It has been reported that MITRE has built a prototype framework for information and communications technology (ICT) that defines and quantifies risks and security concerns over the supply chain – including software. MITRE’s so-called System of Trust (SoT) prototype framework is, in essence, a standard methodology for evaluating suppliers, supplies, and service providers.
ISBuzz Team
Following the news that: Web Tracker Caught Intercepting Online Forms Even Before Users Hit Submit https://thehackernews.com/2022/05/web-trackers-caught-intercepting-online.html
It has been reported that the notorious Conti ransomware gang has officially shut down its operation, with infrastructure taken offline and team leaders told that the brand is no more. This news comes from Advanced Intel’s Yelisey Boguslavskiy, who tweeted this afternoon that the gang’s internal infrastructure was turned off. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, Boguslavskiy told BleepingComputer that the Tor admin panels used by members to perform negotiations and publish “news” on their data leak site are now offline.
Media giant Nikkei’s Asian unit has been hit by a ransomware attack. While the extent of the attack and whether or not customer data was leaked is still unknown, Nikkei has been forced to shut down affected servers as they investigate further. This attack follows a 2019 incident where Nikkei lost $29 million in a single wire transfer due to a business email compromise scam.
It has been reported that multinational company Omnicell recently confirmed that it had experienced a data breach following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely to be disclosed in the coming weeks.
In a newly reported data leak, Social Security numbers, addresses, names, dates of birth, and phone numbers were accessible on the Texas Department of Insurance website: State website exposed 1.8 million Texans’ data over three years
According to The Telegraph, Britain’s Attorney General Suella Braveman will argue in a speech to Chatham House today that international law applies equally to equally in the cyber world as in the real world, where the principle of “non-intervention” in another country’s affairs allows states to take defensive countermeasures. The news comes off the back of Russia’s real-world and cyber-warfare activity in the Ukraine conflict. According to the Attorney General, she states could legally introduce sanctions as well as cyber countermeasures, provided they were “proportionate” to the unlawful attack by a hostile state. “International law matters in cyberspace because if…
Research from Onfido demonstrates the emotional cost of fraud is a breakdown of trust between consumers and brands Onfido, the leading global digital identity verification and authentication provider, today announces the results of a study revealing the emotional impact of fraud on UK consumers and how this is fostering distrust of brands responsible for keeping customers’ online identities safe. With the rate of identity fraud rocketing 44% since 2019 as fraudsters follow consumers online, 53% of UK consumers agree that they now fear their identity is available for purchase, while almost half (47%) agree that online service providers and platforms…
Researchers at NCC Group have created a new type of Bluetooth Low Energy (BLE) relay attack that can bypass existing relay attack protections. Excerpts: The Tesla Model 3 and Model Y employ a Bluetooth Low Energy (BLE) based passive entry system. This system allows users with an authorized mobile device or key fob within a short range of the vehicle to unlock and operate the vehicle, with no user interaction required on the mobile device or key fob.NCC Group has developed a tool for conducting a new type of BLE relay attack …This approach can circumvent the existing relay attack…
FLASH # MC-000170-MW details how cyber actors have been observed scraping credit card data from US business’ online checkout pages and maintaining persistence by injecting malicious PHP code. Summary As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the victim’s system by modifying two files within the checkout page. The FBI has identified and…