It has been reported that, according to new research, cyber attacks due to working from home have cost businesses £374million since the Covid crisis began. A survey of top finance and risk professionals at UK-listed companies found almost two-thirds of firms had suffered a cyber attack or data breach in the first 18 months of the pandemic. The majority of these attacks – 82 per cent – could be attributed to tech issues or behaviour related to working from home.
Author: ISBuzz Team
Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.
According to new data from Action Fraud, UK individuals were victims to 8957 dating scams between 1st Jan 2021 to 1st Jan 2022, which collectively cost them over £96.8 million pounds. This is a major rise on the previous year, with the data showing that there were only 644 reports of dating scams between 1st Jan 2020 to 1st Jan 2021, which cost their victims over £5.4 million. These figures show that dating scams are becoming the attack of choice for fraudsters today, and that UK consumers must be vigilant for them this coming Valentine’s Day. Dating scams typically involve…
Three new UK firms have just joined the Four Day working week pilot as employers look for ways to improve worker productivity and health to create a more sustainable work environment. However, for cybersecurity staff across the world, work must be ‘always on’. Threats are increasing in volume and severity. At the same time, cyber teams’ mental wellbeing is suffering under stress. Is it really possible for those constantly monitoring and mitigating threats to take a day off?
Information security exoerts commented below on the dangers of romance fraud as cybercriminals take advantage of loneliness on online dating apps in the build up to Valentine’s Day.
Following the news that Let’s Encrypt, a free-to-use non profit will begin revoking certain SSL/TLS certificates issued within the last 90 days which could impact millions of active Let’s Encrypt certificates.
Please see below comments by Industry leaders on White House’s Office of Management and Budget (OMB) Federal strategy to move the U.S. Government toward a “zero trust” approach to cybersecurity.
Another critical open source vulnerability has been discovered. This time it is in a popular component used in major Linux distributions and some UNIX-like operating systems, so it has the potential to impact software development organisations far and wide. PolKit, which provides methods for nonprivileged processes to interact with privileged ones, has been assigned CVE-2021-4034 and dubbed “PwnKit.” Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center and Travis Biehn, principal security consultant at Synopsys Software Integrity Group shares their thoughts on the incident.
Reuters yesterday reported Canada’s foreign ministry hacked, services hit. The incident, which was originally detected last Wednesday, has left some internet and internet-based services currently unavailable. As on Monday night, Canadian cybersecurity officials were still working on restoring those internet services.
As the UK’s first ever security strategy shows, delivering change will rely on strength in numbers.
