HP researchers are reporting Attackers Disguise RedLine Stealer as a Windows 11 Upgrade. Windows 10 users are being duped into downloading a fake Windows 11 installers that are being used to spread the info-stealing RedLine malware. Excerpt: On 27 January 2022, the day after the final phase of the Windows 11 upgrade was announced, we noticed a malicious actor registered the domain windows-upgraded[.]com, which they used to spread malware by tricking users into downloading and running a fake installer. The attackers copied the design of the legitimate Windows 11 website, except clicking on the “Download Now” button downloads a suspicious…
ISBuzz Team
Breaking story – Analysts at Sancec have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. According to Sansec, the attack became evident late last month when their crawler discovered 374 infections on the same day, all using the same malware. The domain from where threat actors loaded the malware is naturalfreshmall[.]com, currently offline, and the goal of the threat actors was to steal the credit card information of customers on the targeted online stores.
The FCA has warned financial firms to strengthen their cyber-defences amid worries of rising cyberattacks against banks.
Men are less security-conscious in their homes than women, according to new UK studyPeople of the West Midlands are the most security-conscious in their homes, while the Scottish are the leastAlmost one in three Brits now own a security camera either inside or outside our home When it comes to home security measures, men are 35% less likely to have any in place compared to women, despite warnings about a rise in burglaries over the winter months, according to a new survey conducted by leading home security experts, SimpliSafe. The study found that women are also more likely to invest…
The personal data of more than 250,000 licensed professionals in Washington may have made it to the “dark web,” where identity thieves gather information to enact their various schemes. Personal information of some of the hundreds of thousands of licensed professionals potentially exposed in a breach of a Washington state database may already have shown up on “dark web” clearinghouses used by identity thieves. State investigators haven’t said whether Social Security numbers and other personal data were actually stolen from a database of more than 250,000 professional and business licensees used by the state Department of Licensing, agency officials said.
Express VPN is challenging researchers to crack into their TrustedServer challenging researchers to crack into their TrustedServer system with a $100K bug bounty. $100K Ground Rules: The first person to submit a valid vulnerability will receive an additional US$100,000 bonus bounty. This bonus will be valid until the prize has been claimed.Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience.Use only official channels to discuss vulnerability information with us.Keep the details of any discovered vulnerabilities confidential until they are fixed, according to the disclosure policy.Perform testing only on in-scope systems, and respect systems and…
The Digital Minister Chris Philp has announced that the Online Safety Bill will be significantly strengthened with a new legal duty requiring all sites that publish pornography to put robust checks in place to ensure their users are 18 years old or over. This could include adults using secure age verification technology to verify that they possess a credit card and are over 18 or having a third-party service confirm their age against government data. If sites fail to act, the independent regulator Ofcom will be able fine them up to 10 per cent of their annual worldwide turnover or…
Following the news that Microsoft took the decision to disable macros in Office docs by default after years of calls from the industry to do so, please find comment below.
As reported by The Record, Vodafone Portugal said yesterday that a large chunk of its customer data services went offline overnight following “a deliberate and malicious cyberattack intended to cause damage and disruption.” The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS, and voice/digital answering services all went offline following the attack. Vodafone is working to restore its services and also working with authorities to investigate the incident.