When it comes to fraud, consumers will likely think of common threats like identity theft, credit card fraud, fraudulent bank transactions — the list goes on. However, cybercriminals are constantly evolving, and now online dating sites and applications are in the crosshairs. To be clear, fraud in online dating isn’t new — the term “catfishing” became mainstream following the 2010 documentary “Catfish.” However, recent data breaches have given fraudsters an excessive amount of personal identifiable information (PII) to be used in online dating scams. Furthermore, a 2016 study in Psychology Today found at least half of dating website users have lied…
ISBuzz Team
Yesterday The Washington Post reported that sensitive, personally identifiable information of more than 1.4 million students and more than 200,000 teachers was improperly stored by the Maryland State Department of Education, leaving them at risk of identity theft: Maryland says confidential data must be encrypted. For 1.4M students, it wasn’t. Experts Comments: Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG: “Typically, security audits remain private within organizations, so this report offers a rare glimpse into how challenging it is to keep up to date against potential cybersecurity gaps. The audit revealed a problem that most organizations face – reducing (or eliminating) legacy…
FaceApp has gone viral thanks to an Age Challenge which involves using the app to augment your face to look like an old person. It uses artificial intelligence to edit a picture in your phone gallery and transforms the image into someone double or triple your age. And whilst the AI-influenced makeovers are funny and eerily correct, using the FaceApp means you might be giving away more than you thought. FaceApp is allowed to use your name, username or any likeness provided in any media format it likes without compensation, meaning you will not be paid for it, or have any ability to take it down…
It has been reported that despite alerts from Microsoft and the U.S. government, more than 800,000 online systems have yet to patch the Windows RDP vulnerability two months after it was disclosed.The critical vulnerability affects the remote desktop protocol (RDP) in older windows OSes such as Windows 7, Windows XP and Windows Server 2008. The Vulnerability could allow unauthorised parties to perform remote code execution on vulnerable systems. Bob Huber, CSO at Tenable: “Recent estimates indicate that more than 800,000 systems are still vulnerable to BlueKeep, nearly two months after patches were first released. While the number of unpatched systems has decreased since May, it’s simply not…
It has been reported that American telecommunications provider Sprint has suffered a data breach, telling customers that hackers broke into their accounts through a Samsung website. The number of customer accounts breached isn’t yet known. The hack occurred June 22, Sprint told its customers in a letter, and included details like first and last name, billing address, phone number, subscriber ID, account number, device type, device ID, monthly charges, account creation date, upgrade eligibility and any add-on services. It occurred via the Samsung “add a line” website. The company said it re-secured all compromised accounts by resetting PIN codes, three days later, on June 25 The Sprint account…
It has been reported that the NHS is still running over 2000 Windows XP computers. The figures came in response to a parliamentary written question tabled by Jo Platt, the shadow Cabinet Office minister. Parliamentary under secretary of state at the Department of Health, Jackie Doyle-Price, replied that the health service was running around 2300 XP computers as of July this year. Platt criticised the figures as an indictment of the government’s failure to prioritise cybersecurity. The NHS was famously caught out by the WannaCry ransomware worm of 2017, which affected around a third of trusts, led to the cancellation of an estimated 19,000 operations and appointments and cost…
Regardless of whether your organisation jumped into cloud enthusiastically, or is being dragged in against its own policies, we are all in the cloud – and we are only going to get more involved. To talk about preventing data loss seems to misunderstand that today we aren’t holding the data in the first place. It is in constant movement between multiple services, hosted in disparate geographical jurisdictions, being used and analysed by multiple parties both within the organisation and among partners, and potentially even informing third party machine learning systems. Too many of us are trying to solve cloud security…
BBC News are reporting this morning that An attempt to defraud thousands of people using a bogus email from a UK airport was one of a range of cyber-attacks prevented last year. The scam used a fake gov.uk address, but the messages were prevented from ever reaching their intended recipients. The details were revealed by GCHQ’s National Cyber Security Centre in an annual report. In all, NCSC disclosed it had stopped 140,000 separate phishing attacks. https://twitter.com/cipherstorm/status/1151087613488427009 Experts Comments: Corin Imai, Senior Security Advisor at DomainTools: “This is a massively encouraging progress report we have received from the NCSC, and the UK is extremely wise to have invested in…
According to this link, , malware researchers have discovered a new file-encrypting malware they dubbed DoppelPaymer that has been making victims since at least mid-June, asking hundreds of thousands of US dollars in ransom. There are three confirmed victims of this ransomware strain, which priced its decryption keys between 2 BTC and 100 BTC It is believed that the new ransomware strain may be the work of a BitPaymer group member that started their own ransomware business The new ransomware includes modifications that make it superior to BitPaymer, such as threaded encryption process for a quicker operation Expert Comments: Javvad Malik, Security Awareness Advocate at KnowBe4: “Ransomware remains…
Ad Inserter, a popular Ad management WordPress Plugin was discovered to contain a critical vulnerability. The vulnerability allows an authenticated user as low as a subscriber to execute code on the affected website, Search Engine Journal reported. https://twitter.com/tresronours/status/1151091673201631232 Expert Comments: Eoin Kary, CEO and Co-founder at edgescan: Continuous assessment of websites and assets is the key to keeping pace with such vulnerabilities. Vulnerabilities won’t fix themselves and won’t stop existing anytime soon. Deploying a continuous visibility and vulnerability assessment model is the only way to detect and keep track of such issues. It’s surprising how many organisations don’t keep pace with continuous change…