A new wave of phishing attempts targeted at Apple customers comes in the form of subscription renewal email and has seemingly become widespread. While this isn’t a new type of phishing attempt, it seems to have picked up quite a bit of momentum in recent weeks. Essentially, the email poses as an official message from the App Store containing information about a new subscription agreement. Eyal Benishti, CEO and Founder at IRONSCALES commented below. Eyal Benishti, CEO and Founder at IRONSCALES: “This is not the first time the Apple brand has been spoofed and I’d wager it won’t be the last. This latest…
ISBuzz Team
A new malware that masqurades as ionCube files are plaquing WordPress sites according to Sitelock. The ionCube malware creates a backdoor to steal data or to inject different types of malware. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “Many consumer-oriented websites–retail, travel, etc.–use a script encoder tool to thwart those looking to scrape websites for intellectual property like pricing information. In the current scenario, it’s likely ionCube’s legitimate presence in a third-party plugin is being used to obfuscate malicious intent. The use of third-party code to penetrate a website is not…
A blunder by UK business Trustico has resulted in drastic action from RapidSSL who are immediately 23,000 website certificates around the world. Trustico accidentally emailed out customers private keys, which are meant to be kept secret at all times, compromising the security of all websites affected. In retaliation RapidSSL have announced that all of their Trustico certificates will be revoked by the end of today and, unless they are replaced, will render their respective websites useless. Nick Hunter, Senior Technical Manager at Venafi commented below. Nick Hunter, Senior Technical Manager at Venafi: “Bad things are more likely to happen anytime organisation…
Overnight, a German government spokesperson confirmed they are investigating a security breach of its defence and interior ministries’ private networks. A notorious Russian hacking group known as Fancy Bear, or APT28, is being widely blamed in German media. Matthias Maier, Security Evangelist at Splunk commented below. Matthias Maier, Security Evangelist at Splunk: “This disclosure from the German Interior Ministry highlights that every organisation can be targeted and hacked, regardless of its sector or industry. What continues to be key is how prepared organisations are to respond if all prevention techniques that have been deployed fail. In this instance the authorities, supported by specialists, need to…
Study reveals salary is not the highest priority for cybersecurity workers, who are more interested in a job where their opinions are valued, and they can protect people and their data (ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals – today published the report Hiring and Retaining Top Cybersecurity Talent. Based on a blind survey of cybersecurity professionals in the United States and Canada, the report reveals low numbers of highly engaged workers. Only 15% of respondents say they have no plans to switch jobs this year, while 14% plan to look for a new job and 70% are open…
One of the biggest things keeping business leaders up at night is how to prevent giving the game away. Gaining a competitive advantage means keeping your strategy from the hands of the opposition. In today’s world ‘the opposition’ has taken on new meaning. No longer are businesses simply rivalling their corporate counterparts, but they are now also fending off countless attacks from professional cybercriminals. Faced with a world where the goalposts are constantly shifting, the question on everyone’s lips is: how can you share sensitive information in a speedy, simple and secure way and avoid giving the game away? When you factor in the impending…
It has been reported that a newly uncovered form of Android malware called RedDrop has the ability to steal critical information from infected devices. The research was conducted by security company Wandera, which stated that RedDrop was able to harvest full audio recordings of phone calls and also had the capability of secretly sending SMS messages to a premium rate service, increasing the users phone bill. IT security experts commented below. Craig Young, Computer Security Researcher at Tripwire: “There is nothing new about this malware. This looks more like a very amateur trial run of Android malware rather than “one of the most sophisticated pieces…
DNS dictionary attack came from around 1,900 different hosts on over 650 varying networks A first of its kind IPv6 DDoS attack hit servers over the weekend, raising a red flag for the future era of cyber-crime, according to global web security firm, Neustar. The DNS threat – which was successfully defended against – came from approximately 1,900 different native hosts, on more than 650 networks. It targeted Neustar’s authoritative DNS service and highlights the worrying deployment of new methods being carried out by hackers. While Internet Protocol version 4 (IPv4) provides approximately 4.3 billion addresses, making it a risk in…
News broke yesterday that researchers identified a new ransomware, Thanatos. When this ransomware infects a victim, it uses a new key for each encrypted file. However, the problem is that these keys are never saved anywhere. This means that if a user pays the ransom, the ransomware developer does not have a method that will actually be able to decrypt each file. The good news is it may be possible to brute force the encryption key for each file. It’s also worth noting this is the first ransomware to accept Bitcoin Cash as a ransom payment. Andy Norton, Director of Threat…
Kaspersky Lab researchers have discovered vulnerabilities in a smart hub used to manage all the connected modules and sensors installed in the home. Analysis reveals that it is possible for a remote attacker to access the product’s server and download an archive containing the personal data of arbitrary users, which is needed to access their account and take control over their home systems as a result. While the popularity of connected devices continues to increase, smart home hubs are in high demand. They make house management much easier, combining all device settings in one place and allowing users to set them…
