Following news that priority Health issued a notice about a third-party data breach that originated at the law firm Warner Norcross & Judd (WNJ) in October 2021 ), cyber security experts explain the risk of third party companies.
ISBuzz Team
According to ABC News, A former Twitter employee has been convicted of spying for Saudi Arabia after accessing private data on users critical of the kingdom’s government in a spy case that spanned from Silicon Valley to the Middle East. Ahmad Abouammo, a U.S. citizen and former media partnership manager for Twitter’s Middle East region, was charged in 2019 with acting as an agent of Saudi Arabia without registering with the U.S. government. A 2019 FBI complaint alleged that Abouammo and Saudi citizen Ali Alzabarah, who worked as an engineer at Twitter, used their positions to access confidential Twitter data…
Sophos X-Ops Active Adversary whitepaper, “Multiple Attackers: A Clear and Present Danger,” details finding Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacking the same network. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were triple encrypted.
Following the news that: Number of Firms Unable to Access Cyber-Insurance Set to Double Number of Firms Unable to Access Cyber-Insurance Set to Double – Infosecurity Magazine (infosecurity-magazine.com)
Following the news that: Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institution Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions (thehackernews.com)
Following news that threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer’s systems with password-stealing malware, cyber security experts reacted below.
Kaspersky researchers detail a wave of targeted attacks, first observed in January of 2022, on military industrial complex enterprises and public institutions in several countries, identifying multiple attacks. The attackers breached the networks of dozens of enterprises, taking control and evading security solutions. They determined that cyberespionage was the goal of these attacks. Excerpts: The attacks used phishing emails, some of which used information that is specific to the organization under attack and is not publicly available. This could indicate that the attackers did preparatory work in advanceA new version of PortDoor was identified in the course of our research. PortDoor…
It has been reported that communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The San Francisco-based company, which allows users to build voice and SMS capabilities — such as two-factor authentication (2FA) — into applications, said in a blog post published Monday that it became aware that someone gained “unauthorized access” to information related to some Twilio customer accounts on August 4. Full story can be found here: https://techcrunch.com/2022/08/08/twilio-breach-customer-data/ Commenting on the news are the following cybersecurity experts:
As reported by BBC News, Meta has announced new privacy features for WhatsApp users. Users will be able to leave group chats silently, control who can see their online status and block screenshots on View Once messages. Meta chief executive Mark Zuckerberg said this would help keep WhatsApp messaging “as private and secure as face-to-face conversations”. It will begin rolling out the features this month, highlighting them in a global campaign, starting in the UK.
The UK Parliament has closed down its TikTok account after MPs raised concerns about the risk of data being passed to the Chinese government. The account has been locked, and content deleted, days after its launch. Senior MPs and peers had called for the account to be removed until TikTok gave “credible assurances” no data could be handed to China. TikTok is owned by Chinese company ByteDance, which has denied it was controlled by the Chinese government. Relations between London and Beijing have been fraught in recent years, with tensions heightened by China’s sanctioning of several MPs last year. “Based on…