The FBI, CISA, and NSA today jointly warned critical infrastructure organizations to adopt a heightened state of awareness and to conduct proactive threat hunting in order to block potential Russian state-sponsored cyber threats.
ISBuzz Team
As reported by The Irish Times, owners of more than 25 Tesla cars in 13 countries around the world may be surprised to learn that their vehicles have apparently been hacked into remotely by a security researcher in Germany, who says he has discovered a software flaw in the EV pioneer’s systems. David Colombo, a 19-year-old self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo also claimed he can see if a driver is present in the car, turn on the…
In the recent times of technological advancement, and as we get increasingly linked to the internet, cybercrime will only become worse. Ransomware had a great year in 2021, and it is almost certain that 2022 will be much more significant. Information security personnel will have to pay better attention to the attack vectors they are already tracking and widen their coverage to include new targets this year. This post will look at the most popular and latest cybersecurity threats for the last week. Latest Ransomware in 2022: “Night Sky” In 2022, new ransomware is dubbed ‘Night Sky’ to be aware…
The US NCSC and the Dept of State published defense guidance on protecting against commercial surveillance spyware. “Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections. In some cases, malign actors can infect a targeted device with no action from the device owner.” This guidance follows on news published by the Washington Post on Dec. 3rd of Pegasus spyware used to hack U.S. diplomats working abroad disclosing attacks that hit at least 11 US…
Following the news around the FBI warning that hackers are sending malicious USB drives to workers to launch cyber attacks on specific industries, Information Security experts reacted below on the danger of USB.
The Bangkok Post is reporting that almost 39 million health records were reportedly stolen from Bangkok Siriraj Hospital and are being offered on the dark web for sale. A poster on Raidforums.com that goes under the name of “WraithMax” offered to sell the data and supply a sample file via Telegram. The poster claims the data includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other information. Excerpts: “There was a large data leak concerning Siriraj’s patient records that has been offered for sale,” Dr Sutee Tuvirat, an information systems security professional, told the Bangkok Post.…
The director of the Cybersecurity and Infrastructure Security Agency today warned that the Log4j flaw could aid the nefarious activity of criminals and foreign governments for months or years to come, and voiced concern about long-term risks to networks that control U.S. critical infrastructure.
It turns out that criminals are running ‘scam schools’ on the internet, teaching budding swindlers how to steal bank details and use them to splurge on major retailers’ goods. Conmen sell detailed step-by-step guides — one named the ‘Fraud Bible’ — and individual online tutorials for as little as £25. They also charge between £1,000 and £10,000 for live training sessions.
US based FlexBooker incident report claims a massive DDoS attack on AWS allowed the theft of data from over 3 million user accounts. The report shows the attack began on Dec. 23rd and was resolved the next day with the help of AWS technical services. On his HaveIBeenPwnd.com site, security researcher Troy Hunt claims to have received the files said they contained data from 3.7 million accounts. He said “the data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. The data was found being actively traded on a…
Imperva Research Labs has released its analysis of recent Log4j related vulnerabilities including attack patterns, payloads and bypass techniques. Key data points: ● Imperva observed over 102M exploitation attempts since the disclosure on December 9. ● In the first 10 days, Imperva observed almost 1.3M exploit attempts per hour. Since the peak on December 23, there has been a general decline in the number of exploit attempts. ● The number of sites attacked peaked at 25K sites per hour. ● Commonly targeted industries are Financial Services (29.6%), Food and Beverages (12.4%) and Computing and IT (10.4%). ● Over 100 different…