As reported by SecurityAffairs, in September 2021, the Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons. Graff decided to pay a £6m ($7.5 million) ransom to Conti to avoid the leak of its customers’ data and sued its insurance company Travelers for refusing to cover the ransom payment. It seems that the initial request of the Conti gang was $15 million, but it was halved after a negotiation with the cybercrime gang.
ISBuzz Team
The UK technology sector has a talent shortage which could “stifle growth”, an industry body has warned. Liz Scott, from TechNation, said it was “a real issue” which must be rectified. There were more than two million UK job vacancies in tech last year, more than any other labour area, but an industry coalition says nearly 12 million workers lack essential digital skills. The government told the BBC it was working very closely with industry on digital skills training. However, schemes like boot camps, apprenticeships and degree apprenticeships do not seem to be enough to address the gap. More information: https://www.bbc.co.uk/news/technology-62098767
The Daily Dot is reporting that mental health app Feelyou patched a vulnerability this weekend that saw the email addresses for its nearly 80,000 exposed online. Up until last week…, anyone could obtain the personal email addresses of users and link them to anonymous posts by simply accessing the app’s GraphQL application programming interface (API), which did not require any authentication to do so. … a malicious actor with access to the API could have scraped all the data en masse. The issue was discovered by security researcher maia arson crimew and affected the app’s 77,967 users in 177 countries. After checking…
In response to reports that a synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack, cybersecurity experts reacted below.
The Wordfence Threat Intelligence team is reporting on a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This is an ongoing campaign targeting an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which though previously disclosed, had not been patched they closed the plugin. “As the plugin was closed without a patch, all versions of the plugin are impacted by this vulnerability. The vulnerability can be used to upload malicious PHP files to an affected website, leading to code execution and complete site takeover. “We have blocked an average of 443,868 attack attempts per day against the network of…
It has been reported that a major cybersecurity bug detected last year in a widely used piece of software is an “endemic vulnerability” that could persist for more than a decade as an avenue for hackers to infiltrate computer networks, a U.S. government review has concluded. “The Log4j event is not over,” the report said. “The board assesses that Log4j is an ‘endemic vulnerability’ and that vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer. Significant risk remains.” The findings were the first of their kind to be issued by the Cyber Safety Review…
U.S. FTC Vows to Crack Down on Illegal Use and Sharing of Citizens’ Sensitive Data U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens’ Sensitive Data (thehackernews.com)
Security Affairs reported on a Microsoft analysis of a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. – The landing pages used in this campaign were designed to target Office 365 authentication process by posing as the Office online authentication page. Microsoft researchers noticed that the operators behind this campaign use the Evilginx2 phishing kit as their AiTM infrastructure. – Microsoft recommends organization to adopt MFA implementation “phish-resistant” by using solutions that support Fast ID Online (FIDO) v2.0…
The U.S. Department of Homeland Security (DHS) has released the first report by the Cyber Safety Review Board (CSRB), which includes 19 actionable recommendations for government and industry to address the continued risk posed by the Log4j zero day vulnerability.
Pluralsight – the workforce technology development platform has today released its latest data – from June 2022 – around the most popular technology courses across different in-demand skills. The key findings are: The most popular course was on Microsoft Azure Services and Concepts.Coding courses ranked in the top 4 most popular courses last month – Angular came in second, following by JavaScript and C#.Learners were keen to learn the fundamentals of AI with the most popular AI courses looking at the big picture and the basics.The cloud ranked as the most popular digital transformation course. Top 5 Most Popular Courses …