Following the news that Illusive research reveals identity risks on 1 in 6 endpoints, Cyber Security Expert, highlights the problem with poorly managed or configured identity and the need for tools to help manage account access and identity.
ISBuzz Team
Amazon was the most impersonated brand in email phishing attacks in 2021, according to a report from AtlasVPN. In 2018, 17.7 percent of brand phishing emails impersonated Amazon, while 16.5 percent impersonated the global logistics company DHL and 12.7 percent impersonated the eSign software company DocuSign. Community payments platform PayPal came in fourth as its services were used in more than five percent of brand impersonation scams. Google (3%), LinkedIn (3.5%), Microsoft (3%), the web hosting provider 1&1 (2.5%) and British telecom O2 (2.3%) also made the list.
Following the news that a researcher posing as a 13-year-old was able to access adult content on the Metaverse, it’s clear that metaverse creators will need much more effective age verification to protect children from harm, and thus create trust in their platforms. It’s possible to eradicate the age-old trick of simply using a fake identity that claims to be older than you are, argues cyber security experts. It will take new, powerful verification technologies in the sign-up process and continuously throughout the use of the platform.
Ukraine’s Ministry of Defense on Tuesday said it had been hit with a cyberattack amid heightened tensions with Russia and concerns Moscow could launch aggressive actions against the country, including a potential ground invasion. In addition, at least two Ukrainian banks and some ATMs lost connectivity, according the Ukrainian Center for Strategic Communications and Information Security, which is part of the Ministry of Culture and Information Policy.
Researcher Mr.dox discovered a way to steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client with a browser running in kiosk mode. Knowing that companies such as Google & LinkedIn now detect the use of reverse proxies commonly used in MiTM attacks, this method was no longer useful to attackers, so he came up with a clever work-around using the noVNC program. Excerpts: Essentially, noVNC allows the web browser to act as a VNC client to remotely access a machine. So how do we use noVNC to steal credentials & bypass…
Includes large enterprises that wish to provide an extra layer of protection and user convenience, and SMBs with limited security budgets LastPass, the global leader in password management, today released the findings of an IDC Global Survey on Identity and Access Management by LastPass. The survey revealed that “balancing company security requirements and the employee user experience” is the number one identity challenge, followed by “employees struggling with too many passwords.” As organisations continue to face the challenges of managing a higher volume of remote employees who need to access different tools and systems outside of a traditional office, leaders…
It has been reported that new research from PSA Certified 2022 was released yesterday. With regard to IoT security, the survey indicates a positive trend towards increasing the importance placed on security by companies. Almost nine out of ten (89%) believe that security is important to them, and almost half (47%) say that it is one of their top three business priorities. Furthermore, 42% of those who responded to the survey ranked building a “security first culture” as their top organisational objective.
A major US-based kitchenware giant Meyer Corp has disclosed a cyber attack that may have led to the exposure of employee data. Meyer discovered an external hack to their employee database system, but is yet to confirm the number of employees impacted and the extent of the data breach.
The Greater Manchester Police have managed to return $22.3 million (equivalent to £15m*) in virtual currency to its rightful owners after successfully bringing down a dodgy crypto savings and trading service. To ensure the thugs behind this con are brought to justice, specialist officers from the Manchester police force were able to seize approximately 150 bitcoins totaling about $18 million (£12m). So far 23 claimants have been verified by police and had their money returned. Detective Chief Inspector Joe Harrop, an economic and cyber crime expert from the Greater Manchester Police force said “It is becoming apparent that these scams…
With a cyber rapid-response team (CRRT) now being deployed across Europe after a call for help from Ukraine, and a full-scale Russian invasion imminent, cyber attacks are highly likely. With the EU proactively responding to the threat, organisations should follow suit and ensure their protection is up to speed.