Digital lawyer Peter Gundst details a phishing scam in which a caller claimed to be from his bank, asking him if he had used his card in a remote city (https://twitter.com/DigitalLawyer/status/1181348689756864513?s=20). When he said he hadn’t, the caller “blocked” the transaction and asked for his PIN and said they were sending a “verification PIN” that the victim read back. He later realized that his password was reset with the verification number the fraudster sent to his phone. A KnowBe4 expert offers advice on detecting similar scams.
ISBuzz Team
The social influence of robots on people and the insecurities this can bring should not be underestimated. Research conducted by Kaspersky and Ghent University has found that robots can effectively extract sensitive information from people who trust them, by persuading them to take unsafe actions. For example, in certain scenarios, the presence of a robot can have a big impact on people’s willingness to give out access to secure buildings. The world is rapidly moving towards increased digitalisation and mobility of services, with many industries and households relying strongly on automatisation and the use of robotic systems. According to some estimates,…
The account details of the 250 thousand users of Dutch website Hookers.nl have leaked out after a vulnerability on the website was exploited. A hacker captured the members’ data and is offering it for sale, NOS reports based on its own research after an anonymous tip. The website is popular among clients of sex workers, who exchange tips, reviews and experiences in the sex industry. https://twitter.com/FlayersMind/status/1182181027051196417
Guaranteeing the validity of elections on the local, state and federal levels will be a huge challenge this voting season especially with the such threats as foreign interference and fake news propaganda. While officials are taking steps to try and secure voting machines, it will take more efforts to secure all the moving parts powered by technology.Guaranteeing the validity of elections on the local, state and federal levels will be a huge challenge this voting season especially with the such threats as foreign interference and fake news propaganda. While officials are taking steps to try and secure voting machines, it…
The European Union has published a joint risk-assessment warning that 5G networks could be at risk from suppliers with strong links to national governments. However, the report, which was clearly aimed at highlighting the risks posed by using hardware and services supplied by Chinese telecoms companies, stopped short from naming Huawei and ZTE. The report – prepared by an EU security group – highlighted the increased security risks posed by well-resourced state-backed entities and called for a new approach to securing telecoms infrastructure in the EU. The report stressed that non-EU companies bidding for 5G network contracts could be “subject to interference” when…
It has been reported that hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed it had more than 20,000 customers. The most notable compromise is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. At the time of writing, the malicious code is still on Volusion’s servers and is still…
In any enterprise there are tens of thousands, if not hundreds of thousands, of digital certificates in use to protect things like web servers through device authentication and data encryption. At this scale, it may seem like a never-ending battle to inventory and keep track of every certificate. Due to limited IT resources, many organizations choose to narrow the scope of the certificates they manage rather than take on the task of securing everything. Manually issued certificates get all the attention (i.e. SSL/TLS certificates), while Active Directory (AD) auto-enrollment certificates are easily overlooked. AUTO-ENROLLMENT OVERVIEW If you are not familiar…
Indiana-based Methodist Hospitals is currently notifying 68,039 patients that their protected health information may have been exposed in a data breach. The patient data that was potentially compromised includes the following: Names Addresses Health insurance information Group identification numbers Social Security numbers Financial account numbers Payment care information Medical record numbers and treatment information In June, the health systems saw unusual activity in an employee’s email account prompting investigation. Methodist Hospitals determined that two employees fell victim to a phishing attack. Collectively, the unauthorized third-party had access to the email accounts between March 13 and July 8. Methodist Hospitals said…
As more transactions between all types of businesses and their customers move online, the opportunity for attackers to steal credentials through phishing continues to grow. Making matters worse, adversaries are launching more sophisticated attacks that are quite difficult to spot, even for the trained security professional. It’s clear that current approaches to detection and mitigation of phishing and web spoofing are falling short. The recent disclosure by YouTube of a phishing campaign is a prime example. A reported 23 million YouTube customers may have been affected by the attack. These were YouTube content creators who make very popular videos that…
An unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files using a credential stuffing attack. Once the unauthorized user gained access to the TransUnion portal, they could perform credit searches using a consumer’s name, address, DOB, or Social Insurance Number (“SIN). If the correct information was entered, a credit file would be shown that contains the consumer’s name, date of birth, current and past addresses, and information related to the credit, such as loan obligations, amounts owed, and payment history. Actual account numbers, though, would not be included in the report.…