Following the news that LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks – LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks – Infosecurity Magazine (infosecurity-magazine.com), information security experts reacted below.
ISBuzz Team
According to research published in April by the Ponemon Institute, on behalf of Intel, businesses will invest $172 billion in cybersecurity in 2022. But surprisingly only 53% of respondents said they refreshed their existing cybersecurity strategies due to the pandemic – which may signal a disconnect between the way businesses invest in cybersecurity and the realities of complex security operations.
Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below.
Researchers last week discovered a new DDoS botnet, tracked as Enemybot, that has targedted several routers and web servers by exploiting known vulnerabilities. Please find the expert comment below concerning the botnet, which targets multiple architectures, including arm, bsd, x64, and x86.
MetaMask, a cryptocurrency wallet and blockchain app gateway (https://metamask.io/) used by 21 mil+ investors, Tweeted a warning (raw link at bottom) to iOS users that if they have iCloud backup enabled, their wallets could be hacked if someone phishes their iCloud credentials. With iCloud backup enabled, a user’s crypto “seed” (a key to their account, typically ~12 words) may be used by anyone to steal their assets. @sentinelwtf founder @serpent shares that a MetaMask user (@revive_dom) lost $655k in a phishing attack: “MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the…
It has been revealed that LinkedIn takes the lead as the most impersonated in phishing attacks. Clearly, our identities are constantly under attack from various social engineering tactics.
Please see below expert comments on Funky Pigeon suffering a cyberattack. The comment focuses on the impact this could have on both the business and customers, and how organisations can protect themselves against cyberattacks.
It has been reported that the FBI, CISA and U.S. Treasury Department have issued a joint cybersecurity advisory warning all businesses in cryptocurrency to watch out for attacks from North Korean state-sponsored hackers. The full advisory can be viewed here. Within the advisory there’s also warning of how Lazarus attacks start by targeting employees of these firms, most often those in developer or DevOps roles.
It has been reported that Pegasus spyware is suspected to have been used to infect the 10 Downing Street network, researchers at Canadian internet security watchdog Citizen Lab have concluded. A device connected to that network was infected using the spyware on 7 July 2020, according to a report on the research by the New Yorker. The report added that the National Cyber Security Centre (NCSC) tested several phones at Downing Street including that of the prime minister – but was unable to locate the infected device. The full story can be found here: https://news.sky.com/story/pegasus-spyware-used-to-infiltrate-downing-street-network-report-12593092
As the Cash app breach story unfolds, it is clear why Zero Trust & Least Privilege Access matter. In the SEC disclosure of the breach, Block, Inc. (parent co) reported: “it recently determined that a former employee downloaded certain reports… While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended. “The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some…