Save the Children Foundation has revealed that the charity was targeted by fraudsters last year, leading to the loss of $1 million. Speaking to the Boston Globe, the US arm of the non-profit, which supports children worldwide, said that con artists managed to compromise an employee’s email account in order to masquerade as the staff member in question. Javvad Malik, Security Advocate at AlienVault: “We continue to see such attacks against businesses whereby emails are sent to trick recipients into sending money or other details. Because these are standard emails, there are little technologies can do to protect. Therefore raising user awareness is vital…
ISBuzz Team
US President Trump, the United Nations, and Google have all earned themselves a position as some of the worst password offenders over 2018. Weak passcodes, the use of terrible passwords — such as “123456” or “QWERTY” –and a failure to change your account credentials on a regular basis have all, for years, been cautioned against for the sake of security. Mayur Upadhyaya, Managing Director, EMEA at Janrain: “Weak passwords fall victim to the same exploit as breached passwords: credential stuffing. This is an automated attack that attempts login to sites and applications with user credentials that have been harvested or by simply guessed.…
Last month, Trump re-imposed sanctions on Iran and hackers have since upped their focus on hacking personal emails of American officials involved in enforcing those sanctions from the U.S. Treasury. The AP is reporting on this – using data from Certfa as the primary source on tracking. Commenting on this news is KnowBe4’s new Senior VP of Cyber Operations, Rosa Smothers. She is a former CIA Technical Intelligence Officer whose experience primarily fell in the Center for Cyber Intelligence and the Counterterrorism Mission Center. Rosa Smothers, Senior VP of Cyber Operations at KnowBe4: “Attribution is often difficult based solely upon technical data but this…
The Higher Education sector increasingly attracts hackers due to huge amounts of critical information its systems store. This data refers to personal information of employees and students along with top universities’ research materials. The research conducted by EdGuards Company, describing cybercrime development in the U.S. Higher Education sphere and notorious incidents caused by malefactors’ activity, reveals that a starting point of data breaches dates back to 2002. Higher Education cyber attacks initiated The first deal of cyber criminals in Higher Education was an attack on Yale’s system in 2002 by hackers from Princeton University. A target of the espionage was…
A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. The document recounts incidents in which infected ships were stranded because malware caused their computerized navigation to fail, and there were no paper charts to fall back on; incidents where fleet owners paid off ransomware demands to keep ships at sea safe, and where the entire digital infrastructure of a ship at sea failed due to malware that…
Logitech has released a patch on a bug that could have allowed hackers to implement keystroke injection attacks in Options, a Logitech app that lets users customize buttons and the behavior of their mice, keyboards, and touchpads. Pat Ciavolella, Digital Security and Operations Director at The Media Trust: “The Logitech Options bug illustrates how apps are being developed without adequate attention to security and privacy. The fact that it took more than 90 days to develop a patch and communicate it to the public, and only after a Google security researcher threatened to make the bug public, is unacceptable. With…
Many US workers were startled today when finding an extortion note in their work email threatening to set off a bomb unless they sent money. Law enforcement authorities say millions of these emails were sent to businesses, colleges, media organizations and courthouses. Ryan Wilk, VP of Customer Success at NuData Security: “It is estimated that between 2018 and 2023 criminal data breaches will expose 146 billion records, growing at a rate of 22.5% per year according to Juniper Research. Within those records of which over 30 billion have been exposed to date are everything from social security numbers to corporate…
News is breaking that Facebook has exposed the private photos of an estimated 6.8 million users, due to an API bug. The bug allowed access to photos beyond the third-party app request, pulling their timeline photos, Facebook Stories, Marketplace photos, in addition to photos they’d uploaded to Facebook but never shared. Facebook says the bug impacted users between Sept. 13 to Sept. 25, 2018. The company has said users impacted by this Facebook API bug have been notified with an alert (notification) in Facebook. IT security experts commented below. Mark Weiner, CMO at Balbix: “Facebook failed to report this bug…
News has broken that security researchers at Slovakia’s ESET have identified a new banking Trojan that bypasses PayPal’s two-factor authentication (2FA) to steal funds – waiting until users have fully logged in before enabling its exploit. The multifaceted malware also has a secondary function, downloading HTML-based phishing overlay screens for five apps – Google Play, WhatsApp, Skype, Viber, and Gmail – an initial list that can be dynamically updated. ESET discovered the malicious software in November. Corin Imai, Senior Security Advisor at DomainTools: “Phishing campaigns centred around mobile devices are on the rise. This campaign should be of particular concern to PayPal users, particularly…
A cyberthreat group using malware tied to the Sony Pictures hack of late 2014 is attacking nuclear, defense, energy, and financial companies in what appears to be a campaign to gather information for future exploitation. In October and November alone, the malware has appeared on systems belonging to at least 87 organizations, most of them in the US, McAfee said in a report this week. Sam Curry, Chief Security Officer at Cybereason: “For the last decade, utilities and power companies have been among the least well protected of all critical infrastructure providers; and this is only now changing as regulations and attention…