According to this link, https://www.scmagazineuk.com/circlci-data-breach-exposed-customer-github-bitbucket-logins/article/1595997, CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings Additionally, organisation name, repository URLs and names, branch names, and repository owners may have been accessed The breach affected customers who accessed the CircleCI platform starting June 30, 2019
ISBuzz Team
50% of people do not trust the details on dating profiles are true[1] Yoti and DateID are working together to create a safer community of online daters London, UK, September 2019 – Yoti, the digital identity app with 5 million downloads, has partnered with DateID, a new US based dating verification platform – to help create a safer and more transparent community of online daters. DateID gives individuals a quick and simple way to verify that the people they meet on dating sites are representing themselves accurately, bringing more trust and transparency online. DateID users can use Yoti to verify…
Avast researchers found flashlight apps request 25 permissions on average Avast [LSE: AVST], a global leader in digital security products, has found that Android flashlight applications request an average of 25 permissions. Using apklab.io, Avast’s mobile threat intelligence platform, Avast analysed the permissions requested by 937 flashlight apps that either once made it onto the Google Play Store or are still available on the Store. Out of these, 408 request 10 permissions or less, 267 request between 11 and 49 permissions, and 262 apps request between 50 and 77 permissions. Apps taking their right to request permissions too far Applications can request…
According to this link, https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/, a new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs). The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in This is served after completing the human verification step. Needless to say that anything typed in the text fields is automatically sent to the attacker According to the researchers, the email delivering the phishing link is from a compromised account from ‘avis.ne.jp’ and pretends to be a…
Corporate networks are being restructured in order to enable digital transformation so that organizations can remain competitive in the market. Modernising the network means that a shift is taking place across businesses, with technological innovations such as public, private and hybrid cloud platforms, containerisation, and microservices driving waves of change. These technologies are enabling businesses to be more dynamic than ever, helping them respond to market trends, create new services and change the way they serve customers through both flexibility and agility. As such, businesses are eager to begin the journey. Yet one consideration that organisations tend to overlook is who is responsible…
A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users. This latest occurrence of Nemty was observed on a fake PayPal page that promises to return 3-5% from purchases made through the payment system. https://twitter.com/TripwireInc/status/1171030677946589184
Mozilla is starting to roll out encrypted web domain name requests by default, starting with a trial run in the US. The move aims to prevent malicious actors from snooping on browser activity, in a major boost for user privacy. Twitter Reactions: https://twitter.com/RMerlinDev/status/1170382098038964224 https://twitter.com/pwaring/status/1170368354995113984
A coordinated ransomware attack hit 22 Texas local governments, but none of the impacted municipalities paid the ransom demand, which was $2.5 million collective, to be paid in Bitcoin. https://twitter.com/TweetEraser/status/1170961201934811137
Threat actors continue to use socially-engineered attacks across email, cloud applications, and social media to exploit human instincts and lure people to click Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced its annual Human Factor report findings, which highlight the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions, steal data, and more. The report, based on an 18-month analysis of data collected across Proofpoint’s global customer base, spotlights attack trends to help organizations and users stay safe. “Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and…
Millions of Phone numbers associated with names and other personal information has been exposed on the Internet in recent days from both the breach at Monsters.com and from an exposed Facebook database. These incidents and others like it expose consumers to not only identity theft but other hazards as well.