Cybersecurity researchers at Proofpoint have today released new research showing threat actors adopting new tactics in response to Microsoft’s announcements that it would block macros by default in Microsoft Office applications. Threat actors have responded to Microsoft’s move by increasing their use of container files such as ISO, RAR and Windows Shortcut (LNK) files to distribute malware, in one of the largest email threat landscape shifts in recent history. Key findings include: · Proofpoint has observed the use of VBA and XL4 Macros decrease approximately 66% from October 2021 through June 2022. · The use of ISO files has increased over…
ISBuzz Team
Gigamon released its State of Ransomware 2022 and Beyond report aimed at providing insights into how the threatscape is evolving and how the severity of the ‘blame culture’ in cybersecurity is escalating. According to the global survey of IT and security leaders across the US, EMEA and APAC, nearly one-third of organisations have suffered a ransomware attack enabled by a malicious insider, a threat seen as commonly as the accidental insider (35 percent). Furthermore, 59 percent of organisations believe ransomware has worsened in the last three months, with phishing (58 percent), malware/computer viruses (56 percent) and cloud applications (42 percent)…
Following the news that: A ‘top tier’ hacking gang is likely to be behind Entrust ransomware attack Entrust ransomware attack likely to be work of ‘top tier’ hacking gang (techmonitor.ai)
It has been reported that the LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According to LockBit, the data stolen includes documents, financial reports, and contracts. The Euro nation’s police are investigating the alleged security breach, which was revealed Monday by Pierguido Iezzi, CEO of Swascan, the cybersecurity unit of business services company Tinexta Group, according…
Following the news that Twitter suffered a data breach that saw 5.4 million users’ details leaked online please find a comment below from Cyber security experts. The comment covers how the attack opens the door to high-profile attacks on famous users, with the likely outcome of crypto scam efforts, and the further threats that can now be enabled, from MFA spoofing and attacks on other accounts such as icloud or gmail.
PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, announced attackers have exploited a major vulnerability to inject malicious code into servers running PrestaShop websites. The attackers are injecting a fake payment form on the front-office check-out page to steal shoppers’ credit card information. PrestaShop stated that they believe the attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability. PrestaShop’s official announcement of the discovered vulnerability can be found here.
Passwordless authentication does not equate to biometrics in the workplace Passwordless authentication does not equate to biometrics in the workplace | Biometric Update
Uber has admitted to covering up a massive cybersecurity attack that took place in October 2016, exposing the confidential data of 57 million customers and drivers, as part of a settlement with the US Department of Justice in order to avoid prosecution. More on the story here: https://www.theverge.com/2022/7/25/23277161/uber-2016-data-breach-settlement-cover-up
As reported by TechCrunch, Indian online insurer Policybazaar said on Sunday that it was subject to an unspecified security incident but found that “no significant” customer data was exposed — or in other words, some was. Policybazaar, which sells a range of insurance coverage, said in a stock exchange filing that its IT systems were subject to “illegal and unauthorized access” and it is engaging with the authorities to take recourse.