ISBuzz Team

A highly capable malware reportedly used in a failed plot to blow up a Saudi petrochemical plant has now been linked to a second compromised facility.    FireEye researchers say the unnamed “critical infrastructure” facility was the latest victim of the powerful Triton malware, the umbrella term for a series of malicious custom components used to launch directed attacks. Triton, previously linked to the Russian government, is designed to burrow into a target’s networks and sabotage their industrial control systems, often used in power plants and oil refineries to control the operations of the facility.   https://twitter.com/zackwhittaker/status/1115826829598887941 Experts Comments:  Roy Rashti, Cyber-Security…

Like most of the cybersecurity industry, the Awake team was on the ground at RSA Conference last month discussing the latest security trends, threats and solutions. During the show, we surveyed pros who visited the Awake booth to learn more about the issues they’re currently facing. Here are some of the key takeaways uncovered by our survey: TAKEAWAY #1: Threats are hiding in plain sight When we asked RSAC attendees to identify what attack stage(s) their organization struggles to detect the most, 33 percent indicated “data exfiltration” while a close 31 percent cited “lateral movement.” Lateral movement is a means to…

Kaspersky Lab researchers have uncovered a technically sophisticated cyberespionage framework that has been active since at least 2013 and appears to be unconnected to any known threat actors. The framework, which researchers have named TajMahal, features around 80 malicious modules and includes functionality never before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects. Kaspersky Lab has so far seen only one victim, a foreign-based central Asian embassy, but it is likely that others have been affected.    Kaspersky Lab…

The Home Office has apologised to the Windrush generation again after admitting it wrongly shared 500 private email addresses while launching the compensation scheme. In what is being described as an “administrative error” by Immigration Minister Caroline Nokes has led to a breach of data protection rules. An internal review has been launched and the matter has been referred to the Information Commissioner.  Twitter Reaction:  https://twitter.com/ActNowTraining/status/1115529859852324864 https://twitter.com/CalltonYoung/status/1115379384221863937 https://twitter.com/nw_nicholas/status/1115370172230131712 Experts Comments:   Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG:  “Even though there are technologies available in the Cybersecurity market for masking or anonymising email addresses, this breach was mainly due to a poor, human based-decision. More organizations need to enable data protection of personal or sensitive…

Following the news that the Department for Digital, Culture, Media and Sport has proposed an independent watchdog that will write a “code of practice” for tech companies, such as Facebook and Twitter, and fine or block those that fail to tackle “online harms” such as terrorist propaganda and child abuse, Paul Bischoff, privacy advocate with Comparitech.com commented below. Paul Bischoff, Privacy Advocate at Comparitech.com: “The proposal threatens freedoms of speech and expression online and reflects the same sort of restrictions placed on social media in autocratic countries. The government cannot penalise speech that it thinks is harmful but not illegal. It’s trying to get around this…

AeroGrow that makes AeroGarden smart countertop gardens, has informed customers that it has found credit card skimming malware on their website and has eliminated the problem, but credit card numbers may have been compromised between the end of October through the beginning of March 2019.  https://twitter.com/SEP_Software/status/1114243968743628800 Ryan Wilk, VP of Customer Success at NuData Security: “Many websites are suffering from Magecart-like attacks as hackers evolve the malware in an effort to steal credit card information on the web. Customers should check their credit card statements or apply for a new one right away. Once stolen, these card numbers are sold on the dark web for future…

Researchers have found the iOS version of the Exodus Android spyware that was discovered in the Google Play Store earlier this year.  https://twitter.com/campuscodi/status/1115365371622694912 Earlier this year, Exodus has been found in more than 20 apps on Google Play Store. The malware is believed to have been developed by the Italian firm eSurv, which has commercial connections to the Italian government. https://twitter.com/christiancscott/status/1114171236026916866 Experts Comments:  Jake Moore, Cyber Security Specialist at ESET:   “It’s rare for hackers to break into Apple’s locked down ecosystem. The myth has long been that Apple devices are impenetrable, but this just goes to show that it is worth…

It has been reported that security researchers have discovered multiple vulnerabilities in a pre-installed app on phones made by one of the world’s biggest smartphone vendors that potentially impacted the privacy and security of more than 150 million Android users worldwide. The vulnerabilities were found in an app pre-installed on smartphones made by Xiaomi, the biggest mobile phone manufacturer in China and India, and the fourth biggest by market share in the world.   Andrew van der Stock, Senior Principal Consultant at Synopsys: “Phone manufacturers and software providers have a special responsibility to employ security reviews, supply chain security management, and ensure that any such…

The UK Government has launched its long-awaited Online Harms whitepaper, outlining the government’s plans to make the UK the safest place in the world to be online.  The legislative and non-legislative measures outline in the whitepaper will make sure that companies are more responsible for their users’ safety online,  especially children and other vulnerable groups. According to NCC Group, the proposals strike the right balance between enforcing a duty of care and agile regulation, but the global cyber security expert encourages the government to underpin these with a strategic educational program around online safety.    Experts Comments:  Ollie Whitehouse, Global Chief Technical Officer at NCC Group:   “From our perspective,…

Enterprises are increasingly recognising the benefits of embracing a cloud infrastructure to support on-premise networks, but often create complicated network environments in the process. Recent OneLogin research revealed that 94% of global CIOs are in agreement saying the corporate technology stack is becoming increasingly complex – with more apps (both cloud and on-prem), data, devices and transactions than previously known[1]. Running systems via the cloud offers efficiency and productivity to better support large distributed workforces, no matter where an employee is based. As a company evolves it can often outgrow its on-premise network. Consequently, IT strategies must be created to futureproof networks, as well…