BACKGROUND: Meta has announced plans to delay the global rollout of end-to-end encryption (E2EE) across its messaging applications to 2023. The company previously said it would have E2EE across all its products by 2022 at the earliest. Meta said it would be taking additional time to ensure the implementation across Facebook Messenger and Instagram is done correctly, protecting privacy while also mitigating the risk of online harms.
ISBuzz Team
BACKGROUND: UK National Cyber Security Centre (NCSC) issued a Black Friday warning to more than 4,000 retailers whose customer data was being stolen. The thefts were due to known, but unpatched vulns in the popular e-commerce platform Magento and were based upon reported breaches over the past 18 months. During the checkout process, known vulnerabilities in the program allowed hackers to divert payments and steal customer PII. Excerpt: The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has…
BACKGROUND: In ‘Zelle Fraud’ Scam: How it Works, How to Fight Back, Brian Krebs does a “deep dive” into just how the scam works. He interviews Ken Otsuka, of CUNA Mutual Group to discuss the process and weaknesses inherent in the current system that allow this scam to occur.
BACKGROUND: It has been reported internet infrastructure company GoDaddy has admitted that a hacker gained access to the personal information of more than 1.2 million customers of its WordPress hosting service. In documents filed with the US Securities and Exchange Commission earlier today, GoDaddy said it discovered the breach last week, on November 17, after noticing “suspicious activity” on its Managed WordPress hosting environment. The subsequent investigation found that a hacker had access to its servers for more than two months, since at least September 6.
BACKGROUND: Utah Imaging Associates (UIA), a Utah-based radiology center, has announced a data breach affecting 582,170 people after their personal information was exposed. According to the data breach notification sent to affected individuals, the security incident was discovered on September 4, 2021, and was remediated on the same day. However, the initial network infiltration happened on August 29, 2021, allowing the threat actors to explore UIA’s internal systems and potentially steal data for about a week. The subsequent forensic investigation carried out revealed that the unauthorized network intruder had access to patient medical records and social security numbers.
BACKGROUND: The new Telecoms Security Bill has received now Royal Assent and passed into law legislation. The aim of the bill is to boost the security of the UK’s public telecoms networks and services and protect against the threat of high-risk equipment suppliers.
BACKGROUND: As reported by BBC News, WhatsApp is rewriting its privacy policy as a result of a huge data protection fine earlier this year. Following an investigation, the Irish data protection watchdog issued a €225m (£190m) fine – the second-largest in history over GDPR – and ordered WhatsApp to change its policies.
BACKGROUND: Fraudulent activity is on the rise at some of the largest buy now, pay later (BNPL) platforms in the industry, which include Klarna, Afterpay and Affirm. With warnings of BNPL fraud particularly timely as Black Friday kicks off the critical holiday shopping season next week. Criminal gangs are exploiting weaknesses in the application process for BNPL loans using clever tactics to slip through undetected and steal items ranging from pizza and booze to video game consoles.
BACKGROUND: Earlier this week, researchers at AT&T Labs revealed the BotenaGo, a botnet with the potential to infect millions of routers and IoT devices. The research team at AirEye, the industry’s leading network airspace protection company, immediately recognized this as an example of “Antenna for Hire.”
BACKGROUND: Fleming from GCHQ and Nakasone from the USA’s NSA met to address how both nations today face strategic threats in an interconnected, digital world that seek to undermine their shared principles, norms, and values.They agree that strategic engagement in cyber-space is crucial to defending our way of life, by addressing these evolving threats with a full range of capabilities.