As we take each new mobile network generation in our stride, it can be easy to forget just how far we’ve come. For instance, both 3G and 4G were digital transformations in their own right. First allowing for multimedia sharing, data downloads and video calls, then providing widespread access to mobile internet services, HD video streaming and reliable roaming. But with Ericsson estimating there will be up to 22.3bn connected devices by 2024, it is 5G that will be required to support the demands of this level of mass connectivity. 5G will be smarter, faster, and more efficient than its…
ISBuzz Team
Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That’s possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn’t. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention. Jake Moore, Cybersecurity Specialist at ESET: “With the possibility of malware being able to attack a webcam at any moment without the correct service patch or…
Advanced analytics and biometrics becoming central to anti-fraud programmes, reveWhile only 13 per cent of organisations use artificial intelligence (AI) and machine learning to detect and deter fraud, another 25 per cent plan to adopt such technologies in the next year or two – a nearly 200 per cent increase. Fraud examiners revealed this and other anti-fraud tech trends in a cross-industry, global survey by the Association of Certified Fraud Examiners (ACFE), developed in collaboration with analytics leader SAS. The inaugural Anti-Fraud Technology Benchmarking Report examines data provided by more than 1,000 ACFE members about their employer organisations’ use of technology to fight fraud. Other notable trends include: The rise…
Government agencies in Croatia have been targeted with never before seen malware payload, named SilentTrinity. A mysterious hacker group has targeted, and most likely infected, Croatian government employees between February and April this year Emails contained a link to a remote website with a lookalike URL, where users were asked to download an Excel document. The document was laced with malicious code packed as a macro script which appeared to have been largely copied off the internet The macro script, if enabled by the victim, would download and install malware on their systems. https://twitter.com/buzz_techie/status/1148102070324666369 Javvad Malik, Security Awareness Advocate at…
British Airways is set to be fined more than £183 million over a customer data breach. The fine relates to the theft of customers’ personal and financial information between June 2018 and September 2018 from the website ba.com and the airline’s mobile app The airline initially said around 380,000 payment cards had been compromised, however the ICO said in a statement that the personal information of 500,000 customers had been affected The incident in part involved user traffic to the British Airways website being diverted to a fraudulent site, where customer details were harvested by the attackers https://twitter.com/SkyNews/status/1148159545971216384 Experts Comments: Javvad Malik, Security Awareness Advocate at KnowBe4: “While there is no…
Four out of five people identified by the Metropolitan Police’s facial recognition technology as possible suspects are innocent, according to an independent report revealed by Sky News and The Guardian. Researchers found that the controversial system is 81% inaccurate – meaning that, in the vast majority of cases, it flagged up faces to police when they were not on a wanted list. The report raises “significant concerns” about Scotland Yard’s use of the technology, and calls for the facial recognition programme to be halted. Expert Comments: Paul Bischoff, Privacy Advocate at Comparitech.com: “The Met’s 0.1% error rate figure is calculated by dividing the number of…
The FDA has warned Americans that hackers could compromise insulin pumps by connecting to them via Wi-Fi. A 2017 study from the Technology and Health Care journal found that the US healthcare industry doesn’t keep up with new cybersecurity precautions, this is despite a 2018 study from medical journal Maturitas found that medical devices — including insulin pumps and pacemakers — are highly vulnerable to cybercrime. In contrast, a study from Infoblox found that in the UK, the number of security policies in place for new connected devices has increased from 85 to 89 percent, with fewer respondents doubting the effectiveness of these policies (9% in 2019/13%…
An online privacy watchdog has issued a stark warning about the risks of using the popular workplace chat app Slack. Gennie Gebhart, who serves as the associate director of research at the Electronic Frontier Foundation, outlined the threat of nation-state attacks using the troves of personal data that Slack stores. In an op-ed in the New York Times, Ms Gebhart cited Slack’s recent filing with the Securities and Exchange Commission, which highlighted threats from “sophisticated organised crime, nation-state, and nation-state supported actors”. However, Slack has comeback with their thoughts on security but the platform does not use end to end encryption. Twitter: https://twitter.com/ReclaimNet/status/1146446349065490433 https://twitter.com/bahree/status/1145786027258179585 Expert Comments: Jake…
According to recent research by Alert Logic, discovered 66% of small and midsize businesses (SMB) devices run Microsoft OS versions that have expired or will expire by January 2020, the majority of which are over 10 years old. The report highlights the challenges SMBs face, reveals a steady increase in attacks and changes in attack methods that target their weaknesses in encryption, workload configuration, limited visibility into vulnerabilities and outdated and unsupported operating systems 66% of SMB devices run Microsoft OS versions that are expired or will expire by January 2020. Shockingly, the majority of devices scanned in the research were running Windows versions…
Security researchers from Netlab – a network threat hunting unit of Chinese cybersecurity giant Qihoo 360 – discovered the first ever malware strain, named Godlua, seen abusing the DNS over HTTPS (DoH) protocol. The Godlua malware is written in Lua to work on Linux Servers. The attackers are using Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner. Internet Emgineering Task Force’s (IETF) RFC 8484 provides more details of DoH protocol Social Media Reaction: https://twitter.com/GossiTheDog/status/1146138461969244160 https://twitter.com/tc1415/status/1128762647208505344 Experts Comments: Anthony Chadd, SVP, Global Sales at Neustar: “Whether using common methods such as amplification or flooding, the DNS is often at the heart of…