A new study shows Australia is experiencing an unprecedented surge in online scams with a record $324 million stolen in 2021, up from $176 million in 2020, marking an 84% increase. Australian Capital Territory residents were scammed more often but victims lost less money compared to other states and territories. Residents filed the No. 1 most complaints with the ACCC per capita with 5,556 reports per 100,000 residents. Yet victims lost least amount of money with an average of $697 per scam. Social Catfish today released a study on the State of Online Scams in Australia after analyzing data from…
ISBuzz Team
The Internal Revenue Service has declared spear phishing to be the 8th item on the 2022 “Dirty Dozen” scams warning, adding that even after tax season has passed, “Spear phishing remains one of the biggest threats to the tax industry and other client-based enterprises.” The alert also notes: Spear phishing is an email scam that attempts to steal a tax professional’s software preparation credentials. These thieves try to steal client data and tax preparers’ identities in an attempt to file fraudulent tax returns for refunds. Spear phishing can be tailored to attack any type of business or organization, so everyone…
Following the release of the UK’s Digital Strategy, please see below comments from cyber security expert.
A new study from BestBitcoinExchange.io has assessed which of the top crypto exchanges have suffered the worst hacks in the past, which are the safest to trust going forward, and which should be avoided. The experts analyzed data from the top 25 crypto exchanges over the last ten years, to identify which are the most susceptible to hacks, and which are the safest exchanges to store your cryptocurrency. Key findings of the study include:
Log4j was one of the most widespread vulnerabilities of all time – however, 6 months after a patch arrived, the problem has not disappeared. Fresh data from Darktrace competitor ExtraHop, shows that cybercriminals are continually scanning for Log4j vulnerabilities. The network detection and response (NDR) player tracked scan attempts for the Log4j vulnerabilities month by month, showing the volume of attempts by cybercriminals to take advantage of this widespread vulnerability: December 2021: 20,000 scansJanuary 2022: 34,000 scansFebruary 2022: 128,000 scansMarch 2022: 147,000 scansApril 2022: 159,000 scansMay 2022: 20,000 scans
According to a Cloud Security Alliance survey on cloud security issues, insufficient identity, credential, access and key management for privileged accounts is the top concern around cloud cybersecurity. Cloud Security Alliance is a not-for-profit that promotes best practices for cloud computing. Top issues revealed: Insufficient Identity, Credential, Access, and Key Mgt, Privileged AccountsInsecure Interfaces and APIsMisconfiguration and Inadequate Change ControlLack of Cloud Security Architecture and StrategyInsecure Software DevelopmentUnsecure Third-Party ResourcesSystem VulnerabilitiesAccidental Cloud Data DisclosureMisconfiguration and Exploitation of Serverless and Container WorkloadsOrganized Crime, Hackers & APTCloud Storage Data Exfiltration Conclusions: Insufficient Identity, Credentials, Access, and Key Management holds the top spotMisconfiguration and…
New Emotet Variant Stealing Users’ Credit Card Information from Google Chrome New Emotet Variant Stealing Users’ Credit Card Information from Google Chrome (thehackernews.com)
According to the verge.com Google Chrome has built-in phishing detection that scans pages to see if they match known fake or malicious sites (using more than just the URL, since scammers rotate those more quickly than it can keep up). Google also says that, in Chrome 102, it will use machine learning that runs entirely within the browser (without sending data back to Google or elsewhere) to help identify websites that make unsolicited permission requests for notifications and silence them before they pop up.