Link to the whole report: Easy Ways to Spot Misinformation & Fake News in 2022.Some of our coolest findings include: 87% of social media users believe they have encountered disinformation bots.More than half of them (55%) have reported suspicious activity online at least once.While 61% declare they can spot disinformation, most of them (67%) had problems with deciding if our examples of posts came from real users or from propaganda bots.Over 65% think that social media should add features explicitly for reporting fake news, disinformation, and war propaganda.A compilation of tips on how to spot fake news. Enjoy a bunch…
ISBuzz Team
Identity Management Day on April 12 is a global day of awareness to educate about the importance of managing and securing digital identities. Industry leaders commented below on the importance of identity management.
CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus. Overview Synopsys Cybersecurity Research Center (CyRC) research has identified a stored cross-site scripting (XSS) vulnerability in Directus, a popular open source headless content management system (CMS) built in JavaScript. Directus is a web-based admin application that allows users to view and manage content and collections. The issue found in the Directus App is CVE-2022-24814: Stored XSS in file upload of Directus Note: A similar issue was previously reported in CVE-2022-22116 and CVE-2022-22117; however, the mitigation implemented for these issues in Directus 9.4.2…
As reported by Hacker News, A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. Traffic direction systems are used by threat actors to determine whether or not a target is of interest and should be redirected to a malicious domain under their control and act as a gateway to compromise their systems with malware. What makes Parrot TDS stand out is its huge reach, with increased activity observed in February and March 2022, as its operators have primarily singled out servers hosting poorly secured WordPress sites…
Following the news that Microsoft announced the Windows Autopatch-Microsoft Autopatch feature to make Patch Tuesday ‘just another Tuesday’ for enterprises (computing.co.uk), IT security experts commented below.
Following the news that Italian luxury fashion house Zegna has just confirmed it was victim of a ransomware attack in August 2021, joining Moncler, Boggi Milano and Guess, amongst others, that have been victims, Industry leaders commented below on how data exfiltration is the common thread between all ransomware attacks.
The new report from Cobalt The State of Pentesting 2022: How Labor Shortages Are Impacting Cybersecurity and Developer Professionals finds that the lack of qualified people has become the No. 1 problem for security pros and especially pen testers, and notes: “The majority of vulnerabilities stem from not staying on top of configurations, software updates, or access management controls – these are common and easily preventable security flaws. To proactively fix and prevent these vulnerabilities, both security and development teams need access to more resources, particularly manpower, which can be hard to come by thanks to talent shortages.”
A configuration error exposed millions of internal records at Fox News.
New research suggests that cyber-attacks on supply chains increased by 51% in the last six months of 2021. Organisations have an opportunity to reduce their third-party risk by clarifying whether they or their suppliers are responsible for supply chain risk management, according to new global research of 1400 cyber security decision makers by NCC Group. Around one in three (36%) said that they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said that their company and its suppliers are equally responsible for the security of supply chains.
As reported by Vice, WonderHero, a cryptocurrency-based play-to-earn game, announced on Thursday that it was suspending all services after the price of its token crashed dramatically after a hacker was able to mint the game’s token and cash out for around $300,000. In an official announcement, WonderHero confirmed that “there was an attack on our cross-chain bridging withdrawal,” and that “ the attackers managed to get the signature and minted 80M $WND,” referring to the game’s cryptocurrency.