Following the news that cybersecurity firm Barracuda Networks has published a report on spear phishing which reveals that over 80% of attempts involve brand impersonation, Corin Imai, Senior Security Advisor at DomainTools commented below. Corin Imai, Senior Security Advisor at DomainTools: “Unfortunately, aside from investing in an efficient email filtering software, there is little that organisations and private individuals can do to keep phishing emails out of their inbox. Criminals have learnt that the best way to get victims to click on links or to disclose personal information is to elicit an emotional response, which is why they often choose to impersonate recognised and trusted brands…
ISBuzz Team
It has been reported today that Russian hackers have targeted European government systems ahead of the EU parliament election.According to researchers, two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing — the practice of sending out emails designed to look like they’re from a trusted party — in an attempt to obtain government information. https://twitter.com/mikezmac/status/1108731019140755462 Anjola Adeniyi, Technical Manager for EMEA at Securonix: “The attacks on the EU elections are yet another example of phishing being used as a method to obtain sensitive government information and attack high value targets. As a result, it is vital that all EU government employees are empowered to mitigate these…
A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target’s computer. First discovered by MyOnlineSecurity, these emails are being sent from email addresses that are impersonating the “Centers for Disease Control and Prevention” and have a subject line of “Flu pandemic warning”. These emails state that there is a flu pandemic and that recipients should read the attach document to help prevent its spreading. Roy Rashti, Cyber-security Expert at Bitdam: “These…
The BBC has today reported that scams in which criminals trick bank customers into paying them money out of their bank accounts jumped by 45% in the second half of last year. Over the whole of last year, more than 84,000 bank customers fell victim, some losing tens of thousands of pounds. Banks say scam merchants are shifting their attention from trying to penetrate banking systems to conning members of the public directly. Business are being targeted as well, with a similar sharp rise to £209m in suspicious transfers unwittingly authorised by staff members. Lisa Baergen, Director at NuData Security: “The magnitude of these losses can’t help but…
It has been reported that a zero-day WordPress plugin has been exploited in the wild by at least two hacker groups. The vulnerability can be used to change site settings, create admin accounts to use as backdoors and then hijack traffic from the hacked sites. Satnam Narang, Senior Research Engineer at Tenable: “According to Web Technology Surveys (w3techs), WordPress has a market share that’s larger than all other content management systems (CMS) combined, as it is used by one third of all websites. Because of its sheer dominance in the CMS space along with the presence of many WordPress plugins, WordPress sites are a ripe…
It has been reported that the Police Federation of England and Wales (PFEW) has confirmed that it has been dealing with a ransomware attack on its computer systems. The PFEW was able to respond quickly to an alert from its cyber-security n Saturday 9th March, with cyber experts rapidly reacting to isolate the malware to stop it from spreading to PFEW branches. https://twitter.com/breakingnewshe1/status/1108761348807237632 Expert Comments Below: Anjola Adeniyi, Technical Leader at Securonix: “The attack on the Police Federation shows that anyone can become a victim of a ransomware attack. Based on available information, thePolice Federation has isolated the malware, which is a good step in preventing it spreading deeper into the network.…
Providing enterprise network security is becoming an increasingly complex undertaking, as the number of threats emanating from the Internet continues to grow. Hackers continue to find new ways to attack systems and steal data. Dealing with these threats is highly complex. While numerous reviews like this may indicate that virtual private networks can protect you against all threats, getting on top of enterprise network security is much more difficult. Multiple Systems Dealing with enterprise network security means securing multiple related and connected systems, mainframes, and devices. And it doesn’t only apply to private companies – enterprise security is also applicable…
The passwords of millions of Facebook users were accessible by up to 20,000 employees of the social network, it has been reported. Security researcher Brian Krebs broke the news about data protection failures, which saw up to 600 million passwords stored in plain text. https://twitter.com/xmgz/status/1108969932417458177 Experts Comments Below: Paul Biscoff, Privacy Advocate at Comparitech: “Storing passwords in plaintext seems like a rookie mistake for one of the largest internet companies in the world. Hashing and salting passwords so they are not readable and cannot be turned back into a readable format has been standard practice for many years. Although Facebook says there…
Medical device company ZOLL has announced a data breach of patient information involving a third-party provider, stating: On January 24, 2019, ZOLL learned of a data security incident that impacted the personal and medical information of some patients. As a precaution, ZOLL is providing this notice to make potentially affected patients aware of the incident and provide information on actions ZOLL has taken in response, resources available to impacted patients, and steps they can take to protect themselves. ZOLL’s email is archived by a third-party service provider to comply with record retention and maintenance requirements, policies, and procedures. Some personal information was included in…
In response to reports from Windows Defender Security Intel that AmEx and NetFlix customers are being hit with well-crafted phishing campaigns to get their credit card information, an expert with Centripetal Networks offers thoughts. Colin Little, Senior Threat Analyst at Centripetal Networks: Phishing emails are one of the highest-risk intrusion methods to date. They are easy to craft, easy to deploy; they are aimed at our broadest, weakest attack surface: The endpoint, and its user. They are designed to make us afraid that if we don’t click on that link or open that attachment something bad will happen. Cyber criminals have been extremely successful at…