It has been confirmed a software outage affecting the NHS 111 service was caused by a cyber-attack. Advanced, a firm providing digital services for NHS 111, said the attack was spotted at 07:00 BST on Thursday. The attack targeted the system used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions. More information: https://www.bbc.co.uk/news/uk-wales-62442127
ISBuzz Team
An analysis from Recorded Future’s research group, Insikt Group, details the tactics, techniques, and procedures (TTPs) used by cybercriminals on dark web and special-access sources to compromise networks, deploy infostealer malware, and obtain valid credentials. Excerpts: Threat actors require remote access to compromised networks to conduct successful attacks, such as malware loader deployment, data exfiltration, or espionage campaigns. These compromised access methods, … are the work of specialized threat actors colloquially referred to as “initial access brokers” (IAB). IABs use several tools and TTPs to obtain such access, including obtaining valid credential pairs and session cookies from the successful deployment…
The Solana network seems to be the victim of an ongoing cyberattack. Over the last few hours, several users have taken to Twitter to report that their Solana holdings have been completely drained. Data from block explorer, Solana FM backs these reports and shows that the attackers have managed to syphon off more than $5 million so far. The platform has also managed to identify four wallets currently linked to the attack and has posted details of the same on Twitter.
Proofpoint released a new study on the inability of universities to secure email domains: 97% of top universities in the US, UK and Australia putting students, staff, and stakeholders at risk of being impersonated by cybercriminals. Excerpts: …97% of the top ten universities across each country are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. According to the analysis, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia. These findings are based on Domain-based Message Authentication, Reporting and…
It has been reported that con artists behind ‘Hi Mum, Hi Dad’ WhatsApp scam are now using text messages to target victims, fraud expert warns – as figures reveal how Britons have been tricked into handing over £1.5million in just six months. Fraudsters are now using other avenues such as ‘traditional’ SMS and text messages in order to approach their victims, according to Chris Ainsley, head of fraud risk management at Santander UK. The full story can be found here: https://www.dailymail.co.uk/news/article-11076553/Fraud-expert-warns-twist-WhatsApp-scam-Brits-tricked-1-5m-just-six-months.html
It has been reported that two companies based in Luxembourg are grappling with an alleged ransomware attack that began last week, the latest in a string of incidents involving European energy companies. Encevo Group said its Luxembourg entities Creos – an energy network operator – and the supplier Enovos were “victims of a cyberattack on the night of July 22.”The company said the attack took down customer portals for both companies but did not affect the supply of electricity and gas. Full story can be found here: https://therecord.media/luxembourg-energy-companies-struggling-with-alleged-ransomware-attack-data-breach/
In response to the spate of cyberattacks that Taiwan has suffered over the last day, cyber security experts reacted below.
It has been reported that cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users’ Twitter accounts that are associated with the app. The discovery belongs to CloudSEK, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. CloudSEK explains that the leak of API keys is commonly the result of mistakes by app developers who embed their authentication keys in the Twitter API but forget to remove them…
The BlackCat ransomware gang claims to have hit the Natural gas pipeline company Creos Luxembourg S.A. last week, a natural gas pipeline and electricity supplier. Creos’ owner, Encevo, confirmed the network attack, which occurred on the 23-24th of July, exfiltrated “a certain amount of data” from their network. Encevo is an energy supplier in five EU countries. They have a dedicated web page for updates on the attack and as of Monday Aug. 1st, it still says “the Encevo Group does not yet have all the information necessary to personally inform each person concerned.”
Researchers at CloudSEK have uncovered 3,207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts. These apps were leaking legitimate Consumer Key and Consumer Secret information, Singapore-based cybersecurity firm CloudSEK said in a report. Researchers inspecting the mobile apps observed that: 5,603 companies were leaking Twitter API Keys/Tokens5,033 companies were leaking the Twitter Secrets/Token Secret only4,810 companies were leaking both the Twitter API Keys/Tokens and the Twitter Secrets/Token Secrets Out of 3,207 apps, 230 were leaking all 4 Auth Creds. 39 of the apps had all 4 keys as valid. The Twitter accounts…