It has been reported that a tiny Raspberry Pi computer has been used to steal data from Nasa’s Jet Propulsion Laboratory. An audit report reveals the gadget was used to take about 500MB of data. It said two of the files that were taken dealt with the international transfer of restricted military and space technology. The attacker who used the device to hack the network went undetected for about 10 months. Andrea Carcano, CPO and Co-Founder at Nozomi Networks: “The new report released by NASA’s Inspector General on the cybersecurity flaws discovered within the Jet Propulsion Laboratory (JPL) further proves the need for visibility…
ISBuzz Team
According to a recent ‘Phishing by Industry’ report by KnowBe4, construction industry staff are most vulnerable when it comes to phishing scams. The report looks at 19 industries breaking them down into three categories, small (up to 250 workers); medium (250-999); and large (1,000+) Those in the construction industry placed first in falling for attacks in small and medium-sized businesses and second place in large corporations where the hospitality industry took first place According to KnowBe4, once training began, the percent of a company’s workers likely to fall for a phishing scam dropped dramatically In the construction category – after 90 days of combined computer-based training…
Following the news that an Australian man has been sentenced to three years in prison after pleading guilty to 11 charges including insider trading and unauthorised access to data with the intention to commit a serious offence, security experts commented below. https://twitter.com/CyberSecurityPr/status/1143603915205648384 Experts Comments: Matt Lock, Director of Sales Engineers at Varonis: “For the average cybercriminal, the prospect of breaking into a company to steal insider information without ever having to step foot in a building and ruffle through reports on employee desks is a tempting idea. An IT consultant with the time, interest and criminal inclination could easily gain the knowledge and tools…
Security researchers at Cybereason have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. The hackers systematically broke into more than 10 cell networks around the world over the past seven years to obtain all data stored in the active directories including usernames, passwords, billing data, call detail records, credentials, email servers, geo-locations of users and more. According to the researchers, the tools and TTPs used are commonly associated with the Chinese threat actor APT10. The hackers originally gained access into one of the cell networks by exploiting…
Today, KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released its Phishing By Industry Benchmarking Report 2019 which found, amongst large organisations, those within the Hospitality industry have the highest Phish-Prone Percentage (PPP) of 48 percent and were the most likely to fall victim to a phishing scam. In comparison, employees within Transportation were the least likely to put their companies at risk for potential compromise as they achieved the lowest PPP within the large organisation category with a 16 percent ranking. Those within the Construction industry were the most phish-prone when examining both small and mid-sized organisations with a…
Fox News has released the article, regarding a recent phishing email breach at Oregon DHS, compromising approximately 645,000 accounts. The email was sent to Oregon’s DHS employees on Jan. 8, 2019. Nine employees opened the email and clicked on a link that allowed the sender to access their email accounts. The result was exposed data – contained mostly in email attachments – that included names, addresses, dates of birth, Social Security numbers, case numbers, personal health information and other information used in DHS programs, the department said. https://twitter.com/StateStatus_OR/status/1143234936482226178 Expert Comments: Craig Cooper, COO at Gurucul: “This incident shows how far we have to go before…
Microsoft is drawing attention to a cybercrime campaign that relies on Office features to compromise Windows systems. Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn’t require Windows users to enable macros. However, a new malware campaign that doesn’t exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs. The attack starts with an email and .xls or Excel attachment, which Microsoft is warning recipients not to open. Jake…
Coming up this summer, Google is expected to be introducing a new “auto-delete” tool that will get rid of data and will also be unveiling “Incognito Mode,” to the Google Maps app where users will be able to search locations without being tracked. https://twitter.com/Shivamy7226/status/1123801242373894145 Expert Comments: Mike Bittner, Associate Director of Digital Security and Operations at The Media Trust: “It’s not entirely true that consumers don’t care that companies mine and exchange their data–they just don’t know it’s happening or to what extent they’re being tracked. Starting in January, companies will have to be more transparent about their…
It has been reported that the US launched a cyber-attack on Iranian weapons systems on Thursday as President Trump pulled out of air strikes on the country. The cyber-attack disabled computer systems controlling rocket and missile launchers, and is reported to be in retaliation for the shooting down of a US drone as well as attacks on oil tankers that the US has blamed Iran for. https://twitter.com/FaceTheNation/status/1142873880417189888 Experts Comments: Sam Curry, Chief Security Officer at Cybereason: “The Cyber Game of Nations continues this week with Iran and the US rattling cyber sabers at one another over the Straight of Hormuz.…
Study reveals that cybersecurity staffing and best practices are bigger factors than company size in assessing security risk associated with supply chain partners (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today released the findings from its Securing the Partner Ecosystem study, which surveyed more than 700 respondents at both small businesses and large enterprises to learn how data sharing risk is perceived. The research finds that 50% of large enterprises view third-party partners of any size as a cybersecurity risk, but only 14% have experienced a breach as the result of a small business partner,…