claim their gift card reward before ‘18/10/2019’. A ‘claim link’ is provided for recipients to click on to…
Although the Monetary Authority of Singapore (“MAS“) cybersecurity guidelines have been around since 2013, it was only in August this year that they became legally binding for any financial institution that operates in the country. The requirements state that banks operating in Singapore need to do the following: Establish and implement robust security for IT systems Ensure updates are applied to address system security flaws in a timely manner Deploy security devices to restrict unauthorised network traffic Implement measures to mitigate the risk of malware infection Secure the use of system accounts with special privileges to prevent unauthorised access Strengthen user authentication for…
The M6 Group, France’s largest privately-owned multimedia group, was the victim of ransomware over the weekend, but none of the company’s TV and radio channels suffered any downtime. The incident took place on Saturday morning, according to a message the company posted on its official Twitter account. The M6 Group said they managed to contain the infection with the help of its cybersecurity staff, preventing any downtime to any of its ten TV channels, radio stations, and film studios.
Global shipping and mailing services company Pitney Bowes announced the partial system outage that impacted customer access to some services as a result of a ransomware attack that encrypted some of its systems. https://twitter.com/PitneyBowes/status/1183758381401755653
There are three key components when we talk about the concept of privacy: Laws, customs and expectations. The importance of each part of this trifecta will vary across geographic regions, generations, and groups. But in order to meet these diverse expectations, companies processing personal information need to offer their customers regional solutions. Cue data residency. Data residency is the storage of personal information in a specific geography where that data is processed in accordance with the local laws, customs, and expectations. Opting for providers with a data residency solution helps businesses satisfy their customers’ increasingly regional expectations of data privacy—especially…
With industrial control systems (ICS) becoming more connected due to the introduction of operational technology (OT) and industrial internet of things (IIoT), the threat of a successful cyberattack causing major damage could now be a reality. So much so that a new study by Tripwire and Dimensional Research revealed that 66 percent of ICS security professionals now acknowledge that a successful attack could have catastrophic consequences such as an explosion. The study surveyed ICS security professionals in manufacturing, energy and utilities, transportation and chemical industries and also revealed 93 percent are worried about cyberattacks causing operational shutdown or customer-impacting downtime. Other key…
An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state’s own enterprise security program. A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever. https://twitter.com/shah_sheikh/status/1182730367419052033
A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years. The espionage malware strain dubbed Attor by the researchers comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting using the AT protocol.”The attackers who use Attor are focusing on diplomatic missions and governmental institutions,” says ESET malware researcher Zuzana Hromcová.