This week is Mental Health Awareness Week (9-15 May), which was founded by the Mental Health Foundation 21 years ago. With a large percentage of our time now spent online, the Internet has a massive impact on our mental wellbeing. As a result, falling victim to cybercrime or online scams can be an incredibly distressing experience. According to the Open University: “while the negative impact of online fraud on the victims might appear to be solely financial, a study by Button et al. (2014) found that in addition to financial hardship, some victims might experience negative effects on their mental…
ISBuzz Team
According to the FBI, business email compromise (BEC) and email account compromise (EAC) losses have surpassed $43 billion globally. (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. STATISTICAL DATA The BEC/EAC scam continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars. Derived from filings with financial institutions between June 2016 and December 2021: Domestic and…
Despite employees knowing the risk of bad password habits, many continue to recycle the same passwords out of convenience. However, 95% of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts throughout the year, highlighting the need for more education on password practices.
This week is the anniversary of the Colonial Pipelines attack, which saw one of the biggest pipelines in the US temporarily shut down, following a ransomware attack by DarkSide, a ransomware-as-a-service group that is believed to be linked to Russia. Not only did the attack affect millions but heralded a new era of cybercrime. In a world where critical infrastructure relies on an ever-increasing amount of technology, it’s caused real momentum as the cybersecurity sector looks to make software supply chain security a top priority.
It has been reported that F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. Its exploitation can potentially lead up to a complete system takeover. Commenting on this story,
President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement measures that would mitigate risks posed by quantum computers to US national cyber security. The NSM outlines the risks of cryptanalytically relevant quantum computers (CRQC), such as their likely ability to brake current public-key cryptography. More information: https://www.bleepingcomputer.com/news/security/white-house-prepare-for-cryptography-cracking-quantum-computers/ Memorandum: https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/
This morning the National Institute of Standards and Technology released new guidance on securing the supply chain against cyber-attacks. In response, please see below comments from cybersecurity expert who outlines the positive nature of this NIST guidance, exploring how supply chain attacks are becoming increasingly popular targets, and why it is more critical than ever to manage the cybersecurity of the supply chain.
OpenSea has announced a vulnerability and is advising all to avoid clicking on a suspicious link. This is not the first time OpenSea has had a phishing-related incident and shows the need for greater care in our own security.
According to the HIPPA Journal, The US Department of Health and Human Services (HHS) has failed their security audit for a fourth consecutive year. The audits were conducted for the HHS’ Office of Inspector General (OIG) to confirm compliance with the Federal Information Security Modernization Act of 2014 (FISMA) for fiscal years 2018 through 2021. Audits were conducted at five of the HHS’ 12 operating divisions and all resulted in the program receiving a ‘not effective’ rating. The HHS was found to have failed in all divisions to fully implement a continuous diagnostics and mitigation (CDM) strategy and stated that “The…
The WSJ is among outlets reporting that Grindr User Data Has Been for Sale for Years, noting: “The information was available for sale since at least 2017, and historical data may still be obtainable, the people said. Grindr two years ago cut off the flow of location data to any ad networks, ending the possibility of such data collection today, the company said…” and “National-security officials have also indicated concern about the issue: The Grindr data were used as part of a demonstration for various U.S. government agencies about the intelligence risks from commercially available information, according to a person…