It has been reported that Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk. Insurance market Lloyd’s of London has indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance policies from 31 March 2023. The change will supposedly ensure that the scope of cyber insurance policies is made clear to buyers, and is being made because Lloyd’s believes the impact of state-backed attacks is a “systemic risk”. Full story here: https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586
ISBuzz Team
The Lockbit Ransomware gang has taken credit for the ransomware attack on Entrust, a digital security giant. In June, Entrust began notifying customers that they suffered a cyberattack where data was stolen from internal systems. The ransomware group attacked Entrust after purchasing access to the corporate network through “network access sellers.” After further research on network access sellers, it appears that the number of malicious actors offering vulnerable network information have been tripling in the past few years, bringing to light the concerning fact that not only are actors aware of company breaches long before the company itself finds out,…
Bitdefender has identified dozens of apps on the Google Play Store that conceal their presence after installation by changing their names and icons, before serving up ads. They also remove themselves from the recently used list of apps to better hide from the user.
As reported by the Financial Times, cybersecurity has eclipsed tumultuous financial markets as the biggest concern for the world’s largest sovereign wealth fund, as it faces an average of three “serious” cyber attacks each day. The number of significant hacking attempts against Norway’s $1.2tn oil fund, Norges Bank Investment Management, has doubled in the past two to three years, according to its chief executive Nicolai Tangen. The fund, which reported its biggest half-year dollar loss last week after inflation and recession fears shook markets, suffers about 100,000 cyber attacks a year, of which it classifies more than 1,000 as serious,…
It has been announced that the US government is banning insecure software from its procurement process in a bid to improve the country’s cyber security.
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. “Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up.
A dozen malicious PyPi packages have been discovered by researchers at Snyk installing malware that modify the Discord client to steal data from web browsers and Roblox. The popular online chat application, Discord, is also a target. The malware exfiltrates Discord tokens and injects a persistent malicious agent in the process. This malicious code, known as Discord Injector, can relay an alarming amount of information to the attacker. Not only will it share your credentials, but it can also skim your credit card information if you input it after the injector is loaded. The packages pretend to be Roblox tools…
Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs, which could potentially allow attackers to take complete control of devices. Apple added that it is “aware of a report that this issue may have been actively exploited”. Security experts have advised users to urgently update affected devices – the iPhone 6S and later models, newer iPads, and Mac computers running macOS Monterey. It also impacts some iPod models. In a security update on its support page, Apple said one of the flaws means a malicious application “may be able to execute arbitrary code with kernel privileges”. More information: https://news.sky.com/story/apple-discloses-serious-security-vulnerabilities-for-iphones-ipads-and-macs-12676245
A-Level Results 2022 – Tech industry experts react This week A-Level students received their results, with many of them now working out next steps. In the UK, top grades for A-level results have fallen since last year, with 36.4% of all grades marked at A* or A, to try and tackle rising grade inflation over the last two years. A near-record high number of students have been offered a university or college place too, and the first T-level grades were revealed for those taking new technical qualifications, with an overall pass rate of 92%. But are school leavers fully prepared…
It has been reported that a report from ForgeRock has revealed an unprecedented 297% surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers and representing almost 25% of all breaches. The report also found unauthorized access was the leading cause of breaches for the fourth consecutive year, steadily increasing to account for 50% of all records compromised during 2021. The report underscores the fact that cybercriminals continue to find new methods of attack across industries and geographies. The cost of breaches also continues to grow. In the US alone, the price of remediation from a breach has…