20 key swing states have non-.gov domains and can easily be spoofed to spread dis-information according to Steve Grobman, CTO of McAfee. Mike Bittner, Digital Security & Operations Manager at The Media Trust: “Government websites in general are popular targets of malicious campaigns because they make bad actors’ jobs easy. They are too often poorly secured; third parties/contractors that support them often have even poorer security measures; and the people and organizations that use them enter a lot of sensitive information. The root cause of these sites’ insecurity are increasingly strapped budgets that prevent government organizations from replacing legacy systems and…
ISBuzz Team
Streaming Thrillers Online For thrill seekers grabbing popcorn and looking to watch the brand-new Michael Myers classic Halloween from the comfort of their own home, streaming online movies is a popular option for many. There will be many looking to stream the latest blockbusters, and there will be a myriad of sites offering free access to such content. It is important to recognize that many illegal streaming sites could be hosting malicious content to infect your system. Sharing Risqué Images Online What is meant to be private, should stay private. Research from McAfee discovered that 39% of people have shared intimate photos with…
A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims. This ransomware was first spotted by MalwareHunterTeam who posted about it on Twitter. At the time, it looked like your standard small little C# ransomware with little or no distribution. It turns out, though, that this ransomware is being offered as a RaaS where affiliates can sign up and earn commissions. Marta Janus, Senior Threat Researcher at Cylance: “Ransomware as a Service has become quite popular in recent years due to several reasons. It’s a fairly uncomplicated piece of software that can be developed by entry-level programmers.…
Firewall automation projects are seemingly all the rage these days, with everyone looking to automate at least some portion of the process. Usually, the goal is to save time and money by automating firewall administration and policy management. However, these two categories have grown exponentially in scope and complexity in recent years, so automation projects often become much larger and time-consuming than originally intended and produce varied results. In some less-than-stellar cases, they even collapse all together, and people revert to the original manual processes they were seeking to automate. How can this situation be avoided? By taking a systematic…
It has been reported that another zero-day security hole in Windows 10 has been made public on Twitter. SandboxEscaper tweeted about the bug (and released a proof of concept), noting that it was difficult to exploit, but still unpatched. The vulnerability affects all flavors of Windows 10 – including the latest October 2018 Update, for those who have installed it – along with Windows Server 2016 and 2019. Tom Parsons, Senior Director at Tenable Research: “This is an elevation of a privilege zero-day vulnerability in Microsoft’s Data Sharing Service (dssvc.dll), which is used to broker data between applications. “It reportedly affects the very latest versions of Microsoft…
Despite concerns, 79% of UK merchants plan to introduce new payment types in the next two years as customers demand speedier and more efficient options More than half (52%) of online small to medium sized businesses (SMBs) globally worry that the move to frictionless payments, such as transactions that take place behind the scenes in apps, is leaving them more open to fraud and will negatively impact revenues according to a new report from Paysafe. In the UK this concern is heightened by the fact that two thirds (66%) of SMBs believe they are being more aggressively targeted by fraudsters now compared…
News broke afternoon of a study by Riskified an eCommerce fraud-prevention company, and IntSigns, who collected data on hundreds of thousands of illegal online purchases. The companies found that there was a 297 percent spike in the number of fake retail websites designed to phish for customer credentials from July to September 2017 to that same period in 2018. Corin Imai, Senior Security Adviser at DomainTools: “The fact that phishing has risen so sharply suggests that despite the warnings provided to the general public regarding cyber in recent years, carelessness is still costing millions of unlucky victims a year. It’s interesting that University-aged victims are singled…
The FBI has today put out a public service announcement regarding Gift card/BEC fraud which has cost businesses in excess of $1 million between January and August 2017. Corin Imai, Senior Security Adviser at DomainTools: “BEC fraud continues to be a scourge to businesses, and has now evolved beyond the bank transfer stage. Criminals are highly adaptable, and using gift cards as an alternative form of financial reward for their activities may be borne out of a belief that they are harder to trace than the bank transfer methods we have seen previously. Organisations issuing gift cards need to make sure that they…
Security industry experts have responded to Apple CEO Tim Cook’s keynote speech today at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, where Cook argued for a federal data privacy law, coining the phrase “data industrial complex.” Colin Bastable, CEO at Lucy Security: “Like the auto and tobacco industries years ago, the social media conglomerates are a consumer safety issue. They used to say “what is good for GM is good for America.” Now Silicon Valley claims to be the arbiter of all that is good for us, but we know how that ends – badly.…
Cathay Pacific has announced a data breach affecting 9.4m passengers. The key details are as follows 4 million passengers of Cathay and its unit Hong Kong Dragon Airlines Limited had been accessed without authorization 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed (no passwords compromised) Data includes names of passengers, their nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information. Suspicious activity was discovered in March, and the loss of personal…