BACKGROUND: Right now there are some very critical VMware vulnerabilities that are ripe for exploitation and have some serious implications for anyone using vCenter. In light of this news, please see a comment from cybersecurity expert.
ISBuzz Team
BACKGROUND: It has been reported that CISA sent out an advisory yesterday, centered around the Conti ransomware, providing detailed information for the cybersecurity community about the ransomware group and its affiliates. Both CISA and the FBI said they have seen more than 400 attacks involving Conti’s ransomware targeting US organisations as well as international enterprises. The FBI has previously implicated Conti in attacks on at least 290 organisations in the US. CISA offered a technical breakdown on how the ransomware group’s operators typically function and what steps organisations can take to mitigate potential attacks. CISA noted that while Conti operates a ransomware-as-a-service model, they do so…
BACKGROUND: Last night Channel 4 reported on how MPs launch attack on Google and Facebook for failing to tackle online fraud “MPs have launched a blistering attack on the social media giant Google for failing to tackle online fraud. A member of the Treasury Select Committee accused Google of profiting from advertising fraud. Google says it’s doing everything it can to stem the problems. But today the banking industry warned fraud was a threat to national security”.
17 of the top 20 UK universities fail to actively block fraudulent emails from reaching recipients Proofpoint, Inc. a leading cyber security and compliance company, today released research identifying that only 15 percent of the UK’s top 20 universities have implemented the recommended and strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, which prevents cybercriminals from spoofing their identity and reduces the risk of email fraud. Worryingly, this leaves students, staff and suppliers open to email fraud from 85 percent of the UK’s top universities. With a record number of new students set to attend university this autumn, combined…
BACKGROUND: The British Ministry of Defense shared email addresses and PII on more than 260 Afghan interpreters in a bulk email that was sent out to people trying to relocate to the UK. The list included people still in Afghanistan as well as some that had been able to flee the country. Former Defense Minister Johnny Mercer told BBC Radio: “The reality is we’ve left the vast, vast majority of our interpreters behind so this is going to have a profound impact on people who are still in the country.” Mr. Wallace revealed to the Daily Mail that the UK “has…
BACKGROUND: CityAM report rising UK fraud levels branded a ‘national threat’ by banks. Financial fraud rose by 30 per cent in the first half of 2021 resulting in losses of over £750m, according to the latest fraud report by banking trade body UK Finance, published this morning. Authorised push payment fraud, where consumers were unwittingly scammed into approving a payment into a criminally-controlled account, increased 71 per cent during the first half of 2021 compared to the same period last year. Over £350m was lost to these types of fraud across over 100,000 cases.
The US Treasury Department has announced a crackdown on the use of digital currencies in ransomware attacks and other financial crimes, including its first-ever sanctions against a crypto exchange.
BACKGROUND: BBC are reporting on this morning that NFT-based fantasy football card firm raises $680m. The BBC do report on NFT worries: “NFTs are also controversial. Depending on the technology used, maintaining a blockchain requires considerable computing power with a sizeable carbon footprint. As in traditional investing, financial impropriety and crime are a risk, but the protections for consumers are generally less robust. There are also concerns about a lack of regulation. Recently OpenSea, the largest digital collectable marketplace, revealed an employee used inside knowledge to buy NFTs before they were promoted on the website. Insider trading – where individuals…
BACKGROUND: This Google is rolling out a privacy-enhancing answer to all those forgotten and unused Android apps once granted access to your sensitive data. The unused apps will soon begin to automatically lose their permission to sensitive information and Google is planing to launch this featured called “permissions auto-reset” in December.
BACKGROUND: CloudSEK’s security search engine group, BeVigil is reporting Widespread Exposure of API Keys Imperils the Mobile App Ecosystem. They discuss the dangers of apps with API keys that are, pointing out that “hardcoded API keys are akin to locking your house but leaving the key in an envelope titled “do not open.” In an investigation of 13,000 apps recently uploaded to BeVigil for security review, 250 of them used the Razorpay API to enable financial transactions. Ten of these apps (~5%) were found to be exposing their payment integration key ID and key secret. If this finding holds true…