In a bid to protect UK businesses and consumers from fraud, UK shoppers will now face more identity checks when spending online. Placed in action from yesterday, consumers will have to authenticate their purchase with three factors: something you know (e.g. PIN), something you are (e.g. biometrics) and something you have (e.g. mobile device).
ISBuzz Team
In Local Privilege Escalation Vulnerability in Linux (Dirty Pipe), Taiwanese hardware vendor QNAP is reporting that most of its (NAS) devices are vulnerable to a high severity Linux vulnerability which allows local access users to gain root privileges. Excerpts: A local privilege escalation vulnerability, also known as “dirty pipe”, has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x. Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.
Toyota, the world’s largest carmaker has halted production at all of its plants in Japan after a ransomware attack on a key supplier. This marks another major enterprise casualty as hackers continue to see rising success with ransomware attacks.
The Tribune (India) is reporting Over 60% of mid-sized Indian firms faced data breach in 2021. According to a survey released today by Cyber Security firm Sophos, over 60% of mid-sized businesses reported experiencing a data breach in 2021. Nineteen percent of companies discovered the attack within two weeks, but for fully 22 per cent, it took three to four weeks to discover the attack. 40% of them reported only learning of the attack from outside sources or on finding their data leaked online. Excerpts: While half of the respondents said they had discovered the attack when they were unable…
In response to reports that South Denver Cardiology Associates has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed, experts commented below.
Following the news that Fake Valorant cheats on YouTube infect you with RedLine stealer Fake Valorant cheats on YouTube infect you with RedLine stealer (bleepingcomputer.com), privacy expert highlights the danger of clicking unverified links on YouTube, and where you can find ‘legitimate’ cheats.
The UK has announced a roadmap containing initial plans to roll out a digital ID scheme and, naturally, there are some significant security concerns from experts in the field.
The US Securities and Exchange Commission (SEC) has proposed a new rule that would force public companies to disclose cyberattacks within four days. Industry leaders reacted on how this new rule will ensure that organisations are more transparent with their stakeholders.
According to Techmonitor, 48 percent of London boroughs have invested in cyber insurance, leaving 17 boroughs vulnerable to a significant loss in the event of a cyberattack. In the beginning of 2020, Hackney council was the victim of a phishing attack, where confidential information was compromised and the council incurred losses of £10 million. A study conducted by Ispos Mori and is currently funded by The Department of Digital, Culture, Media, and Sport showed that cyberattacks have both short- and long-term effects, making it extremely difficult for policy makers to fully understand the cost of an attack.
As reported by TechRadar, WhatsApp has released a new open source browser extension to help further protect those who use its messaging service on the web. WhatsApp’s Code Verify extension works with Cloudflare’s infrastructure to validate the code being delivered in WhatsApp Web. This prevents malicious actors from tampering with your software or masking unfavorable data. In addition to deploying Code Verify for WhatsApp Web, WhatsApp is also making its available on GitHub so that other companies can use it as well.