BACKGROUND: The Labour Party has suffered a major data breach, with members being emailed this afternoon to warn them information being stored by a third party may have been compromised.
Author: ISBuzz Team
BACKGROUND: In response to reports that the CISA has issued a new directive that forces federal civilian agencies to address at least 306 vulnerabilities commonly exploited during attacks, cybersecurity experts offer the following comments.
The Underminer exploit kit has surfaced numerous times since 2019, but here it is back again delivering the Amadey malware, as the Malwarebytes Threat Intelligence team found last week. Exploit Kit An exploit kit (EK), or an exploit pack, is a type of toolkit cybercriminals use to attack vulnerabilities in systems, for them to be able to distribute malware or perform other malicious activities. Exploit kits are packaged with exploits that can target commonly installed software, such as Adobe Flash®, Java®, Microsoft Silverlight®. A typical exploit kit usually provides a management console, a bunch of vulnerabilities targeted to different applications, and several…
BACKGROUND: In its November 1st notification Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims, the FBI warns: “Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections. Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.” In response, three experts offer perspective.
BACKGROUND: The ransomware group BlackMatter has developed a custom data exfiltration tool, dubbed Exmatter, that allows operators to easily target data of value, suggesting that they are looking to make their attacks faster.
BACKGROUND: It has been reported that some of the world’s most powerful, wealthy and famous people are thought to have had their personal details stolen by a cybercriminal gang which hacked into the computer systems of exclusive UK jeweller Graff. The data theft was carried out by Russian group Conti, believed to be based near St Petersburg, which has already leaked 69,000 confidential documents on the so-called dark web, according to reports. However, it is thought Graff believes the vast majority of people did not suffer any personal data loss – simply their name and address, which are typically available in the…
BACKGROUND: Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. The weakness is with digital text encoding standard Unicode, which allows machines to exchange data regardless of the language used.
The BBC report that a Squid Game crypto token collapses in apparent scam. A digital token inspired by the popular South Korean Netflix series Squid Game has lost almost all of its value as it was revealed to be an apparent scam. Squid, which marketed itself as a “play-to-earn cryptocurrency”, had seen its price soar in recent days – surging by thousands of per cent. However, as the BBC reported, it was criticised for not allowing people to resell their tokens. This kind of scam is commonly called a “rug pull” by crypto investors. This happens when the promoter of…
BACKGROUND: It has been reported that security researchers have gone public about a set of five vulnerabilities in telecoms stack software FreeSwitch. The quintet of flaws – all discovered by a team from German telecoms security consultancy Enable Security – lead to denial of service, authentication problems and information leakage for systems running FreeSwich.
Today 1st November, monetising YouTube channels will be required to set up 2-Step verification– if this has not already been set up, creators will not be able to access certain services until the account is secured with 2SV.
