Microsoft overnight announced that it received 153,000 reports in 2017 from customers who’d come in contact with tech-support scammers via a cold call, spam, or the web. The reports from customers last year were up 24 percent on 2016, with filings coming from 183 countries. Despite being a well-known fraud, some 15 percent of Microsoft customers who reported incidents lost money. Losses were typically between $200 and $400 each. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “The fact that tech-support scams have been a well-known attack vector for some time now, and still seem to…
ISBuzz Team
Andrew Proctor, VP of IT and Operations at OpenVPN: “AdBlockers have a very close relationship with your web browser. They can typically see the actual data you load in your web browser and purposely manipulate pages loaded in Chrome to remove ads and trackers. Fake adblockers can typically manipulate pages in any manner they want and can inject any type of content they want, whether it be malware, clickjacking scripts, etc. Users of adblockers can better vet the adblockers they use by checking to see if they are open source, who the developers are and the track history of the developers/companies…
News broke that researchers at Symantec have discovered that a new cybercriminal group is installing custom malware onto the systems of organizations in healthcare and related sectors in order to conduct corporate espionage. The hacker group, dubbed Orangeworm, is mainly targeting American healthcare organizations, though there are a number of victims worldwide, including in Asia and Europe. Professor Giovanni Vigna, CTO and Co-Founder of Lastline commented below. Professor Giovanni Vigna, CTO and Co-Founder at Lastline: “Healthcare device are a enticing target for hackers, as they are not upgraded and monitored as aggressively as other components (such as desktops and laptops). Since the operating system of these devices possibly…
Company also publicly introduces its Behavioral Intelligence Program aimed at further improving security effectiveness and speed to remediation Lastline Inc., the leader in advanced network-based malware protection, today announced the results of its first comprehensive malware behavior report, the Q4 2017 Malscape® Monitor Report. This report is the first in an on-going series that will deliver previously unavailable trends and actionable insights into malicious behaviors and how threats unfold. The tens of millions of samples that Lastline analyzed for this report were for the most part scanned and released by other security solutions, meaning Lastline is literally “The Last Line of…
An AutoFill plugin offered to LinkedIn members was affected by a bug that could have allowed an attacker to steal users’ personal data without them knowing. LinkedIn has long offered an AutoFill button plugin for paying marketing solutions customers, who can add the button to their websites to let LinkedIn users fill in profile data with a single click. Unfortunately, little did uses know that they were exposing sensitive information like email addresses, telephone numbers and job details. Martin Jartelius commented below. Martin Jartelius, CSO at Outpost24: 1 – Overall, yes, users should not use autofill unless they are prepared to put their information at…
In response to the incident that Atlanta ransomware attack that saw residents unable to pay their water bills or parking tickets, while police and other public sector employees were having to write out their reports by hand, Channel 2 Action News has signed eight emergency contracts in response to the attack, including two $1 million agreements with private technology firms to assist the city’s information management and municipal court systems. Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “The ethical dilemma whether to pay or not to pay a ransom becomes very complicated today. This incident is a…
Earlier this month, the National Cyber Security Centre (NCSC) published a report listing ‘cryptojacking’ as one of the biggest cyber threats facing UK businesses. The report warned that up to 55% of businesses globally are already affected by these types of attacks, and that this figure is set to only rise as attackers exploit new techniques to hijack computers. But what exactly is cryptojacking, and how can technology be properly leveraged to protect businesses from this spiralling threat? Ben Williams, Director of Operations at Adblock Plus explains. “Cryptojacking is the act of secretly using another’s computing device to mine digital currencies. To…
The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front. The objective is to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches. The FDA also plans to create a document called “Software Bill of Materials” that will be provided for each medical device and will include software-related details for each product. The idea is to help device owners “better manage their networked assets and be aware of which devices in their inventory…
Following the news that the Ikea TaskRabbit app is finally back online after a data breach took it out for two days. Steven Peake, Pre-Sales Engineer at Barracuda Networks commented below. Steven Peake, Pre-Sales Engineer at Barracuda Networks: “The breach of the Ikea TaskRabbit app again highlights that personal identifiable information from web applications carries value and is a primary target for cyber criminals. The breach increases the affected users’ risk to fraudulent activities and leaves many of its users with a task to ensure the data cannot be used to exploit other internet services. It’s another reminder that businesses must continuously monitor web applications for…
F5 published The 2017 TLS Telemetry Report, the second in a series aimed to reveal the “cryptographic health” of the Internet. Having initiated this research in 2014, by 2016, the company began reporting on the state of TLS in its F5 Labs 2016 TLS Telemetry Report. With the benefit of nearly four years of data, they’ve observed some positive signs of progress and some lingering areas of concern. In this second report, F5 shares its key findings for 2017, based on a sampling of more than 20 million SSL/TLS hosts worldwide: TLS’s predecessor, SSL 3.0—which is now prohibited from use by the…
