If you speak to a CSO or a CIO about what is keeping them awake at night, you’ll probably hear a lot of concerns about the rising threat of ransomware and the challenges of fighting cybercrime in a business environment of ever-increasing external touch points and vulnerabilities. Despite the NCSC recently citing ransomware as the biggest cyberthreat to businesses, new data from the Information Commissioner Office (ICO) requested by Cisco reveals that basic human error and misplaced data are costing UK companies millions. Cisco Talos has the largest private threat-detection network in the world. And with nearly every internet connection in the…
ISBuzz Team
Reports are highlighting a rise in cyberattacks on transportation and shipping businesses, with shipping company Yodel identifying a cyber incident earlier this year, and the UK’s Department of Transport reporting nine attacks on the country’s transportation sector in August last year. In light of these reported attacks, I wanted to share new research from Trellix’s Advanced Research Center, which identifies the transportation and shipping sector as particularly at risk. Trellix’s global telemetry data from Q3 2022 unveiled indicators of compromise (IoCs) belonging to several campaigns from APT groups and ransomware campaigns. The research found the transportation and shipping sector was among those most…
A hospital in Versailles, near Paris had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said Sunday. Six patients had been transferred by Saturday evening — three from intensive care and three from the neonatal unit — said the minister, Francois Braun, as he visited the hospital. Others might follow, he added. The regional health agency (ARS) said the hospital had cancelled operations, but was doing everything possible to keep walk-in services and consultations running. Extra staff had to be called in to the intensive care unit because, while the machines there were still…
It’s the Log4Shell anniversary. Somehow, about a third of Log4j downloads are still of the vulnerable version. Why is that? And what is the IT industry doing wrong? What can organisations do? The Log4j vulnerability, one year later, shines a light on a lack of open source governance and visibility that still needs addressing across many organisations. This issue isn’t going away, and if it isn’t Log4j, it will be something else if companies don’t get their software supply chains in shape.
It has been reported that DeFi protocol Ankr, which called itself the first ‘node-as-a-service’ platform, has suffered a multi-million dollar exploit due to a bug in its code that allowed for unlimited minting of its token. According to security research firm Peck Shield, the code behind the Anker contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without any sort of verification. This allowed the attacker to mint six quadrillions of the aBNBc token. Protocol DeFi A programming flaw in Anker, which dubbed itself the first “node-as-a-service” platform. Which allowed for the unrestricted creation of its…
TrustCor System was no longer supported by Mozilla and Microsoft as a result of a Washington Post article that exposed the company’s connections to spyware-focused government contractors. Following negotiations that lasted weeks, Firefox and Microsoft have decided to stop trusting. TrustCor Networks’ certificates have also deleted the organization from its own root certificate repositories. The actions were taken as a result of a Washington Post article that was released this month and exposed. TrustCor’s apparent linkages to Network Forensics, a company that sells malware. And other companies with connections to American intel agencies. However, following an examination of the evidence…
Threat actors are seeking to capitalize on or gain interest in their cause with assaults meant to draw unwitting people who may be more preoccupied with supporting their favorite teams than cybersecurity as the sporting world turns its attention to Doha for the FIFA World Cup in 2022. According to a recent analysis from contextual artificial intelligence company CloudSEK. Which examines the numerous dangers intended for fans and organizations with World Cup-themed assaults and strategies. According to the data, there were 100 million and 2.3 million attacks per day. The Tournament and the Paralympics in 2018, respectively. A photograph of…
A suspected cyber assault has taken down the Vatican website. Just days before Pope Francis received criticism from Moscow for his most recent denunciation of Russia’s annexation of Ukraine. The Vatican website, which hosts prayers, correspondence. Pope pronouncements, was knocked offline on Wednesday. On Thursday morning, several sections of the website were still offline and giving users an error message. The assault happened after Pope Francis made it seem like Russia was to blame for the war in Ukraine. His earlier comments on the conflict were more subdued. At this time, it is unclear who was responsible for the alleged…
According to the business, another security breach directly related to the one that happened in August has affected password manager LastPass. According to a blog post by LastPass CEO Karim Toubba, “An unauthorized entity was able to acquire access to some pieces of our client’s information using information gained in the August 2022 event.” With the help of LastPass, users can safely create and remember passwords across many devices, save digital documents, and share all with trusted contacts. The goal of LastPass’ zero knowledge strategy is to prevent LastPass from having access to a customer’s master password. According to Toubba,…
Following reports that banks may be leaving customers vulnerable to fraudulent spoofing attempts, I wanted to share commentary from Fabien Rech, SVP EMEA at Trellix, which demonstrates how financial services companies can defend against cyberattacks by bolstering their security. He discusses: