A new smishing campaign, or text message phishing campaign, is targeting Nokia owners in India. These text messages pretending to be from Nokia and state that the recipient has won a lucky draw to win a car or money. These text messages state that the recipient has won either a Tata Safari or 1,260,000 Indian Rupees (roughly £13,500) and must call them to pay 6,500 Rs (roughly £70) in order to collect the prize. The text messages themselves claim to be from “Nokia.com online shopping pvt Ltd.co” and are filled with grammatical errors and other inconsistencies that would make it…
ISBuzz Team
This BBC article mentions that England’s health secretary, Matt Hancock, is set to meet with Instagram bosses as talks of new legislation bubble to keep children safe online. The article cites that a simple first step would be for parents to start with screen free dinners and screen free bedrooms alongside regular and open talks about dealing with online bullying. Jake Moore, Cyber Security Specialist at ESET UK: “Keeping our children safe online has never been more critical, but with so many dangers amidst the addictiveness of the internet it’s possibly going to be more difficult to tackle than we…
Vaporworms, a fileless malware is now coming of age and may be the next big threat enterprises will have to contend with this year according to senior security analyst Marc Laliberte of WatchGuard Technologies. https://twitter.com/tcmackin/status/1093275503367213059 Expert Comments below: Justin Jett, Director of Audit and Compliance at Plixer: “With fileless malware becoming common in 2019, it is even more important for IT professionals to deploy systems that allow teams to investigate breaches and attacks. A common goal for malware is data exfiltration, which takes advantage of the network to steal data from compromised systems. Because the malware doesn’t store files on…
Google is now offering a new Chrome extension called Password Checkup that is designed to let the user know if their credentials for any website has been compromised in a data breach. If the extension detects that your user name and password have been exposed on the Internet, it will let users know to change their password. https://twitter.com/Gadgetsdish/status/1093475766350856192 Ryan Wilk, VP of Customer Success at NuData Security: Every effort counts in the fight to secure and manage passwords. Passwords, while mostly compromised, are still in use, so this will help end users realize their passwords are not as safe as…
More than 59,000 breach notifications have been reported to regulators of the General Data Protection Regulation (GDPR) since it was introduced on May 25, 2018, according to new findings from DLA Piper, a global law firm. Expert Comments below: Chris Olson, CEO at The Media Trust: “No doubt, 2019 will be a banner year for GDPR fines. Last year’s total of 60 foreshadows what’s to come: a consumer movement building up steam against growing surveillance of their behavior, governments responding to consumer outrage by regulating data, and large companies like Cisco, Apple, and Microsoft joining the clarion call for more…
Eskom, South Africa’s state-owned electricity company, left a database containing a swathe of financial data from their customers including name, card type, partial card numbers and CVV codes unsecured without a password. The exact number of customers affected is unknown but Eskom accounts for approximately 5.7 million customers across South Africa, according to 2016 estimates. The company also has a Trojan on one of their networked, corporate devices due to a senior infrastructure advisor downloading a fake SIMS 4 game installer. Expert Comments below: Kevin Gosschalk, CEO at Arkose Labs: “The public exposure of customer data, such as Eskom’s account IDs, is not…
In light of the news that Google has launched an extension, “Password Checkup”, that will show a warning when it detects a password that has been exposed online, IT security experts commented below. Jake Moore, Cyber Security Expert at ESET UK: “This is an excellent way to remind many people about their possibly weak or compromised passwords that need to be updated. It would be an incredible feat to have not had one of your passwords stolen in a data breach in recent years, so hopefully Google’s new tool will be a way of highlighting this and reminding you to…
WhatsApp says it is deleting 2m accounts per month as part of an effort to blunt the use of the world’s most popular messaging app to spread fake news and misinformation. The Facebook-owned service published the data as part of a white paper on “stopping abuse” that was launched on Wednesday in India, the biggest market for the company with more than 200m users. Corin Imai, Senior Security Advisor at DomainTools: “While this is of course a welcome response to fake news by WhatsApp, stopping the spread of fake news which is already in circulation can only do so much,…
he Kaspersky Lab DDoS Q4 Report covering statistics of the last quarter and the whole of 2018 highlights a 13% decline in the overall number of DDoS attacks when compared with the statistics from the previous year. However, the duration of mixed and HTTP flood attacks is growing, which suggests that malefactors are turning to more sophisticated DDoS attack techniques. The low cost of DDoS-as-hire makes such attacks one of the most affordable cyberweapons for evil competitors or internet trolls. Businesses, regardless of their size or industry, can face this threat and suffer revenue and reputation losses in case legitimate…
Recorded Future, in partnership with Rapid7, published a new report that underscores the vulnerabilities that third parties introduce to organizations. The report details a new sustained cyber-espionage campaign by a Chinese threat actor targeting Visma, a major European managed service provider, an international apparel company, and a U.S. firm that does IP law for the pharmaceutical, tech, biomedical and automotive industries. By targeting managed service providers, the attackers are exploiting the trust companies place in the security of their technology partners. The campaigns were designed to steal IP and to create launching pads for attacks on third-parties associated with the…